The past friday March 19, Google Inc announced on its official blog, the active web application security reconnaissance tool: Skipfish.
Some important things about Skipfish by the developer (lcamtuf):
- High speed: written in pure C, with highly optimized HTTP handling and a minimal CPU footprint, the tool easily achieves 2000 requests per second with responsive targets.
- Ease of use: the tool features heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
- Cutting-edge security logic: we incorporated high quality, low false positive, differential security checks capable of spotting a range of subtle flaws, including blind injection vectors.
Now, how i can build it on OSX?
1.) Developer Tools from Apple (xcode)
1.) Install libidn from fink/macports
$ sudo fink install libidn
$ sudo port install libidn
Remember the prefix paths: Fink store all files in /sw/ and macports in /opt/
2.) Download Skipfish 1.19b (last available now) from here and uncompress in any path, by the example: /usr/local/src
3.) Download my patch: skipfish-osx.patch and copy it in /usr/local/src/skipfish
4.) Apply the patch:
# patch < skipfish-osx.patch
patching file Makefile
patching file report.c
patching file Info.plist
5.) Compile with:
Quick and easy 😉