背景：

skipfish是google开源的一个web黑盒扫描器，它能够递归爬取一个网站的请求，然后对请求进行针对性的自动化安全测试，然后生成扫描报表。它的优势是“高性能”、“易用性”。覆盖的漏洞类型有77种，在高危及严重漏洞中，不能发现存储型xss、越权（敏感信息泄漏）、文件上传漏洞（getshell）、弱口令等。

参考资料：

1、《google开源web安全扫描工具skipfish简介》http://blog.csdn.net/jincm13/article/details/46534325

2、《skipfish试用》http://blog.chinaunix.net/uid-20548989-id-1667520.html

3、skipfish覆盖的漏洞类型如下：

* High risk flaws (potentially leading to system compromise):

* Server-side query injection (including blind vectors, numerical parameters).

* Explicit SQL-like syntax in GET or POST parameters.

* Server-side shell command injection (including blind vectors).

* Server-side XML / XPath injection (including blind vectors).

* Format string vulnerabilities.

* Integer overflow vulnerabilities.

* Locations accepting HTTP PUT.

* Medium risk flaws (potentially leading to data compromise):

* Stored and reflected XSS vectors in document body (minimal JS XSS support).

* Stored and reflected XSS vectors via HTTP redirects.

* Stored and reflected XSS vectors via HTTP header splitting.

* Directory traversal / LFI / RFI (including constrained vectors).

* Assorted file POIs (server-side sources, configs, etc).

* Attacker-supplied script and CSS inclusion vectors (stored and reflected).

* External untrusted script and CSS inclusion vectors.

* Mixed content problems on script and CSS resources (optional).

* Password forms submitting from or to non-SSL pages (optional).

* Incorrect or missing MIME types on renderables.

* Generic MIME types on renderables.

* Incorrect or missing charsets on renderables.

* Conflicting MIME / charset info on renderables.

* Bad caching directives on cookie setting responses.

* Low risk issues (limited impact or low specificity):

* Directory listing bypass vectors.

* Redirection to attacker-supplied URLs (stored and reflected).

* Attacker-supplied embedded content (stored and reflected).

* External untrusted embedded content.

* Mixed content on non-scriptable subresources (optional).

* HTTPS -> HTTP submission of HTML forms (optional).

* HTTP credentials in URLs.

* Expired or not-yet-valid SSL certificates.

* HTML forms with no XSRF protection.

* Self-signed SSL certificates.

* SSL certificate host name mismatches.

* Bad caching directives on less sensitive content.

* Internal warnings:

* Failed resource fetch attempts.

* Exceeded crawl limits.

* Failed 404 behavior checks.

* IPS filtering detected.

* Unexpected response variations.

* Seemingly misclassified crawl nodes.

* Non-specific informational entries:

* General SSL certificate information.

* Significantly changing HTTP cookies.

* Changing Server, Via, or X-... headers.

* New 404 signatures.

* Resources that cannot be accessed.

* Resources requiring HTTP authentication.

* Broken links.

* Server errors.

* All external links not classified otherwise (optional).

* All external e-mails (optional).

* All external URL redirectors (optional).

* Links to unknown protocols.

* Form fields that could not be autocompleted.

* Password entry forms (for external brute-force).

* File upload forms.

* Other HTML forms (not classified otherwise).

* Numerical file names (for external brute-force).

* User-supplied links otherwise rendered on a page.

* Incorrect or missing MIME type on less significant content.

* Generic MIME type on less significant content.

* Incorrect or missing charset on less significant content.

* Conflicting MIME / charset information on less significant content.

* OGNL-like parameter passing conventions.

Along with a list of identified issues, skipfish also provides summary

overviews of document types and issue types found; and an interactive sitemap, with nodes discovered through brute-force denoted in a distinctive way.

NOTE: As a conscious design decision, skipfish will not redundantly complain

about highly non-specific issues, including but not limited to:

* Non-httponly or non-secure cookies,

* Non-HTTPS or autocomplete-enabled forms,

* HTML comments detected on a page,

* Filesystem path disclosure in error messages,

* Server of framework version disclosure,

* Servers supporting TRACE or OPTIONS requests,

* Mere presence of certain technologies, such as WebDAV.

skipfish：google的开源web黑盒扫描工具

背景：

同类应用对比：

参考资料：

你可能感兴趣的:(skipfish：google的开源web黑盒扫描工具)