5832e3c6bf
security testing tool. It features a single-threaded multiplexing HTTP stack, heuristic detection of obscure Web frameworks, and advanced, differential security checks capable of detecting blind injection vulnerabilities, stored XSS, and so forth. PR: ports/144942 Submitted by: Ryan Steinmetz <rpsfa@rit.edu> Approved by: itetcu (mentor) WWW: http://code.google.com/p/skipfish/
16 lines
667 B
Text
16 lines
667 B
Text
A fully automated, active web application security reconnaissance
|
|
tool. Key features:
|
|
|
|
* High speed: pure C code, highly optimized HTTP handling, minimal
|
|
CPU footprint - easily achieving 2000 requests per second with
|
|
responsive targets.
|
|
|
|
* Ease of use: heuristics to support a variety of quirky web
|
|
frameworks and mixed-technology sites, with automatic learning
|
|
capabilities, on-the-fly wordlist creation, and form autocompletion.
|
|
|
|
* Cutting-edge security logic: high quality, low false positive,
|
|
differential security checks, capable of spotting a range of subtle
|
|
flaws, including blind injection vectors.
|
|
|
|
WWW: http://code.google.com/p/skipfish
|