Shortinfosec has compiled skipfish v1.11b on windows.
UPDATE: Seeing that skipfish releases are changing twice a day, I am starting a persistent post on my blog to publish the latest versions of skipfish compiled for Windows.
Here is the link to the post for future versions
http://www.shortinfosec.net/2010/03/compiling-latest-skipfish-for-windows.html
You can download compiled skipfish-1.11b for Windows here
Verification sum:
skipfish-1.1b.zip MD5: 6D97FBCB65CAF57A7D74E99C0671AEDA
In order to run it, just unzip the archive – it contains the cygwin run-time libraries needed for running skipfish.
If you wish to compile skipfish yourself, you need to install cygwin and compile it with make. Do not forget to update your path variable to include c:\cygwin\bin.
Quickstart
To run it, start a command line in the directory where skipfish is unzipped/compiled
- create a report directory (report_outdir)
- type skipfish -o
report_outdir http://target-site - after the scan is finished, go to report_outdir and open index.html to view the results
- you can always break the scan by ctrl-c
Skipfish creates a more advanced report then ratproxy, and it is autogenerated, so you don’t need a special parser to create the HTML report from the raw results.
Talkback and comments are most welcome
Related posts
Ratproxy – Google Web Security Assessment Tool
Google’s Ratproxy Web Security Tool for Windows
Tutorial – Using Ratproxy for Web Site Vulnerability Analysis
