Skipfish – New Web Security Scanner By Google !

Google's New Web Security Vulnerability Scanner On Mar 19, on Friday morning, Michal Zalewski announced on Google Security Blog : "Meet skipfish, our automated web security scanner" and this had to be taken seriously.

Recently I've seen a lot  of free  "web malware scanners", some of them released by prestigious security vendors , *cough* Qualys *cough* and some of them released by unknown -to me at least – developers of WP-Secure Plugin for WordPress  SiteSecurityMonitor.com .

Google developers took a different approach and they built an ol' school console application written in pure C which is lighting fast and thanks to it's asynchronous processing is able to inject hundreds of HTTP requests / second.

The source code is released under Apache license and it's available for download here.

I don't have a Linux box available right now to make it and test it myself but the documentation surely fires up your interest on the features implemented in skipfish: Server-side SQL injection, Integer overflow vulnerabilities, Stored and reflected XSS, MIME Manipulation, HTTP credentials in URLs, Unexpected response variations and many many others. 

We owe a big thanks to the Google security team and I hope skipfish will be developed further.



Thank you for reading this post. You can now Read Comment (1) or Leave A Trackback. Print This Post Print This Post

One Response to “Skipfish – New Web Security Scanner By Google !

  • 1
    anonymous
    May 26th, 2010 00:16

    WebCruiser – Web Vulnerability Scanner
    WebCruiser – Web Vulnerability Scanner, a compact but powerful web security scanning tool! It has a Crawler and a Vulnerability Scanner(SQL Injection, Cross Site Scripting, XPath Injection etc. ).
    It can support scanning website as well as POC( Prooving of concept) for web vulnerabilities: SQL Injection, Cross Site Scripting, XPath Injection etc. So, WebCruiser is also an automatic SQL injection tool, a XPath injection tool, and a Cross Site Scripting tool!
    Function:
    * Crawler(Site Directories And Files);
    * Vulnerability Scanner(SQL Injection, Cross Site Scripting, XPath Injection etc.);
    * POC(Proof of Concept): SQL Injection, Cross Site Scripting, XPath Injection etc.;
    * GET/Post/Cookie Injection;
    * SQL Server: PlainText/Union/Blind Injection;
    * MySQL/DB2/Access: Union/Blind Injection;
    * Oracle: Union/Blind/CrossSite Injection;
    * Post Data Resend;
    * Administration Entrance Search;
    * Time Delay For Search Injection;
    * Auto Get Cookie From Web Browser For Authentication;
    * Report Output.
    http://sec4app.com


Subscribe without commenting


Leave a Reply

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.

CommentLuv badge