Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.


In previous tutorials on website hacking series, we look at how to gather information about the website, information gathering is not limited to that only there are other methods also you can try. skipfish comes preinstalled in Kali Linux you can type skipfhish in your terminal and it will start, to scan a website with skipfhish follow the steps below.




1.   open your terminal and type skipfish -h  and it will show you the help for the skipfish tool.

2.  Now we will keep everything same and try to scan a website with the following command 
    skipfish -o /root/demo/ http:/192.168.197.132/

-o for the location where scan result will be saved 
and website to be scanned (local for this tutorial)

Now it scans the website it could take some time depending on the website and its size. once the scanning is finished you will see an index.html file where you have saved the result, to open that file type the following command in terminal.
 firefox /root/demo/index.html


It will open your browser and show you the result of the scan, in the issue type section it will show you all the vulnerability found during the scan. you can click on any vulnerability and examine the result where the vulnerability exactly locate 

You can join our telegram channel for the latest update. You can follow us on Twitter and Instagram.
Share it If you like it