Reputation: 1449
Skipfish Dictionaries
I'm trying to explore Skipfish by Google
I went through their documentation , and also through the file README-FIRST ( present int eh dictionaries folder)
As far as I could understand , dictionaries are extremely useful for subsequent scans of the same target.
But what I haven't been able to understand so far - is : How is this being achieved ? What's the underlying mechanism that uses the dictionary and in what way ?
I'd really appreciate some help with this
Thanks
Upvotes: 2
Views: 1188
Answers (1)
Reputation: 1443
The dictionary consist of words (such as 'index' and 'cgi-bin') and extensions (such as 'old' and 'php') that are combined to form filenames skipfish attempts to access as part of a Dictionary attack. For example:
/some/path/index.old
/some/path/index.php
/some/path/cgi-bin.old
While crawling a site, skipfish can add new words to the dictionary as they are discovered in URLs and HTML.
Using a updated dictionary is beneficial because keywords discovered at the end of the first scan would be in the dictionary, ready to be used for probing, from the beginning of subsequent scans (instead of only being available after they are discovered within a scan).
The details of which words are combined with which extensions is discussed in the More about dictionary design section towards the bottom of dictionaries/README-FIRST
Note: I'm not a skipfish expert and you may get a better answer by posting in http://security.stackexchange.com
Also there is an article on skipfish at http://resources.infosecinstitute.com/skipfish-vulnerability-scanner/
Upvotes: 0
Related Questions
- Crawl links and title - storing in a dictionary with beautifulsoup
- Python 3.x Dictionaries
- Python Dictionary: Key with two values possible?
- Simple Python web crawler
- Getting crawled information in dictionary format
- Web Crawler in Python
- Sample parser code for the CEDICT
- Linux dictionaries
- Crawling wikipedia
- How are dictionaries for topic-related crawlers defined?