trietptm / skipfish Goto Github PK

skipfish is distributed without manpage, which is quite popular format of
documentation. One of Debian developers created such manpage and it is
available in Debian's BTS:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575596

Would be great if you could include it in your tarball.

regards
fEnIo

$ diff index.html.orig index.html
265c265
<   "40301": "Incorrect or missing MIME type (higher rirsk)",

---
>   "40301": "Incorrect or missing MIME type (higher risk)",

The report is not working / displayed correctly on Google Chrome.

The type sniffer is looking for an "<?xml" string and assuming any html without 
it is text/html, but 
this is an optional line and the W3 actually recommends not to use it in xhtml 
( 
http://www.w3.org/TR/xhtml1/guidelines.html)

I've hacked up my local copy with this patch which seems to improve things.

--- skipfish-1.07b/analysis.c   2010-03-20 02:47:46.000000000 +0000
+++ b/analysis.c    2010-03-21 19:44:45.623787778 +0000
@@ -1944,7 +1944,13 @@
         inl_strcasestr(sniffbuf, (u8*)"<h1") ||
         inl_strcasestr(sniffbuf, (u8*)"<li") ||
         inl_strcasestr(sniffbuf, (u8*)"href=")) {
-      res->sniff_mime_id = MIME_ASC_HTML;
+      if (inl_strcasestr(sniffbuf, (u8*)" 
xmlns=\"http://www.w3.org/1999/xhtml\"") &&
+          inl_strcasestr(sniffbuf, (u8*)" xml:lang=") &&
+          !inl_strcasestr(sniffbuf, (u8*)" lang="))
+        res->sniff_mime_id = MIME_XML_XHTML;
+      else
+        res->sniff_mime_id = MIME_ASC_HTML;
+
       return;
     }

I can't compile it on openbsd :

tmp//ccitPTK6.o(.text+0x1482): In function `serialize_path':
/home/dbd/Downloads/skipfish/http_client.c:441: warning: sprintf() is often
misused, please use snprintf()
/tmp//ccMD7G7q.o(.text+0xeb3): In function `__DFL_ck_alloc':
/home/dbd/Downloads/skipfish/alloc-inl.h:71: undefined reference to
`malloc_usable_size'
/tmp//ccMD7G7q.o(.text+0xf6a): In function `__DFL_ck_realloc':
/home/dbd/Downloads/skipfish/alloc-inl.h:88: undefined reference to
`malloc_usable_size'
/tmp//ccMD7G7q.o(.text+0xf95):Downloads/skipfish/alloc-inl.h:94: undefined
reference to `malloc_usable_size'
/tmp//ccMD7G7q.o(.text+0x1093): In function `__DFL_ck_strdup':
Downloads/skipfish/alloc-inl.h:116: undefined reference to `malloc_usable_size'
/tmp//ccitPTK6.o(.text+0x11a6): In function `serialize_path':
Downloads/skipfish/http_client.c:635: undefined reference to
`malloc_usable_size'
/tmp//ccitPTK6.o(.text+0x128e):Downloads/skipfish/http_client.c:668: more
undefined references to `malloc_usable_size' follow
collect2: ld returned 1 exit status
*** Error code 1

I also get a warning :

/usr/include/malloc.h:4:2: warning: #warning "<malloc.h> is obsolete, use
<stdlib.h>"

Our security officer is nervous about our downloading OSS products. He's 
afraid the code might be tampered with. Would it be possible provide a 
hash value for the downloads? It would ease his mind.

Sorry I think we had a bit of misunderstanding here,

1.15b's Makefile has:

LDFLAGS   += -lcrypto -lssl -lidn -lz -L/usr/local/lib/ -L/opt/local/lib

$(CC) $(PROGNAME).c -o $(PROGNAME) $(CFLAGS_OPT) $(OBJFILES) $(LDFLAGS)

This won't work because LDFLAGS are appended too late, and as such, are
ignored.

It should be:

LIBS       = -lcrypto -lssl -lidn -lz -L/usr/local/lib/ -L/opt/local/lib

$(CC) $(LDFLAGS) $(PROGNAME).c -o $(PROGNAME) $(CFLAGS_OPT) \
$(OBJFILES) $(LIBS)

In order to respect environment's LDFLAGS they can't be mixed with -l
flags... and even when not respecting them, `make LDFLAGS=""` as argument
would be broken.

