Downloading and Installing Skipfish
The first thing that you should do is download the latest version of Skipfish here: http://code.google.com/p/skipfish/downloads/list
As of the time this tutorial has been written, the latest version is Skipfish-1.84b. Click “skipfish-1.84b” and then copy the SHA1 checksum to a text file, you will need this later. Click the link to proceed with the download.
It will be downloaded normally to your Ubuntu downloads folder. Cut and paste the downloaded package (skipfish-1.84b.tgz) to your Ubuntu Desktop.
Launch terminal then go to your Desktop:
Then confirm the SHA1 checksum of the download package as follows (italicized):
Compare the resulting SHA1 checksum with the SHA1 checksum provided on the download page which you copied earlier. It should match.
To install Skipfish follow the detailed steps below:
1.) Right click on the skipfish-1.84b.tgz at the Desktop then click “Extract here”. This will extract the package to the Desktop.
2.) Then at the Linux terminal (assuming you are in the Desktop directory):
Go inside the extracted Skipfish directory:
3.) Compile by running the make command:
If there are no problems during the compilation, you should see the output below:
4.) Copy and configure Skipfish dictionaries
Skipfish dictionary allows you to let the application scan for vulnerabilities in different possible targeted destinations. According to Skipfish developer, this is critical in getting good results out of the scan.
It is highly recommended to read the “README-FIRST” file inside the dictionaries folder to determine what type of dictionary is appropriate for your implementation. As a start if your website application is small, you can use the complete.wl dictionary.
To implement this, copy complete.wl to skipfish.wl. Details:
5.) Create an output folder inside Skipfish directory:
You need to create an output folder where Skipfish place the output results of the scan. Launch terminal and go inside the Skipfish directory, then create a folder named as outputresults :
After completing the configuration on Skipfish dictionary and creation of output results folder, you are now ready to use Skipfish.
blog comments powered by Disqus