Get in Touch

Skipfish Full Tutorial | Update 2024

Introduction

In this post, You will learn what is skipfish and how does it work and it’s going to a comprehensive tutorial on skipfish.

Below is the video format of the post, Do check that out 👇🏾

Video

What is skipfish❓

Skipfish is an active web application security reconnaissance tool. It is designed to act like a web server and then perform automated attacks to find vulnerabilities in the server.

Such as cross-site scripting (XSS), SQL injection, and file inclusion vulnerabilities. It can quickly crawl and analyze a web server and identify potential vulnerabilities.

In simple the skipfish is a bug-hunting tool.

Advertisement

Skipfish Features

  1. Find Vulnerabilities
  2. Filters the level of severity
  3. Interpreter
  4. Brute force HTTP authentication

How to use Skipfish

Before you learn how to use skipfish, Join my discord server and let’s learn hacking together. If you have doubts comment down below or watch the youtube video.

Discord: https://discord.gg/uekQW7RQZ8

Default Scan

To run a default scan, You can use the below syntax. This tool can scan bot the online domain and localhost sites. 

skipfish -o <file name> <target>
skipfish -o meta1 http://192.168.64.93

The -o is a must-enter syntax to specify the directory or file. Now the scan results will be saved in the file meta1.

We can open the result in firefox.

View Result

To view the result go to the specific directory you have mentioned and enter the below command, To view the result in a web browser. 

firefox index.html

Duration Scanning

This is basically scanning a target for a particular time and exit after the given time.

Time will be mentioned like hours:min:sec 

skipfish -o <file name> -k 0:0:10 <target>
skipfish -o meta12 -k 0:0:10 http://192.168.64.93

HTTP Authentication

Basically, we are doing brute force, Yeah HTTP auth. We just add -A and the username and pass. 

skipfish -o <file name> -A user:pass <target>
skipfish -o metasploitable -A msfadmin:msfadmin http://192.168.64.93

Conclusion

Finally, this is another great tool for web bug bounty, Yep give a try on this tool. Check the video format of the post.

Also Read: What is commix and how it works

You may also like