(That's what I really tried to say on the previous bug, and got a bit
sidetracked by other vars there, I guess, sorry...)

Attached is the way I would write it...

Then you can:

export CFLAGS="-march=core2 -pipe -O2"
export LDFLAGS="-Wl,--as-needed"

make debug          -> -g -ggdb is only appended then, and above is used

make                -> build with upstream optimization, -O3, above is
prepended to this too

make OPT_CFLAGS=""  -> use only your own above environment flags

I am trying skipfish against DVWA (http://www.dvwa.co.uk/) on a Ubuntu 9.04
VM with 2 GB RAM. Unfortunately it consistently fails with the following:

skipfish version 1.25b by <[email protected]>

Scan statistics
---------------

       Scan time : 3:10:39.0369
   HTTP requests : 1155023 sent (101.04/s), 837781.75 kB in, 565251.44 kB
out (122.65 kB/s)  
     Compression : 177901.86 kB in, 766857.50 kB out (62.34% gain)    
 HTTP exceptions : 1 net errors, 0 proto errors, 0 retried, 0 drops
 TCP connections : 11447 total (101.48 req/conn)  
  TCP exceptions : 0 failures, 1 timeouts, 7 purged
  External links : 38219 skipped
    Reqs pending : 6609        

Database statistics
-------------------

          Pivots : 44832 total, 29585 done (65.99%)    
     In progress : 15015 pending, 169 init, 37 attacks, 26 dict     
   Missing nodes : 275 spotted
      Node types : 1 serv, 3228 dir, 12413 file, 1792 pinfo, 12773 unkn,
14625 par, 0 val
    Issues found : 4546 info, 8977 warn, 14540 low, 1 medium, 2320 high impact
       Dict size : 223 words (23 new), 8 extensions, 231 candidates

[-] PROGRAM ABORT : out of memory: can't allocate 14226 bytes
    Stop location : __DFL_ck_alloc(), alloc-inl.h:69

Any idea?

I just ran Skipfish against a website on our staging server.  The scan took
a couple of days to run (10 million hits on DB driven site -- should have
used a smaller dictionary!), and came up with 3000 odd issues.

Scanning through, almost all issues are of the form:

#  http://xxxx/numbers/letters.html/-2147483649 
Memo: response to -(2^31-1) different than to -12345

I believe these to be false positives, as the responses seem to be the
same, except for two things:

1) A comment in the footer of the page source that looks like this:
<!-- Generated by Messiah Ltd. on Fri, 26 Mar 2010 08:31:15 +1300 in 23.7
milliseconds. -->

2) An image tag that is randomly selected (server-side) for each page view.

3) A small quote, also randomly selected per page view.

The scan was run using Skipfish version 1.11b.  It only just finished, and
I haven't yet scanned again with a newer version.

1.08b segfaults after 

make clean debug
ulimit -c unlimited
./skipfish -p 25% -g 5000 -m 1000 -o www.unosoft.hu http://www.unosoft.hu/ 
2>logfile.txt

gdb --batch -ex back ./skipfish core >gdb.out

Any suggestions?

Tamás Gulácsi
[email protected]

No report available using Firefox 3.0.11. 
It seems the same behaviour of the issue related to Chrome.
(see image)

% svn checkout http://skipfish.googlecode.com/svn/trunk/ skipfish-read-only
Checked out revision 74.

% ls -a skipfish-read-only
.  ..  .svn

No other files to work with!

What steps will reproduce the problem?

pull the tarball and unpack it

What is the expected output? What do you see instead?

$ tar zxf skipfish-1.05b.tgz
$ ls

and we see: 
README  skipfish  skipfish-1.05b.tgz

rather than a nice versioned directory, permitting easier 'diff'ing,
deltas, and avoidance of error from being in the wrong place

We should have seen:

README  skipfish-1.05b/  skipfish-1.05b.tgz

perhaps

What version of the product are you using? On what operating system?

As above on a CentOS 5 unit

Please provide any additional information below.

Please consider this as it greatly simplifies source code management for
packaging systems.

Resizing my command window during a scan results in in old status line
"ghosts" remaining in the previous location while new status lines are
relocated according to window size and continue to update.

Please make the source available from SVN (or a git repository).

Wiki advises to download the source code via:

    svn checkout http://skipfish.googlecode.com/svn/trunk/ skipfish-read-only

But this command results only in an empty directory.

