mjmwired / skipfish

Automatically exported from code.google.com/p/skipfish
Apache License 2.0
0 stars 0 forks source link

Skipfish doesnt find vulns in DVWA #217

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
I am trying to run Skipfish against DVWA, which I installed on a VM. But 
Skipfish doesn't find any of the vulnerabilites DVWA provides. I can't 
understand why, it reports two warnings "Limits exceeded, suppressed" and "Node 
should be a directory, detection error?". So i put a maximum to the requests. 
This is the command I am using:

skipfish -W /dev/null -o /root/Skipfish_DVWA_scan10 -C "security=low" -C 
"PHPSESSID=*ZAPCookieInformation*" -l 3 -X /logout.php -X /setup.php -X 
/security.php -r 4000 -m 5 -A admin:password 
http://*ipv6ofVM*/dvwa/vulnerabilities/login.php

I also tried to point directly to the vulnerabilities, but neither it helped. I 
think Skipfish should find some vulnerabilities, at least SQLinjection. But I 
don't know what I am doing wrong. Does someone know? Thank you in advance...

Original issue reported on code.google.com by kaddy4...@hotmail.de on 17 Jul 2015 at 8:16