SkipFish
Fast and Intelligent Web Application Reconnaissance Tool
In the field of web application security, Skipfish is recognized as a high-performance, active reconnaissance tool designed to aid in the early stages of security assessments. Developed by Google, Skipfish focuses on speed, efficiency, and accuracy, offering a streamlined approach to discovering security flaws in web applications.
First time seeing this?
What Is Skipfish?
Skipfish performs active reconnaissance by recursively crawling a target web application and using a dictionary-based probing technique. During this process, it constructs a comprehensive interactive sitemap of the application, which is enriched with results from a range of security checks. These checks are designed to be thorough yet minimally disruptive, making Skipfish safe for testing production environments, within reasonable limits.
The output is a detailed report that highlights potential vulnerabilities and anomalies, offering a valuable starting point for deeper manual analysis by security professionals.
Key Features
High-Speed Crawling: Skipfish is optimized for speed, capable of sending thousands of requests per second without overwhelming the target (with proper configuration).
Dictionary-Based Probing: It uses precompiled or user-supplied dictionaries to intelligently probe common input vectors and uncover weaknesses.
Interactive Sitemap Generation: Automatically builds a structured view of the application, mapping all discovered resources and endpoints.
Comprehensive Reporting: Generates detailed HTML reports summarizing potential vulnerabilities, input sanitization issues, SSL certificate anomalies, and more.
Minimal Setup: Skipfish is a self-contained binary and doesn’t require complex configurations or external dependencies.
Requirements and Platform Support
Skipfish is written in C and is designed to be lightweight and portable. Its main requirements and supported platforms include:
Operating Systems:
Linux (most distros)
macOS
Windows (via WSL or Cygwin)
Dependencies: Requires a basic C compiler (e.g., GCC) for building from source, although precompiled binaries are also available.
Resource Use: Very efficient, with low memory usage and high throughput, making it suitable even for constrained environments.
Designed for Real-World Security Reconnaissance
Skipfish was built with professional security assessments in mind. Its design philosophy centers on balancing speed with accuracy, providing quick insights that can guide deeper penetration testing. It's ideal for initial scans and spotting low-hanging fruit like:
Cross-site scripting (XSS)
SQL injection
SSL/TLS configuration flaws
Directory traversal
Authentication and session handling issues
Use Cases
Pre-assessment reconnaissance in penetration testing
Quick web app vulnerability scanning in CI/CD workflows
Training and demonstrations of reconnaissance techniques
Testing internal web applications for known misconfigurations
Conclusion
Skipfish remains a highly effective and respected tool for initial web application reconnaissance and vulnerability discovery. With its blazing-fast scanning capabilities, clear reporting, and minimal setup requirements, it’s a practical asset for security professionals, bug bounty hunters, and anyone involved in web application hardening.