shift / skipfish

Automatically exported from code.google.com/p/skipfish
Apache License 2.0
0 stars 0 forks source link

Use Firing Range to make sure the scanner is tested for recognition of modern vulnerabilities #209

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Hi guys,

I have been using skipfish now for some years and I am happy to report it has 
helped us find issues we would not find with other scanners however it would 
look like many of modern vulnerabilities are not detected.

Google has released Firing Range with even a hosted version at 
http://public-firing-range.appspot.com/ which I used to run a pentest from 
skipfish.

My findings were that out of the many vulnerabilities currently exposed by 
firing range only a couple of them was detected by skipfish.

Basically I run:
./skipfish -u -v -N -S dictionaries/complete.wl -o 
output_public-firing-range.appspot.com https://public-firing-range.appspot.com/

And then I got the attached file. You will find broken links of course but the 
bottom line is that not much was found and of course you can try all this 
yourself.

Original issue reported on code.google.com by nestor.u...@gmail.com on 26 Nov 2014 at 2:59

GoogleCodeExporter commented 9 years ago
Index file resulting from scanning http://public-firing-range.appspot.com/ with 
skipfish using the below command:

./skipfish -u -v -N -S dictionaries/complete.wl -o 
output_public-firing-range.appspot.com https://public-firing-range.appspot.com/

Original comment by nestor.u...@gmail.com on 26 Nov 2014 at 3:01

Attachments: