$COMMENT: active web application security reconnaissance tool pkg/DESCR:
Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments. Key features: High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets. Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion. Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors. ---- I'd appreciate any feedback on this one. I'm working on porting several penetration testing tools to OpenBSD so this will be the first of many. I figure if you have feedback for me on this one, I can incorporate it into the others and not waste people's time. Thanks to @jggimi for his help in how I approach the mailing list. Thanks to Sebastian for the initial feedback on the port. ---- Questions? Comments? Thanks, Bryan
skipfish.tgz
Description: GNU Zip compressed data