I'm using version 1.25 beta. The server I'm testing is treating a PUT
request as a GET request and hence SkipFisk reports this a PUT issue. Is
there some way Skipfish can be improved to avoid false positives for PUT
(by testing if the PUT actually put a file there)?

on ubuntu lucid beta1, after installing libidn11-dev, it is still not 
possible to compile skipfish 1.03b.

we need to install libssl-dev package to make it compile, but the readme 
does not contain information about this.

What steps will reproduce the problem?
1. try make
2. you'll get openssl/ssl.h: No such file or directory error 
3. install libssl-dev, and now it compiles.

~/skipfish# make

cc skipfish.c -o skipfish -Wall -funsigned-char -g -ggdb
-D_FORTIFY_SOURCE=0 -O3 -Wno-format http_client.c database.c crawler.c
analysis.c report.c -lcrypto -lssl -lidn -lz
In file included from crawler.h:26,
                 from skipfish.c:39:
http_client.h:26:25: error: openssl/ssl.h: No such file or directory
In file included from crawler.h:26,
                 from skipfish.c:39:
http_client.h:189: error: expected specifier-qualifier-list before
‘SSL_CTX’
skipfish.c: In function ‘main’:
skipfish.c:143: warning: implicit declaration of function
‘SSL_library_init’
http_client.c:36:25: error: openssl/ssl.h: No such file or directory
http_client.c:37:25: error: openssl/err.h: No such file or directory
http_client.c:39:18: error: zlib.h: No such file or directory
In file included from database.h:29,
                 from http_client.c:44:
http_client.h:189: error: expected specifier-qualifier-list before
‘SSL_CTX’
http_client.c: In function ‘parse_response’:
http_client.c:1491: error: ‘z_stream’ undeclared (first use in this
function)
http_client.c:1491: error: (Each undeclared identifier is reported only once
http_client.c:1491: error: for each function it appears in.)
http_client.c:1491: error: expected ‘;’ before ‘d’
http_client.c:1496: error: ‘d’ undeclared (first use in this 
function)
http_client.c:1506: warning: implicit declaration of function
‘inflateInit2’
http_client.c:1506: error: ‘Z_OK’ undeclared (first use in this 
function)
http_client.c:1507: warning: implicit declaration of function 
‘inflateEnd’
http_client.c:1512: warning: implicit declaration of function 
‘inflate’
http_client.c:1512: error: ‘Z_FINISH’ undeclared (first use in this
function)
http_client.c:1515: error: ‘Z_BUF_ERROR’ undeclared (first use in 
this
function)
http_client.c:1515: error: ‘Z_STREAM_END’ undeclared (first use in 
this
function)
http_client.c: In function ‘destroy_unlink_conn’:
http_client.c:1611: error: ‘struct conn_entry’ has no member named 
‘q’
http_client.c:1611: error: ‘struct conn_entry’ has no member named 
‘q’
http_client.c:1612: error: ‘struct conn_entry’ has no member named
‘prev’
http_client.c:1612: error: ‘struct conn_entry’ has no member named
‘next’
http_client.c:1612: error: ‘struct conn_entry’ has no member named
‘prev’
http_client.c:1612: error: ‘struct conn_entry’ has no member named
‘next’
http_client.c:1613: error: ‘struct conn_entry’ has no member named
‘next’
http_client.c:1613: error: ‘struct conn_entry’ has no member named
‘next’
http_client.c:1613: error: ‘struct conn_entry’ has no member named
‘prev’
http_client.c:1614: error: ‘struct conn_entry’ has no member named
‘srv_ssl’
http_client.c:1614: warning: implicit declaration of function 
‘SSL_free’
http_client.c:1614: error: ‘struct conn_entry’ has no member named
‘srv_ssl’
http_client.c:1615: error: ‘struct conn_entry’ has no member named
‘srv_ctx’
http_client.c:1615: warning: implicit declaration of function
‘SSL_CTX_free’
http_client.c:1615: error: ‘struct conn_entry’ has no member named
‘srv_ctx’
http_client.c:1616: error: ‘struct conn_entry’ has no member named
‘write_buf’
http_client.c:1617: error: ‘struct conn_entry’ has no member named
‘read_buf’
http_client.c:1618: warning: implicit declaration of function 
‘close’
http_client.c: In function ‘reuse_conn’:
http_client.c:1627: error: ‘struct conn_entry’ has no member named 
‘q’
http_client.c:1627: error: ‘struct conn_entry’ has no member named 
‘q’
http_client.c:1628: error: ‘struct conn_entry’ has no member named 
‘q’
http_client.c:1629: error: ‘struct conn_entry’ has no member named
‘read_buf’
http_client.c:1630: error: ‘struct conn_entry’ has no member named
‘write_buf’
http_client.c:1631: error: ‘struct conn_entry’ has no member named
