skipfish是一款免費、開源、Web應用程序安全檢測工具。skipfish主要特點:
- — 速度快:Skipfish完全由C編寫,高度優化的HTTP處理能力以及最低的CPU佔用,它每秒鐘可以輕鬆處理2000個請求;
- — 使用簡單:採用啓發式掃描技術,主持多種Web架構。具備自動學習能力,字典動態創建,表單自動完成等功能。
- — 前沿安全邏輯算法:性能高、誤報率低。
skipfish支持Linux, FreeBSD 7.0+, MacOS X, 和 Windows (Cygwin) 環境。工具更多信息及官方下載地址code.google.com
。
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Google Web application security scanning tool-skipfish (1.41 beta)
A fully automated, active web application security reconnaissance tool. Key features:
- High speed : pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets.
- Ease of use : heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
- Cutting-edge security logic : high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.
The tool is believed to support Linux, FreeBSD 7.0+, MacOS X, and Windows (Cygwin) environments.Download current version (1.41 beta)