Showing posts with label Skipfish. Show all posts
Showing posts with label Skipfish. Show all posts

Saturday, 6 August 2022

Skipfish

 Skipfish is a free, open-source Automated Penetration Testing tool available on GitHub made for security researchers.  Skipfish is used for information gathering and testing the security of websites and web servers. Skipfish is the easiest and one of the best tools for penetration testing. It provides many integrated tools to perform penetration testing on the target system.

This tool is also known as an active web application security reconnaissance tool. This tool functions and makes a map on the console of the targeted site using recursive crawl and dictionary-based probes. 

This tool gives us all the security checks that are active in the domain. Lastly, this tool generates a report which can be further used for security assessments.

Features and Uses of Skipfish tools :

  • Skipfish is Open source intelligence tool.
  • Skipfish can track enumeration.
  • Skipfish is a fully automated tool.
  • Skipfish has more than 15 modules that can be used for penetration testing.
  • Skipfish is used to scanning websites and web apps.
  • Skipfish is used to scan content management systems(CMS).
  • Skipfish can find vulnerabilities in CMS, eg. WordPress, Joomla, etc.
  • Skipfish has a large number of modules, such as metagoofil, wananga, etc.

Installation 

Step 1: 

To install the tool first move to desktop and then install the tool using the following command.

git clone https://gitlab.com/kalilinux/packages/skipfish.git

 Step 2: 

The tool has been downloaded into your kali Linux machine. Now move into the tool directory using the following command.

cd skipfish

ls

skipfish -h

 Step 3:

 Now you can see the help menu of the tool is running. You can use all the flags which are used with the tool. The tool has been downloaded and now we will see how to use it.

Usage

Example 1: Use skipfish tool to scan a WordPress website using its IP address.

skipfish -o 202 http://192.168.1.202/wordpress

This is the report of the tool. You can use this tool with your own target. You can use any domain of your own choice. 

Example 2: Use Skipfish tool to scan bodegeit

sudo skipfish -o SkipfishTEST http://192.168.225.37/bodgeit

You can see that the tool has given all information such as scan time, HTTP requests to host, compression size, TCP handshakes, etc. This is how you can also perform an operation on your own specified target.

Microsoft Thwarts Chinese Cyber Attack Targeting Western European Governments

  Microsoft on Tuesday   revealed   that it repelled a cyber attack staged by a Chinese nation-state actor targeting two dozen organizations...