In this post, You will learn what is skipfish and how does it work and it’s going to a comprehensive tutorial on skipfish.
Below is the video format of the post, Do check that out 👇🏾
What is skipfish❓
Skipfish is an active web application security reconnaissance tool. It is designed to act like a web server and then perform automated attacks to find vulnerabilities in the server.
Such as cross-site scripting (XSS), SQL injection, and file inclusion vulnerabilities. It can quickly crawl and analyze a web server and identify potential vulnerabilities.
In simple the skipfish is a bug-hunting tool.
- Find Vulnerabilities
- Filters the level of severity
- Brute force HTTP authentication
How to use Skipfish
Before you learn how to use skipfish, Join my discord server and let’s learn hacking together. If you have doubts comment down below or watch the youtube video.
To run a default scan, You can use the below syntax. This tool can scan bot the online domain and localhost sites.
skipfish -o <file name> <target> skipfish -o meta1 http://192.168.64.93
The -o is a must-enter syntax to specify the directory or file. Now the scan results will be saved in the file meta1.
We can open the result in firefox.
To view the result go to the specific directory you have mentioned and enter the below command, To view the result in a web browser.
This is basically scanning a target for a particular time and exit after the given time.
Time will be mentioned like hours:min:sec
skipfish -o <file name> -k 0:0:10 <target> skipfish -o meta12 -k 0:0:10 http://192.168.64.93
Basically, we are doing brute force, Yeah HTTP auth. We just add -A and the username and pass.
skipfish -o <file name> -A user:pass <target> skipfish -o metasploitable -A msfadmin:msfadmin http://192.168.64.93
Finally, this is another great tool for web bug bounty, Yep give a try on this tool. Check the video format of the post.
Also Read: What is commix and how it works