‘read_buf’
http_client.c:1631: error: ‘struct conn_entry’ has no member named
‘write_buf’
http_client.c:1632: error: ‘struct conn_entry’ has no member named
‘read_len’
http_client.c:1632: error: ‘struct conn_entry’ has no member named
‘write_len’
http_client.c:1632: error: ‘struct conn_entry’ has no member named
‘write_off’
http_client.c:1633: error: ‘struct conn_entry’ has no member named
‘SSL_rd_w_wr’
http_client.c:1633: error: ‘struct conn_entry’ has no member named
‘SSL_wr_w_rd’
http_client.c: In function ‘check_ssl’:
http_client.c:1738: error: ‘X509’ undeclared (first use in this 
function)
http_client.c:1738: error: ‘p’ undeclared (first use in this 
function)
http_client.c:1740: warning: implicit declaration of function
‘SSL_get_peer_certificate’
http_client.c:1740: error: ‘struct conn_entry’ has no member named
‘srv_ssl’
http_client.c:1748: warning: implicit declaration of function
‘ASN1_UTCTIME_cmp_time_t’
http_client.c:1752: error: ‘struct conn_entry’ has no member named 
‘q’
http_client.c:1753: error: ‘struct conn_entry’ has no member named 
‘q’
http_client.c:1757: warning: implicit declaration of function
‘X509_NAME_oneline’
http_client.c:1757: warning: assignment makes pointer from integer without
a cast
http_client.c:1760: error: ‘struct conn_entry’ has no member named 
‘q’
http_client.c:1761: error: ‘struct conn_entry’ has no member named 
‘q’
http_client.c:1763: error: ‘struct conn_entry’ has no member named 
‘q’
http_client.c:1764: error: ‘struct conn_entry’ has no member named 
‘q’
http_client.c:1771: error: ‘struct conn_entry’ has no member named 
‘q’
http_client.c:1783: error: ‘struct conn_entry’ has no member named 
‘q’
http_client.c:1784: error: ‘struct conn_entry’ has no member named 
‘q’
http_client.c:1786: warning: implicit declaration of function 
‘X509_free’
http_client.c:1788: error: ‘struct conn_entry’ has no member named 
‘q’
http_client.c:1789: error: ‘struct conn_entry’ has no member named 
‘q’
http_client.c:1791: error: ‘struct conn_entry’ has no member named
‘ssl_checked’
http_client.c: In function ‘conn_associate’:
http_client.c:1846: error: ‘errno’ undeclared (first use in this 
function)
http_client.c:1846: error: ‘EINPROGRESS’ undeclared (first use in 
this
function)
http_client.c:1852: error: ‘struct conn_entry’ has no member named
‘srv_ctx’
http_client.c:1852: warning: implicit declaration of function 
‘SSL_CTX_new’
http_client.c:1852: warning: implicit declaration of function
‘SSLv23_client_method’
http_client.c:1854: error: ‘struct conn_entry’ has no member named
‘srv_ctx’
http_client.c:1856: warning: implicit declaration of function
‘SSL_CTX_set_mode’
http_client.c:1856: error: ‘struct conn_entry’ has no member named
‘srv_ctx’
http_client.c:1856: error: ‘SSL_MODE_ENABLE_PARTIAL_WRITE’ 
undeclared
(first use in this function)
http_client.c:1857: error: ‘SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER’
undeclared (first use in this function)
http_client.c:1859: error: ‘struct conn_entry’ has no member named
‘srv_ssl’
http_client.c:1859: warning: implicit declaration of function 
‘SSL_new’
http_client.c:1859: error: ‘struct conn_entry’ has no member named
‘srv_ctx’
http_client.c:1861: error: ‘struct conn_entry’ has no member named
‘srv_ssl’
http_client.c:1862: error: ‘struct conn_entry’ has no member named
‘srv_ctx’
http_client.c:1866: warning: implicit declaration of function 
‘SSL_set_fd’
http_client.c:1866: error: ‘struct conn_entry’ has no member named
‘srv_ssl’
http_client.c:1867: warning: implicit declaration of function
‘SSL_set_connect_state’
http_client.c:1867: error: ‘struct conn_entry’ has no member named
‘srv_ssl’
http_client.c:1873: error: ‘struct conn_entry’ has no member named
‘next’
http_client.c:1875: error: ‘struct conn_entry’ has no member named
‘next’
http_client.c:1875: error: ‘struct conn_entry’ has no member named
‘next’
http_client.c:1881: error: ‘struct conn_entry’ has no member named 
‘q’
http_client.c:1886: error: ‘struct conn_entry’ has no member named
‘write_buf’
http_client.c:1887: error: ‘struct conn_entry’ has no member named
‘write_len’
http_client.c:1887: error: ‘struct conn_entry’ has no member named
‘write_buf’
http_client.c: In function ‘next_from_queue’:
http_client.c:1915: error: ‘struct conn_entry’ has no member named
‘write_len’
http_client.c:1915: error: ‘struct conn_entry’ has no member named
‘write_off’

