Home arrow Security arrow Page 2 - Skipfish Website Vulnerability Scanner

How to Install Skipfish - Security

Security is by far the most important aspect that any webmaster should consider for long term website success. A lot of open source and commercial tools are available to scan your website for vulnerabilities. If you are looking for an efficient, powerful, fast and free tool, then you might need to give “Skipfish” a try.

TABLE OF CONTENTS:
  1. Skipfish Website Vulnerability Scanner
  2. How to Install Skipfish
  3. Run a Skipfish Scan on XAMPP
By: Codex-M
Rating: starstarstarstarstar / 4
March 23, 2011

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement


Downloading and Installing Skipfish

The first thing that you should do is download the latest version of Skipfish here: http://code.google.com/p/skipfish/downloads/list

As of the time this tutorial has been written, the latest version is Skipfish-1.84b. Click “skipfish-1.84b” and then copy the SHA1 checksum to a text file, you will need this later. Click the link to proceed with the download.

It will be downloaded normally to your Ubuntu downloads folder. Cut and paste the downloaded package (skipfish-1.84b.tgz) to your Ubuntu Desktop.

Launch terminal then go to your Desktop:

codex-m@codex-m-desktop:~$ cd Desktop

Then confirm the SHA1 checksum of the download package as follows (italicized):

codex-m@codex-m-desktop:~/Desktop$ sha1sum skipfish-1.84b.tgz

c5f3994029419f2915091cfe825414ad3f608432  skipfish-1.84b.tgz

Compare the resulting SHA1 checksum with the SHA1 checksum provided on the download page which you copied earlier. It should match.

To install Skipfish follow the detailed steps below:

1.) Right click on the skipfish-1.84b.tgz at the Desktop then click “Extract here”. This will extract the package to the Desktop.

2.) Then at the Linux terminal (assuming you are in the Desktop directory):

Go inside the extracted Skipfish directory:

codex-m@codex-m-desktop:~/Desktop$ cd skipfish-1.84b
codex-m@codex-m-desktop:~/Desktop/skipfish-1.84b$

3.) Compile by running the make command:

codex-m@codex-m-desktop:~/Desktop/skipfish-1.84b$ make

If there are no problems during the compilation, you should see the output below:

cc -L/usr/local/lib/ -L/opt/local/lib skipfish.c -o skipfish -O3 -Wno-format -Wall -funsigned-char -g -ggdb -I/usr/local/include/ -I/opt/local/include/  -DVERSION="1.84b" \
http_client.c database.c crawler.c analysis.c report.c -lcrypto -lssl -lidn -lz
See dictionaries/README-FIRST to pick a dictionary for the tool.
Having problems with your scans? Be sure to visit:
http://code.google.com/p/skipfish/wiki/KnownIssues

4.) Copy and configure Skipfish dictionaries

Skipfish dictionary allows you to let the application scan for vulnerabilities in different  possible targeted destinations. According to Skipfish developer, this is critical in getting good results out of the scan.

It is highly recommended to read the “README-FIRST” file inside the dictionaries folder to determine what type of dictionary is appropriate for your implementation. As a start if your website application is small, you can use the complete.wl dictionary.

To implement this, copy complete.wl to skipfish.wl. Details:

a.) Launch terminal
b.) In the command prompt, enter: cp dictionaries/complete.wl skipfish.wl

codex-m@codex-m-desktop:~/Desktop/skipfish-1.84b$ cp dictionaries/complete.wl skipfish.wl

5.) Create an output folder inside Skipfish directory:

You need to create an output folder where Skipfish place the output results of the scan. Launch terminal and go inside the Skipfish directory, then create a folder named as outputresults :

codex-m@codex-m-desktop:~/Desktop/skipfish-1.84b$ mkdir outputresults

After completing the configuration on Skipfish dictionary and creation of output results folder, you are now ready to use Skipfish.



 
 
>>> More Security Articles          >>> More By Codex-M
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

SECURITY ARTICLES

- Secure Your Business for Data Privacy Day
- Google Testing Security Fob Password Alterna...
- Security News Highlights Concerns
- Going to Extremes for Data Security
- Skipfish Website Vulnerability Scanner
- Critical Microsoft Visual Studio Security Pa...
- US Faces Tech Security Expert Deficit
- LAN Reconnaissance
- An Epilogue to Cryptography
- A Sequel to Cryptography
- An Introduction to Cryptography
- Security Overview
- Network Security Assessment
- Firewalls
- What’s behind the curtain? Part II

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: