安全参透之旅第3章 Skipfish工具使用

--Skipfish工具


是一款Web应用安全侦查工具。skipfish会利用递归爬虫和基于字典的探针生成一副交互式网站地图。最终生成的地图会在通过安全检查后输出。


--选择 -o是输出路径的参数，-S是指定数据字典的只读状态（还有其他参数使用请查看系统中的man或 “-h”帮助文档）


root@kali:~/Desktop/dictionaries# skipfish -o /root/Desktop/Skipfishoutput -S '/usr/share/skipfish/dictionaries/complete.wl' http://www.thesecurityblogger.com


--选择continue继续执行


skipfish web application scanner - version 2.10b
Welcome to skipfish. Here are some useful tips:


1) To abort the scan at any time, press Ctrl-C. A partial report will be written
   to the specified location. To view a list of currently scanned URLs, you can
   press space at any time during the scan.


2) Watch the number requests per second shown on the main screen. If this figure
   drops below 100-200, the scan will likely take a very long time.


3) The scanner does not auto-limit the scope of the scan; on complex sites, you
   may need to specify locations to exclude, or limit brute-force steps.


4) There are several new releases of the scanner every month. If you run into
   trouble, check for a newer version first, let the author know next.


More info: http://code.google.com/p/skipfish/wiki/KnownIssues


NOTE: The scanner is currently configured for directory brute-force attacks,
and will make about 241435 requests per every fuzzable location. If this is
not what you wanted, stop now and consult the documentation.                                                        


Press any key to continue (or wait 60 seconds)...        
skipfish version 2.10b by lcamtuf@google.com




--开始web安全侦查信息。
  - www.thesecurityblogger.com -


Scan statistics:


      Scan time : 0:02:24.490
  HTTP requests : 476 (4.4/s), 366 kB in, 120 kB out (3.4 kB/s)  
    Compression : 267 kB in, 980 kB out (57.2% gain)    
    HTTP faults : 74 net errors, 0 proto errors, 0 retried, 0 drops
 TCP handshakes : 467 total (3.5 req/conn)  
     TCP faults : 0 failures, 74 timeouts, 0 purged
 External links : 54 skipped
   Reqs pending : 1179        


Database statistics:


         Pivots : 369 total, 1 done (0.27%)    
    In progress : 367 pending, 1 init, 0 attacks, 0 dict    
  Missing nodes : 0 spotted
     Node types : 1 serv, 235 dir, 39 file, 0 pinfo, 48 unkn, 46 par, 0 val
   Issues found : 6 info, 1 warn, 1 low, 5 medium, 0 high impact
      Dict size : 2412 words (197 new), 110 extensions, 256 candidates
     Signatures : 77 total


--选择Ctrl+C 来结束扫描，结束输出文件放在/root/Desktop/Skipfishoutput/


        
[!] Scan aborted by user, bailing out!
[+] Copying static resources...
[+] Sorting and annotating crawl nodes: 369
[+] Looking for duplicate entries: 369
[+] Counting unique nodes: 369
[+] Saving pivot data for third-party tools...
[+] Writing scan description...
[+] Writing crawl tree: 369
[+] Generating summary views...
[+] Report saved to '/root/Desktop/Skipfishoutput/index.html' [0xa83556b0].

[+] This was a great day for science!

Medium risk - data compromise External content embedded on a page (higher risk) (5)
中等风险-数据妥协 (高风险) 的网页中嵌入的外部内容 (5)
Low risk or low specificity HTML form with no apparent XSRF protection (1)
低风险或低特异性与没有明显的 XSRF 保护 (1) 的 HTML 表单
Internal warning Resource fetch failed (1)
内部警告资源读取失败 (1)
Informational note Unknown form field (can't autocomplete) (1)
信息说明未知的表单字段 (不能自动完成) (1)