It is highly demanded, to implement an dos(denial of service) blocker.

The easiest way should be, to ask about a simple key file
 like "http://example.com/skipfish_[sha_digest_hex].html"

I got this error when try compile skipfish:

http_client.c:39:18: error: idna.h: No such file or directory

Where is supposed to find idna.h?

thx a lot.

I've tried to checkout source code, but can't find it.
$svn checkout http://skipfish.googlecode.com/svn/trunk/ skipfish-read-only
$ls skipfish-read-only -lha
total 12K
drwxr-xr-x  3 dr dr 4,0K Mar 26 11:59 ./
drwx------ 28 dr dr 4,0K Mar 26 11:59 ../
drwxr-xr-x  6 dr dr 4,0K Mar 26 12:00 .svn/

Is this a problem? 

What steps will reproduce the problem?
1. run skipfish without parameter
2. See the error : [-] PROGRAM ABORT : Scan target not specified (try -h
for help).
    Stop location : main(), skipfish.c:379
3. verify the color of your shell, it should be slightly different


Attached a patch that should correct the issue. I called the variable with
the "normal color" cRST for ReSeT. (being black, white or whatever the user
normally uses) . 
You might want to correct the #  define cNOR "\x1b[0;37m" variable, but I'm
not sure where you use that one.

I just compiled Skipfish in Windows with Cygwin and I had to install the
following packages:

- libidn
- libidn-devel
- openssl-devel

In the docs, it's only told "libidn" but is should include the other packages.

Regards.

It would be _really_ helpful to display the command used to launch the scan
or at least the url getting scanned while the progress screen is up - maybe
under the skipfish version banner.

cc skipfish.c -o skipfish -Wall -funsigned-char -g -ggdb -U_FORTIFY_SOURCE -O3 
-Wno-
format http_client.c database.c crawler.c analysis.c report.c -lcrypto -lssl 
-lidn -lz

Results in:

http_client.c:38:18: error: idna.h: No such file or directory
http_client.c: In function ‘parse_url’:
http_client.c:275: warning: implicit declaration of function 
‘idna_to_ascii_8z’
http_client.c:275: error: ‘IDNA_SUCCESS’ undeclared (first use in this 
function)
http_client.c:275: error: (Each undeclared identifier is reported only once
http_client.c:275: error: for each function it appears in.)
report.c: In function ‘copy_static_code’:
report.c:744: warning: passing argument 3 of ‘scandir’ from incompatible 
pointer type

Instead of compiling i see this:

verigon:skipfish test$ sudo make
Password:
cc skipfish.c -o skipfish -Wall -funsigned-char -g -ggdb
-D_FORTIFY_SOURCE=0 -O3 -Wno-format http_client.c database.c crawler.c
analysis.c report.c -lcrypto -lssl -lidn -lz
http_client.c:38:18: error: idna.h: No such file or directory
http_client.c: In function ‘parse_url’:
http_client.c:275: warning: implicit declaration of function 
‘idna_to_ascii_8z’
http_client.c:275: error: ‘IDNA_SUCCESS’ undeclared (first use in this
function)
http_client.c:275: error: (Each undeclared identifier is reported only once
http_client.c:275: error: for each function it appears in.)
report.c: In function ‘copy_static_code’:
report.c:744: warning: passing argument 3 of ‘scandir’ from incompatible
pointer type
make: *** [skipfish] Error 1


What version of the product are you using? On what operating system?

