WEB安全扫软件：Skipfish

转自 Linux折腾笔记

相比Nikto和Nessus等其他开源扫描工具，虽然有相似的功能，但skipfish通过HTTP协议处理且占用较低的CPU资

源，因此它的运行速度比较快。

#skipfish -o /root/Desktop/FUCK -L -Y -W- http://www.******.com/xxx/

skipfish version 2.10b by lcamtuf@google.com

  - www.******.com -

Scan statistics:

      Scan time : 0:01:37.359

  HTTP requests : 342 (3.5/s), 194 kB in, 103 kB out (3.1 kB/s)  

    Compression : 0 kB in, 0 kB out (0.0% gain)    

    HTTP faults : 293 net errors, 0 proto errors, 15 retried, 165 drops

 TCP handshakes : 320 total (1.1 req/conn)  

     TCP faults : 0 failures, 1 timeouts, 0 purged

 External links : 741 skipped

   Reqs pending : 0         

Database statistics:

         Pivots : 404 total, 397 done (98.27%)    

    In progress : 0 pending, 0 init, 7 attacks, 0 dict       

  Missing nodes : 2 spotted

     Node types : 1 serv, 36 dir, 1 file, 1 pinfo, 351 unkn, 14 par, 0 val

   Issues found : 27 info, 408 warn, 59 low, 6 medium, 0 high impact

      Dict size : 0 words (0 new), 0 extensions, 0 candidates

     Signatures : 77 total

        

[+] Copying static resources...

[+] Sorting and annotating crawl nodes: 404

[+] Looking for duplicate entries: 404

[+] Counting unique nodes: 51

[+] Saving pivot data for third-party tools...

[+] Writing scan description...

[+] Writing crawl tree: 404

[+] Generating summary views...

[+] Report saved to '/root/Desktop/FUCK/index.html' [0x3e4b720a].

[+] This was a great day for science!