Skipfish is a web application security reconnaissance and auditing tool that runs on Linux, Mac OS X and Windows (Cygwin) environments. This tutorial is not going to discuss on how to use it but how to install it. How to use Skipfish will be discussed on my next post so watch out for it.
Now let’s continue with the installation. Download Skipfish source package from this link http://code.google.com/p/skipfish/downloads/list
wget -c http://skipfish.googlecode.com/files/skipfish-2.10b.tgz
When you have the Skipfish source package downloaded, decompress it.
tar -vxzf skipfish-2.10b.tgz
Now change to the Skipfish decompressed directory.
Skipfish is dependent on the following libraries so you might need to install them first before compiling it.
libcrypto libssl libidn libpcre
If you find yourself getting library errors not being found during compilation then you just have to install the following packages:
apt-get install libcurl3-openssl-dev apt-get install libpcre3-dev
When you’re done installing the required libraries, recompile Skipfish again.
This time Skipfish you compile without errors.
Server:~/skipfish-2.10b# make cc -L/usr/local/lib/ -L/opt/local/lib src/skipfish.c -o skipfish \ -O3 -Wno-format -Wall -funsigned-char -g -ggdb -I/usr/local/include/ -I/opt/local/include/ -DVERSION=\"2.10b\" src/http_client.c src/database.c src/crawler.c src/analysis.c src/report.c src/checks.c src/signatures.c src/auth.c src/options.c -lcrypto -lssl -lidn -lz -lpcre See doc/dictionaries.txt to pick a dictionary for the tool. Having problems with your scans? Be sure to visit: http://code.google.com/p/skipfish/wiki/KnownIssues Server:~/skipfish-2.10b#
Now that you have successfully compiled Skipfish, give yourself a pat on the back and checkout the Skipfish wiki site http://code.google.com/p/skipfish/w/list