Skipfish is a new security scanning tool from Google that tries to find vulnerabilities in your webserver.
It can be installed either locally or on your webserver.
The easiest place to install Skipfish is on Linux, so I’ll go over installing it on Ubuntu.
Requirements for Skipfish
You need the following software installed in order to install Skipfish:
- GNU C Compiler
- GNU Make
- GNU C Library (including development headers)
- zlib (including development headers)
- OpenSSL (including development headers)
- libidn (including development headers)
The first three are installed by default on Ubuntu. In case they’re not install them with this command in a terminal:
sudo apt-get install gcc make libc6 libc6-dev
To install the last three requirements, enter this command:
sudo apt-get install libssl-dev zlib1g-dev libidn11
Building Skipfish
Download Skipfish
Download the latest version of Skipfish from here:
http://code.google.com/p/skipfish/downloads/list
The current version (as of this writing) was 1.27b [LINK].
Save the file someplace, and then either right-click on it in the file manager and choose “Extract here“.
Or go to the directory where you saved it and enter this:
tar xzf skipfish-1.27b.tgzSetting Paths
You may or may not need this step, but this will set the paths for header files and library files:
export CFLAGS="-I/usr/include/" export LDFLAGS="-L/usr/lib/ssl/engines -L/usr/lib/ -L/usr/lib/ssl/"
Compiling Skipfish
Next, compile Skipfish. Enter the directory that was extracted earlier, and use “make” to start the build process:
cd skipfish nice make
Note: nice prevents make from monopolizing your system’s CPU.
Here’s the result:
cc -L/usr/lib/ssl/engines -L/usr/lib/ -L/usr/lib/ssl/ -L/usr/local/lib/ -L/opt/local/lib skipfish.c -o skipfish -O3 -Wno-format -Wall -funsigned-char -g -ggdb -I/usr/local/include/ -I/opt/local/include/ -I/usr/include/ -D_FORTIFY_SOURCE=0 \ http_client.c database.c crawler.c analysis.c report.c -lcrypto -lssl -lidn -lz See dictionaries/README-FIRST to pick a dictionary for the tool. Having problems with your scans? Be sure to visit: http://code.google.com/p/skipfish/wiki/KnownIssues
After you do this, there should be an executable file named “skipfish” in the current directory. If not, or if there was an error, you probably are missing a requirement or a path is incorrectly specified.
Using Skipfish
This is just a basic introduction.
In the “skipfish” directory, enter these commands:
touch dictionaries/empty.wl ln -s dictionaries/empty.wl skipfish.wl mkdir ../out ./skipfish -o ../out/ http://example.com
This creates a blank wordlist file, and an output directory, and then launches Skipfish to scan the specified webserver. (Replace example.com with your webserver address. Make sure you have permission to scan that address.)
Hit Ctrl+c to stop the scan.
Then view the result with Firefox (not Safari or Chrome):
firefox ../out/index.html
I’ll have a separate post on using Skipfish, along with screenshots.
Resources
If you liked this article
If you liked this article, don’t forget to subscribe for updates!
Get updates by RSS (What’s RSS?)
Follow me on Twitter
![[del.icio.us]](http://digitivity.org/blog/wp-content/plugins/bookmarkify/delicious.png)
![[Digg]](http://digitivity.org/blog/wp-content/plugins/bookmarkify/digg.png)
![[dzone]](http://digitivity.org/blog/wp-content/plugins/bookmarkify/dzone.png)
![[Facebook]](http://digitivity.org/blog/wp-content/plugins/bookmarkify/facebook.png)
![[LinkedIn]](http://digitivity.org/blog/wp-content/plugins/bookmarkify/linkedin.png)
![[Reddit]](http://digitivity.org/blog/wp-content/plugins/bookmarkify/reddit.png)
![[Slashdot]](http://digitivity.org/blog/wp-content/plugins/bookmarkify/slashdot.png)
![[StumbleUpon]](http://digitivity.org/blog/wp-content/plugins/bookmarkify/stumbleupon.png)
![[Technorati]](http://digitivity.org/blog/wp-content/plugins/bookmarkify/technorati.png)
![[Twitter]](http://digitivity.org/blog/wp-content/plugins/bookmarkify/twitter.png)
![[Yahoo!]](http://digitivity.org/blog/wp-content/plugins/bookmarkify/yahoo.png)
![[Email]](http://digitivity.org/blog/wp-content/plugins/bookmarkify/email.png)
Top Incoming Search Terms
"leave a reply" site:http://digitivity.org/ build skipfish building skipfish cache:0jf5kwtwalcj:www.redspin.com/blog/2010/03/19/installing-google-skipfish-on-ubuntudebian/ skipfish dependencies cache:lrtavxsu7_kj:digitivity.org/939/google-releases-skipfish-automatic-website-blog-security-scanning-tool run skipfish windows cara menginstall skipfish scanner compilar skipfish compilar skipfish en linux compilation skipfish ubuntu compile skipfish compile skipfish in ubuntu compile skipfish backtrack compile skipfish liblin compile skipfish ubuntu compiling skipfish compiling skipfish fedora creativewebsolutions.co.in free download skipfish for linux google skipfish google skipfish download how to compile skipfish how to compile ubuntu example -kernel how to install dictionary on ubuntu 10.10 how to install skipfish how to install skipfish + linux how to install skipfish in ubuntu how to install skipfish on ubuntu how to