in Home

Compiling Google Skipfish 1.19b on OSX

The past friday March 19, Google Inc announced on its official blog, the active web application security reconnaissance tool: Skipfish.

Some important things about Skipfish by the developer (lcamtuf):

    • High speed: written in pure C, with highly optimized HTTP handling and a minimal CPU footprint, the tool easily achieves 2000 requests per second with responsive targets.

    • Ease of use: the tool features heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
    • Cutting-edge security logic: we incorporated high quality, low false positive, differential security checks capable of spotting a range of subtle flaws, including blind injection vectors.

      Now, how i can build it on OSX?

      You need:

      2.) Fink or Mac ports 

      Ready? Go!

      1.) Install libidn from fink/macports

      $ sudo fink install libidn

      $ sudo port install libidn

      Remember the prefix paths: Fink store all files in /sw/ and macports in /opt/

      2.) Download Skipfish 1.19b (last available now) from here and uncompress in any path, by the example: /usr/local/src

      3.) Download my patch: skipfish-osx.patch and copy it in /usr/local/src/skipfish

      4.) Apply the patch:

      # patch < skipfish-osx.patch 
      patching file Makefile
      patching file report.c
      patching file Info.plist

      5.) Compile with:

      # make



      Quick and easy 😉

      Write a Comment



      1. Hi,

        I was following your tutorial, and I ran into an error when I tried to do “# patch < skipfish-osx.patch"

        Here is the error message:
        (Stripping trailing CRs from patch.)
        patching file Makefile
        Hunk #1 FAILED at 26.
        1 out of 1 hunk FAILED — saving rejects to file Makefile.rej
        (Stripping trailing CRs from patch.)
        can't find file to patch at input line 21
        Perhaps you should have used the -p or –strip option?
        The text leading up to this was:
        |diff -rupN skipfish/report.c skipfish-new/report.c
        |— skipfish/report.c 2010-03-24 09:05:07.000000000 -0500
        |+++ skipfish-new/report.c 2010-03-24 09:06:59.000000000 -0500

        I tried to google the error, but I didn't get anywhere. I am not familiar with this command at all. Would you please give me some hint so I can carry on with the installation process?
        Thank you for your time.

        All the best,

        • Hi,

          This version of skipfish is very old, please download the latest version and try with the oficial instructions.