Skipfish is a web application security reconnaissance and auditing tool that runs on Linux, Mac OS X and Windows (Cygwin) environments. This tutorial is not going to discuss on how to use it but how to install it. How to use Skipfish will be discussed on my next post so watch out for it.

Now let’s continue with the installation. Download Skipfish source package from this link

wget -c

When you have the Skipfish source package downloaded, decompress it.

tar -vxzf skipfish-2.10b.tgz

Now change to the Skipfish decompressed directory.

cd skipfish-2.10b

Skipfish is dependent on the following libraries so you might need to install them first before compiling it.


If you find yourself getting library errors not being found during compilation then you just have to install the following packages:

apt-get install libcurl3-openssl-dev
apt-get install libpcre3-dev

When you’re done installing the required libraries, recompile Skipfish again.

shell# make

This time Skipfish you compile without errors.

Server:~/skipfish-2.10b# make
cc -L/usr/local/lib/ -L/opt/local/lib src/skipfish.c -o skipfish \
        -O3 -Wno-format -Wall -funsigned-char -g -ggdb -I/usr/local/include/ -I/opt/local/include/  -DVERSION=\"2.10b\" src/http_client.c src/database.c src/crawler.c src/analysis.c src/report.c src/checks.c src/signatures.c src/auth.c src/options.c -lcrypto -lssl -lidn -lz -lpcre

See doc/dictionaries.txt to pick a dictionary for the tool.

Having problems with your scans? Be sure to visit:


Now that you have successfully compiled Skipfish, give yourself a pat on the back and checkout the Skipfish wiki site

Comments are closed.