install skipfish on windows how to run skipfish in ubuntu how to run skipfish on ubuntu linux how to skipfish how to use skipfish how to use skipfish linux howto skipfish http://digitivity.org/943/how-to-install-google-skipfish-on-ubuntu-linux http://nicusor.com/do-follow-list/ http://www.animalpeoplenews.org/07/11/spcainternationaldebut11_07.html install skipfish install skipfish ubntu install skipfish on ubuntu install skipfish ubuntu install ubuntu skipfish installation skipfish ubuntu installing skipfish installing skipfish in unix installing skipfish on ubunut installing skipfish windows intallé skipfish sur ubuntu make skipfish make skipfish ubuntu make: *** [skipfish] problem compiling skipfish problem installing skipfish problems building skipfish scan with skipfish setup skipfish site:digitivity.org site:http://digitivity.org computer site:http://digitivity.org executable site:http://digitivity.org install site:http://digitivity.org intitle:~computer site:http://digitivity.org/ site:http://digitivity.org/ -"older comments" site:http://digitivity.org/ virus site:http://digitivity.org/943/how-to-install-google-skipfish-on-ubuntu-linux linux or "<script>alert('hi');</script>" skipfish skipfish +"empty report" skipfish + touch skipfish + linux skipfish -x example skipfish 1.27 installeren skipfish build skipfish build ubuntu skipfish command skipfish compilado skipfish compilar windows skipfish compilation termination skipfish compile skipfish compile http_client skipfish compile on ubuntu skipfish compile ubuntu skipfish compiled for windows skipfish compiling backtrack skipfish empty report skipfish error skipfish example skipfish example.com skipfish executable skipfish faq skipfish google skipfish how to skipfish how to install in windows skipfish how to set dictionary skipfish howto skipfish in firefox skipfish install skipfish installation skipfish installation in linux skipfish linux help skipfish on linux server skipfish on ubuntu skipfish openssl make skipfish report is empty skipfish ssl skipfish terminal install skipfish tutorial skipfish ubuntu skipfish ubuntu 9 skipfish ubuntu compile skipfish windows library skipfish windows linux skipfish.wl example skipfish@example.com spinningcomposters.com stop skipfish scan ubuntu 10.10 skipfish compiling problem ubuntu how to install skipfish ubuntu install libidn ubuntu libidn installing ubuntu libidn skipfish ubuntu make skipfish ubuntu skipfish ubuntu skipfish linux install using skipfish www.mangliks.com www.nommo.siRelated posts:
- Google Releases Skipfish Automatic Website Security Scanning Tool Google released a free website scanning tool called Skipfish. Skipfish...
- How to Install Google Chromium on Ubuntu Chromium is the open-source version of the Google Chrome web...
- Creating a Database in MySQL with MySQL Query Browser on Ubuntu Linux A handy tool to manipulate MySQL is the MySQL MySQL...
- Distrowatch: Real Linux Stats by OS You've heard of Distrowatch, right? It's the #1 site for...
- Enabling Ctrl+Alt+Backspace to Kill X in Linux and Ubuntu GNOME Earlier this year, X.org made a boneheaded move to drop...
Explore related content: compile, Google, Linux, security, security scanner, Skipfish, Ubuntu
We’re a group of volunteers and starting a new scheme in our community. Your site offered us with valuable information to work on. You’ve done a formidable task and our whole neighborhood will probably be thankful to you.
Hello There. I found your blog the use of msn. That is a very neatly written article. I?ll make sure to bookmark it and return to read more of your helpful information. Thanks for the post. I will certainly comeback.
Thank you for some other informative website. Where else may just I get that kind of info written in such a perfect approach? I’ve a project that I am simply now working on, and I’ve been at the look out for such info.
Its such as you learn my thoughts! You seem to understand so much approximately this, such as you wrote the guide in it or something. I think that you could do with some p.c. to pressure the message house a little bit, but instead of that, that is magnificent blog. A great read. I will certainly be back.
buen articulo! la informaci�n que hay en la p�gina me ha servido de gran ayuda! Saludos y a�ado el blog a mis favoritos
Nice blog right here! Also your site loads up fast! What host are you the use of? Can I get your affiliate link to your host? I desire my site loaded up as fast as yours lol
I do agree with all of the ideas you’ve introduced for your post. They’re really convincing and will definitely work. Still, the posts are very short for newbies. May just you please prolong them a bit from subsequent time? Thanks for the post.
Wonderful site. Lots of helpful info here. I?m sending it to several buddies ans also sharing in delicious. And certainly, thank you for your sweat!
Normally I don’t learn article on blogs, but I wish to say that this write-up very pressured me to take a look at and do so! Your writing taste has been surprised me. Thank you, very great post.
I don’t like so many requirements.