freebsd-ports/security/skipfish/pkg-descr

A fully automated, active web application security reconnaissance
tool. Key features:

* High speed: pure C code, highly optimized HTTP handling, minimal
  CPU footprint - easily achieving 2000 requests per second with 
  responsive targets. 

* Ease of use: heuristics to support a variety of quirky web 
  frameworks and mixed-technology sites, with automatic learning 
  capabilities, on-the-fly wordlist creation, and form autocompletion. 

* Cutting-edge security logic: high quality, low false positive, 
  differential security checks, capable of spotting a range of subtle 
  flaws, including blind injection vectors. 

WWW: http://code.google.com/p/skipfish
skipfish is a high-performance, easy, and sophisticated Web application security testing tool. It features a single-threaded multiplexing HTTP stack, heuristic detection of obscure Web frameworks, and advanced, differential security checks capable of detecting blind injection vulnerabilities, stored XSS, and so forth. PR: ports/144942 Submitted by: Ryan Steinmetz <rpsfa@rit.edu> Approved by: itetcu (mentor) WWW: http://code.google.com/p/skipfish/ 2010-03-25 06:43:37 +00:00			`A fully automated, active web application security reconnaissance`
			`tool. Key features:`

			`* High speed: pure C code, highly optimized HTTP handling, minimal`
			`CPU footprint - easily achieving 2000 requests per second with`
			`responsive targets.`

			`* Ease of use: heuristics to support a variety of quirky web`
			`frameworks and mixed-technology sites, with automatic learning`
			`capabilities, on-the-fly wordlist creation, and form autocompletion.`

			`* Cutting-edge security logic: high quality, low false positive,`
			`differential security checks, capable of spotting a range of subtle`
			`flaws, including blind injection vectors.`

			`WWW: http://code.google.com/p/skipfish`