hozarares Posted March 26, 2010 Report Posted March 26, 2010 Google released a new security tool Skipfish; a fully automated, active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.Skipfish key features : - High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets.- Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.- Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.The second version 1.1 beta have just been released few hours ago. Available for Linux, FreeBSD 7.0+, MacOS X, and Windows (via Cygwin); under terms and conditions of the Apache License, version 2.0.skipfish - Project Hosting on Google Code Quote
AlStar Posted March 27, 2010 Report Posted March 27, 2010 Postat deja de begood ( http://rstcenter.com/forum/21224-skipfish-automated-web-security-scanner.rst ) Era mai jos oleaca Quote
