skipfish

fully automated, active web application security reconnaissance tool

Install

All systems
curl cmd.cat/skipfish.sh
Debian Debian
apt-get install skipfish
Ubuntu
apt-get install skipfish
image/svg+xml Kali Linux
apt-get install skipfish
Fedora
dnf install skipfish
Windows (WSL2)
sudo apt-get update sudo apt-get install skipfish
OS X
brew install skipfish
Raspbian
apt-get install skipfish

skipfish

fully automated, active web application security reconnaissance tool

Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.