Use Firing Range to make sure the scanner is tested for recognition of modern vulnerabilities #209
Description
Hi guys,
I have been using skipfish now for some years and I am happy to report it has
helped us find issues we would not find with other scanners however it would
look like many of modern vulnerabilities are not detected.
Google has released Firing Range with even a hosted version at
http://public-firing-range.appspot.com/ which I used to run a pentest from
skipfish.
My findings were that out of the many vulnerabilities currently exposed by
firing range only a couple of them was detected by skipfish.
Basically I run:
./skipfish -u -v -N -S dictionaries/complete.wl -o
output_public-firing-range.appspot.com https://public-firing-range.appspot.com/
And then I got the attached file. You will find broken links of course but the
bottom line is that not much was found and of course you can try all this
yourself.
Original issue reported on code.google.com by nestor.u...@gmail.com on 26 Nov 2014 at 2:59