I am trying to run Skipfish against DVWA, which I installed on a VM. But
Skipfish doesn't find any of the vulnerabilites DVWA provides. I can't
understand why, it reports two warnings "Limits exceeded, suppressed" and "Node
should be a directory, detection error?". So i put a maximum to the requests.
This is the command I am using:
skipfish -W /dev/null -o /root/Skipfish_DVWA_scan10 -C "security=low" -C
"PHPSESSID=*ZAPCookieInformation*" -l 3 -X /logout.php -X /setup.php -X
/security.php -r 4000 -m 5 -A admin:password
http://*ipv6ofVM*/dvwa/vulnerabilities/login.php
I also tried to point directly to the vulnerabilities, but neither it helped. I
think Skipfish should find some vulnerabilities, at least SQLinjection. But I
don't know what I am doing wrong. Does someone know? Thank you in advance...
Original issue reported on code.google.com by kaddy4...@hotmail.de on 17 Jul 2015 at 8:16
Original issue reported on code.google.com by
kaddy4...@hotmail.de
on 17 Jul 2015 at 8:16