安全参透之旅第3章 Skipfish工具使用

--Skipfish工具


是一款Web应用安全侦查工具。skipfish会利用递归爬虫和基于字典的探针生成一副交互式网站地图。最终生成的地图会在通过安全检查后输出。


--选择 -o是输出路径的参数，-S是指定数据字典的只读状态（还有其他参数使用请查看系统中的man或 “-h”帮助文档）


root@kali:~/Desktop/dictionaries# skipfish -o /root/Desktop/Skipfishoutput -S '/usr/share/skipfish/dictionaries/complete.wl' http://www.thesecurityblogger.com


--选择continue继续执行


skipfish web application scanner - version 2.10b
Welcome to skipfish. Here are some useful tips:


1) To abort the scan at any time, press Ctrl-C. A partial report will be written
   to the specified location. To view a list of currently scanned URLs, you can
   press space at any time during the scan.


2) Watch the number requests per second shown on the main screen. If this figure
   drops below 100-200, the scan will likely take a very long time.


3) The scanner does not auto-lim