Developer Information:

  Version:  3.2 (10M2003)
  Location: /Developer
  Applications:
  Xcode:    3.2.1 (1613)
  Interface Builder:    3.2.1 (740)
  Instruments:  2.0.1 (1096)
  Dashcode: 3.0 (328)
  SDKs:
  Mac OS X:
  10.5: (9J61)
  10.6: (10M2003)

Would it be possible to have a flag for ignoring:
1) self signed ssl certificates
2) out of date ssl certificates

Many thanks

Using skipfish version 1.25b on Debian Testing.

I wanted to check only a subdirectory, so I used the -I option. However,
Skipfish still checks the root (and some directories above the subdirectory).

I used this commandline:
./skipfish -o somedir  -I /~username/dir/ajaxhelper.php
http://example.org/~username/dir/ajaxhelper.php

I notice that I get reports for http://example.org/,
http://example.org/~username/ and http://example.org/~username/dir/ Have I
misunderstood the usage of the -I option?

When building from tarball got following :

make all
cc skipfish.c -o skipfish -Wall -funsigned-char -g -ggdb -D_FORTIFY_SOURCE=0 
-O3 -Wno-format 
http_client.c database.c crawler.c analysis.c report.c -lcrypto -lssl -lidn -lz
http_client.c:38:18: error: idna.h: No such file or directory
http_client.c: In function ‘parse_url’:
http_client.c:275: warning: implicit declaration of function 
‘idna_to_ascii_8z’
http_client.c:275: error: ‘IDNA_SUCCESS’ undeclared (first use in this 
function)
http_client.c:275: error: (Each undeclared identifier is reported only once
http_client.c:275: error: for each function it appears in.)
report.c: In function ‘copy_static_code’:
report.c:744: warning: passing argument 3 of ‘scandir’ from incompatible 
pointer type
make: *** [skipfish] Error 1


Also, it looks like SVN for this project is mostly empty?

Andrei

Added -I/usr/local/include/, -L/usr/local/lib/ to Makefile, gmake
gmake
cc skipfish.c -o skipfish -Wall -funsigned-char -g -ggdb -
D_FORTIFY_SOURCE=0 -I/usr/local/include/ -O3 -Wno-format http_client.c 
database.c crawler.c analysis.c report.c -lcrypto -lssl -lidn -lz -L/usr/
local/lib/
In file included from skipfish.c:36:
alloc-inl.h: In function `__DFL_ck_alloc':
alloc-inl.h:69: warning: implicit declaration of function 
`malloc_usable_size'
In file included from http_client.c:42:
alloc-inl.h: In function `__DFL_ck_alloc':
alloc-inl.h:69: warning: implicit declaration of function 
`malloc_usable_size'
http_client.c: In function `destroy_unlink_conn':
http_client.c:1618: warning: implicit declaration of function `close'
http_client.c: In function `next_from_queue':
http_client.c:2013: warning: implicit declaration of function `read'
http_client.c:2091: warning: implicit declaration of function `write'
In file included from http_client.h:30,
                 from database.c:33:
alloc-inl.h: In function `__DFL_ck_alloc':
alloc-inl.h:69: warning: implicit declaration of function 
`malloc_usable_size'
In file included from http_client.h:30,
                 from crawler.c:30:
alloc-inl.h: In function `__DFL_ck_alloc':
alloc-inl.h:69: warning: implicit declaration of function 
`malloc_usable_size'
In file included from http_client.h:30,
                 from analysis.c:28:
alloc-inl.h: In function `__DFL_ck_alloc':
alloc-inl.h:69: warning: implicit declaration of function 
`malloc_usable_size'
In file included from http_client.h:30,
                 from report.c:33:
alloc-inl.h: In function `__DFL_ck_alloc':
alloc-inl.h:69: warning: implicit declaration of function 
`malloc_usable_size'
report.c: In function `copy_static_code':
report.c:744: warning: passing arg 3 of `scandir' from incompatible 
pointer type
/var/tmp//ccmILv91.o(.text+0x590): In function `main':
/home/zm/skipfish/skipfish/alloc-inl.h:86: undefined reference to 
`malloc_usable_size'
/var/tmp//ccmILv91.o(.text+0x5c1):/home/zm/skipfish/skipfish/alloc-
inl.h:92: undefined reference to `malloc_usable_size'
/var/tmp//ccmILv91.o(.text+0x67f):/home/zm/skipfish/skipfish/alloc-
inl.h:86: undefined reference to `malloc_usable_size'
/var/tmp//ccmILv91.o(.text+0x6b0):/home/zm/skipfish/skipfish/alloc-
inl.h:92: undefined reference to `malloc_usable_size'
/var/tmp//ccmILv91.o(.text+0x7ac):/home/zm/skipfish/skipfish/alloc-
inl.h:86: undefined reference to `malloc_usable_size'
/var/tmp//ccmILv91.o(.text+0x7dd):/home/zm/skipfish/skipfish/alloc-
inl.h:92: more undefined references to `malloc_usable_size' follow
gmake: *** [skipfish] Error 1

