Skipfish – web vulnerability scanner from Michal Practice (known under the nickname lcamtuf). Written in C, cross platform (for Win needs Cygwin). Recursively scans the entire site and finds all sorts of gaps in security. Also generates a lot of traffic (according to a few GB incoming/outgoing). But  the tool is good, especially if there’s time and resources.

This scanner is a bit another scanning tool much in the same vein as for example Nikto or W3af. It is similar in that it is a free and opensource scanner, but it claims to be faster and less resource intensive than some of the others. It can be used to easily find Remote File Inclusion vulnerabilities (RFI).

Typical usage:


In the reports folder as output will be report in html format.

Download skipfish

Previous articlenikto
Next articlePCI DSS – Why do you need it and how does it works
Penetration Testing & Information Security Specialist, Certified Ethical Hacker. Uladzislau Murashka provides information security and penetration testing services, IDS/IPS implementation and configuration, infrastructure security assessment and hardening, participates in bug bounty programs. CyberSecurity News & Articles: and Penetration Testing Services:


  1. I have noticed that Kali even after updates eats lots of CPU and RAM, so thinking about moving to some another distro for pentesters

Comments are closed.