Google announced skipfish, an open source, fully automated, active web application security investigation tool. Most importantly as like other Google products this is also free. Key features:
-
High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets.
-
Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form auto completion.
-
Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.
The tool is believed to support Linux, FreeBSD 7.0+, MacOS X, and Windows (Cygwin) environments