"Incorrect or missing MIME type (higher rirsk)"

extra "r" in risk.  should be:

"Incorrect or missing MIME type (higher risk)"

What steps will reproduce the problem?
1. run a scan
2. open generated index.html in google chrome (I use 5.0.342.3)
3.

What is the expected output? What do you see instead?

Using Firefox, report parts appear, are clickable and expand properly. 

With Chrome, no results appear (section titles such as "Crawl results - 
click to expand:" are visible, but without content). Please see attached 
screenshot !


What version of the product are you using? On what operating system?

- OS is Linux, Debian "squeeze"
- skipfish 1.05b
- google chrome 5.0.342.3

Please provide any additional information below.

It looks like the application must be run from the same directory that has 
the assets/* files.

[-]  SYSTEM ERROR : Unable to access 'assets/index.html' - wrong directory?
    Stop location : main(), skipfish.c:374
       OS message : No such file or directory

It would be nice if one could supply the assets path via the CLI and/or 
configure it to be a specific location.

What steps will reproduce the problem?
1. Downloaded and compiled libidn-1.9
2. Compiled skipfish 1.0
3. Using the default.wi dictionary ran ./skipfish -o google.com
http://google.com

What is the expected output? What do you see instead?
skipfish version 1.00b by <[email protected]>
Abort trap

What version of the product are you using? On what operating system?
1.00b OSX 10.6.2

Please provide any additional information below.

I have been scanning a host using the complete dictionary and the scan
already ran for more than 5 hours. How can I stop this scan without losing
the data gathered by the scanner?

I don't think this is error number 6, since this is with the latest version
of the code.

When I tried ./skipfish -o /var/tmp/out -W dictionaries/complete.wl
http://192.168.1.1

I got this error:

