Use Firing Range to make sure the scanner is tested for recognition of modern vulnerabilities

[GoogleCodeExporter]

Hi guys,

I have been using skipfish now for some years and I am happy to report it has 
helped us find issues we would not find with other scanners however it would 
look like many of modern vulnerabilities are not detected.

Google has released Firing Range with even a hosted version at 
http://public-firing-range.appspot.com/ which I used to run a pentest from 
skipfish.

My findings were that out of the many vulnerabilities currently exposed by 
firing range only a couple of them was detected by skipfish.

Basically I run:
./skipfish -u -v -N -S dictionaries/complete.wl -o 
output_public-firing-range.appspot.com https://public-firing-range.appspot.com/


And then I got the attached file. You will find broken links of course but the 
bottom line is that not much was found and of course you can try all this 
yourself.

Original issue reported on code.google.com by [email protected] on 26 Nov 2014 at 2:59

[GoogleCodeExporter]

Index file resulting from scanning http://public-firing-range.appspot.com/ with 
skipfish using the below command:

./skipfish -u -v -N -S dictionaries/complete.wl -o 
output_public-firing-range.appspot.com https://public-firing-range.appspot.com/

Original comment by [email protected] on 26 Nov 2014 at 3:01

Attachments:

• index.html