lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <448e9a321003191051n246906f4wd002732d4c78ae0d@mail.gmail.com>
Date: Fri, 19 Mar 2010 10:51:27 -0700
From: Michal Zalewski <lcamtuf@...edump.cx>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk,
	websecurity@...appsec.org
Subject: announcing skipfish, an automated web app security scanner

Hi folks,

I am happy to announce the availability of skipfish - our open-source,
fully automated, active web application scanner. There are several
things that probably make it interesting:

1) High speed: pure C code, highly optimized HTTP handling, minimal
CPU footprint - easily achieving 2000 requests per second with
responsive targets.

2) Ease of use: heuristics to support a variety of quirky web
frameworks and mixed-technology sites, with automatic learning
capabilities, on-the-fly wordlist creation, and form autocompletion.

3) Cutting-edge security logic: high quality, low false positive,
differential security checks, capable of spotting a range of subtle
flaws, including blind injection vectors.

To download, please go to:
http://code.google.com/p/skipfish

Read more:
http://code.google.com/p/skipfish/wiki/SkipfishDoc

Cheers,
/mz

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