How to Run Skipfish Using Ubuntu 10.04 Lucid Lynx to Test Your Website Security

When I first heard about Skipfish on a Matt Cutts’ presentation, I was quite excited about that nifty tool, as I was working on an e-commerce site on that time, where security was paramount. Also I wanted to have a good use of my newly updated  Ubuntu 10.04 Lucid Lynx- Linux machine.

 

So what is skipfish?

 

According to the Skipfish documentation page

Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes.

The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.

 

 

What do I need to use Skipfish

 

On a Linux computer you need the following software already installed

  • GNU C Compiler
  • GNU Make
  • GNU C Library*
  • zlib*
  • OpenSSL*
  • libidn*

*including development headers

The first thee should be already installed by default on your Ubuntu. If they are not, you can install them with this command:

sudo apt-get install gcc make libc6 libc6-dev

To install the last three requirements, enter this command in the terminal:

sudo apt-get install libssl-dev zlib1g-dev libidn11

 

Building Skipfish

 

Now lets download Skipfish

You can download the latest version of Skipfish from here:

http://code.google.com/p/skipfish/downloads/list

The current version (as of this writing) was 238kb [Click here for the link].

Save the file someplace, and then either right-click on it in the file manager and choose “Extract here”.

Or go to the directory where you saved it and enter this:

tar xzf skipfish-2.10b.tgz

Setting Paths

You may or may not need this step, but this will set the paths for header files and library files:

export CFLAGS=”-I/usr/include/”
export LDFLAGS=”-L/usr/lib/ssl/engines -L/usr/lib/ -L/usr/lib/ssl/”

Compiling Skipfish

Next, compile Skipfish. Enter the directory that was extracted earlier, and use “make” to start the build process:

cd skipfish-2.10b
nice make

Note: nice prevents make from monopolizing your system’s CPU.
Here’s the result:

cc -L/usr/lib/ssl/engines -L/usr/lib/ -L/usr/lib/ssl/ -L/usr/local/lib/ -L/opt/local/lib skipfish.c -o skipfish -O3 -Wno-format -Wall -funsigned-char -g -ggdb -I/usr/local/include/ -I/opt/local/include/ -I/usr/include/ -D_FORTIFY_SOURCE=0
http_client.c database.c crawler.c analysis.c report.c -lcrypto -lssl -lidn -lz

See dictionaries/README-FIRST to pick a dictionary for the tool.

Having problems with your scans? Have a look here:

http://code.google.com/p/skipfish/wiki/KnownIssues

After you do this, there should be an executable file named “skipfish” in the current directory. If not, or if there was an error, you probably are missing a requirement or a path is incorrectly specified.

Using Skipfish

This is just a basic introduction.

In the “skipfish” directory, enter these commands:

touch dictionaries/empty.wl
ln -s dictionaries/empty.wl skipfish.wl
mkdir ../out
./skipfish -o ../out/ http://example.com

This creates a blank wordlist file, and an output directory, and then launches Skipfish to scan the specified webserver. (Replace example.com with your webserver address. Make sure you have permission to scan that address.)
Hit Ctrl+c to stop the scan.

Then view the result with Firefox (not Safari or Chrome):

firefox ../out/index.html

 

Just a friendly advice, Don’t be evil!

Be careful where you use this tool, this is an extremely powerful crawler which can eat up any websites’ bandwidth overnight. 

Leave a Reply