Use Firing Range to make sure the scanner is tested for recognition of modern vulnerabilities
Opened this issue · 1 comments
GoogleCodeExporter commented
Hi guys,
I have been using skipfish now for some years and I am happy to report it has
helped us find issues we would not find with other scanners however it would
look like many of modern vulnerabilities are not detected.
Google has released Firing Range with even a hosted version at
http://public-firing-range.appspot.com/ which I used to run a pentest from
skipfish.
My findings were that out of the many vulnerabilities currently exposed by
firing range only a couple of them was detected by skipfish.
Basically I run:
./skipfish -u -v -N -S dictionaries/complete.wl -o
output_public-firing-range.appspot.com https://public-firing-range.appspot.com/
And then I got the attached file. You will find broken links of course but the
bottom line is that not much was found and of course you can try all this
yourself.
Original issue reported on code.google.com by nestor.u...@gmail.com
on 26 Nov 2014 at 2:59
GoogleCodeExporter commented
Index file resulting from scanning http://public-firing-range.appspot.com/ with
skipfish using the below command:
./skipfish -u -v -N -S dictionaries/complete.wl -o
output_public-firing-range.appspot.com https://public-firing-range.appspot.com/
Original comment by nestor.u...@gmail.com
on 26 Nov 2014 at 3:01
Attachments: