Skipfish is default installed into Kali and located on:
/usr/share/skipfish
The dictionaries are located in the
/usr/share/skipfish/dictionaries
folder.
The following example shows a scan using a wordlist called complete.wl https://www.hackthissite.org. Skipfish will create a folder called skip-output on the /tmp. This is run using the keyword skipfish, then use –o /tmp/skipfish-output to specify the location to which send the output, then -W /usr/share/skipfish/dictionaries/complete.wl to specify the location of the dictionary, closed by https://www.hackthissite.org as the target to scan against.
Complete command:
skipfish -o /tmp/skipfish-output -W /usr/share/skipfish/dictionaries/complete.wl https://www.hackthissite.org
It will present you with a launch screen that states the scan will start in 60 seconds or on pressing any key. You can press the Spacebar to see the details on the scan or watch the default numbers run. Scanning a target can take a few minuts or hours to complete the process. You can end a scan early by typing Ctrl + C.
Skipfish will generate a ton of output files in the location specified when using the –o option to designate an output folder.
To see the results, click on the index.html file, which will bring up an Internet browser. You can click through the drop-down boxes to see your results. See the example reports section for more information.
