[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

announcing skipfish, an automated web app security scanner

To: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx, websecurity@xxxxxxxxxxxxx
Subject: announcing skipfish, an automated web app security scanner
From: Michal Zalewski <lcamtuf@xxxxxxxxxxx>
Date: Fri, 19 Mar 2010 10:51:27 -0700

Hi folks,

I am happy to announce the availability of skipfish - our open-source,
fully automated, active web application scanner. There are several
things that probably make it interesting:

1) High speed: pure C code, highly optimized HTTP handling, minimal
CPU footprint - easily achieving 2000 requests per second with
responsive targets.

2) Ease of use: heuristics to support a variety of quirky web
frameworks and mixed-technology sites, with automatic learning
capabilities, on-the-fly wordlist creation, and form autocompletion.

3) Cutting-edge security logic: high quality, low false positive,
differential security checks, capable of spotting a range of subtle
flaws, including blind injection vectors.

To download, please go to:
http://code.google.com/p/skipfish

Read more:
http://code.google.com/p/skipfish/wiki/SkipfishDoc

Cheers,
/mz

Prev by Date: Vulnerability Httpdx v1.5.3b
Next by Date: Aris AGX agXchange ESM Open Redirection Vulnerability
Previous by thread: Vulnerability Httpdx v1.5.3b
Next by thread: Aris AGX agXchange ESM Open Redirection Vulnerability
Index(es):
- Date
- Thread