skipfish version 1.19b by <[email protected]>
*** glibc detected *** ./skipfish: realloc(): invalid pointer:
0x0000000002101420 ***
======= Backtrace: =========
/lib/libc.so.6[0x7f75d490ed16]
/lib/libc.so.6[0x7f75d49150c5]
./skipfish[0x40bff2]
./skipfish[0x40e0bb]
./skipfish[0x40e28a]
./skipfish[0x403123]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f75d48bcabd]
./skipfish[0x402369]
======= Memory map: ========
00400000-00429000 r-xp 00000000 08:12 21200950                          
/home/njh/Download/skipfish/skipfish
00628000-00629000 rw-p 00028000 08:12 21200950                          
/home/njh/Download/skipfish/skipfish
00629000-0062a000 rw-p 00000000 00:00 0
02100000-02121000 rw-p 00000000 00:00 0                                  [heap]
7f75d4484000-7f75d449a000 r-xp 00000000 08:06 3407913                   
/lib/libgcc_s.so.1
7f75d449a000-7f75d4699000 ---p 00016000 08:06 3407913                   
/lib/libgcc_s.so.1
7f75d4699000-7f75d469a000 rw-p 00015000 08:06 3407913                   
/lib/libgcc_s.so.1
7f75d469a000-7f75d469c000 r-xp 00000000 08:06 3408113                   
/lib/libdl-2.10.2.so
7f75d469c000-7f75d489c000 ---p 00002000 08:06 3408113                   
/lib/libdl-2.10.2.so
7f75d489c000-7f75d489d000 r--p 00002000 08:06 3408113                   
/lib/libdl-2.10.2.so
7f75d489d000-7f75d489e000 rw-p 00003000 08:06 3408113                   
/lib/libdl-2.10.2.so
7f75d489e000-7f75d49e8000 r-xp 00000000 08:06 3408094                   
/lib/libc-2.10.2.so
7f75d49e8000-7f75d4be8000 ---p 0014a000 08:06 3408094                   
/lib/libc-2.10.2.so
7f75d4be8000-7f75d4bec000 r--p 0014a000 08:06 3408094                   
/lib/libc-2.10.2.so
7f75d4bec000-7f75d4bed000 rw-p 0014e000 08:06 3408094                   
/lib/libc-2.10.2.so
7f75d4bed000-7f75d4bf2000 rw-p 00000000 00:00 0
7f75d4bf2000-7f75d4c09000 r-xp 00000000 08:06 4180650                   
/usr/lib/libz.so.1.2.3.4
7f75d4c09000-7f75d4e08000 ---p 00017000 08:06 4180650                   
/usr/lib/libz.so.1.2.3.4
7f75d4e08000-7f75d4e09000 rw-p 00016000 08:06 4180650                   
/usr/lib/libz.so.1.2.3.4
7f75d4e09000-7f75d4e3a000 r-xp 00000000 08:06 4181738                   
/usr/lib/libidn.so.11.6.1
7f75d4e3a000-7f75d503a000 ---p 00031000 08:06 4181738                   
/usr/lib/libidn.so.11.6.1
7f75d503a000-7f75d503b000 rw-p 00031000 08:06 4181738                   
/usr/lib/libidn.so.11.6.1
7f75d503b000-7f75d5089000 r-xp 00000000 08:06 4186090                   
/usr/lib/libssl.so.0.9.8
7f75d5089000-7f75d5289000 ---p 0004e000 08:06 4186090                   
/usr/lib/libssl.so.0.9.8
7f75d5289000-7f75d5290000 rw-p 0004e000 08:06 4186090                   
/usr/lib/libssl.so.0.9.8
7f75d5290000-7f75d5404000 r-xp 00000000 08:06 4184592                   
/usr/lib/libcrypto.so.0.9.8
7f75d5404000-7f75d5604000 ---p 00174000 08:06 4184592                   
/usr/lib/libcrypto.so.0.9.8
7f75d5604000-7f75d562c000 rw-p 00174000 08:06 4184592                   
/usr/lib/libcrypto.so.0.9.8
7f75d562c000-7f75d5630000 rw-p 00000000 00:00 0
7f75d5630000-7f75d564d000 r-xp 00000000 08:06 3407962                   
/lib/ld-2.10.2.so
7f75d5829000-7f75d582d000 rw-p 00000000 00:00 0
7f75d5847000-7f75d584c000 rw-p 00000000 00:00 0
7f75d584c000-7f75d584d000 r--p 0001c000 08:06 3407962                   
/lib/ld-2.10.2.so
7f75d584d000-7f75d584e000 rw-p 0001d000 08:06 3407962                   
/lib/ld-2.10.2.so
7fffb41b7000-7fffb41cd000 rw-p 00000000 00:00 0                         
[stack]
7fffb41ff000-7fffb4200000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                 
[vsyscall]
Aborted (core dumped)
njh@packard:~/Download/skipfish$

The gdb backtrace is:

#0  0x00007f75d48cff45 in *__GI_raise (sig=<value optimized out>)
   at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007f75d48d2d80 in *__GI_abort () at abort.c:88
#2  0x00007f75d490554d in __libc_message (do_abort=2,
   fmt=0x7fffb41c9c90 ' ' <repeats 23 times>,
"[stack]\n7fffb41ff000-7fffb4200000 r-xp 00000000 00:00 0", ' ' <repeats 26
times>, "[vdso]\nffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0",
' ' <repeats 18 times>, "[vsyscall]\n:06 4"...) at
../sysdeps/unix/sysv/linux/libc_fatal.c:173
#3  0x00007f75d490ed16 in malloc_printerr (action=3,
   str=0x7f75d49b6baf "realloc(): invalid pointer", ptr=<value optimized out>)
   at malloc.c:6239
#4  0x00007f75d49150c5 in realloc_check (oldmem=0x2101420, bytes=16,
   caller=<value optimized out>) at hooks.c:330
#5  0x000000000040bff2 in __DFL_ck_realloc (orig=0x2101420, size=5665)
   at alloc-inl.h:91
#6  0x000000000040e0bb in wordlist_confirm_single (text=<value optimized out>,
   is_ext=<value optimized out>, add_hits=<value optimized out>, total_age=2,
   last_age=2) at database.c:841
#7  0x000000000040e28a in load_keywords (fname=<value optimized out>,
   purge_age=0) at database.c:976
#8  0x0000000000403123 in main (argc=6, argv=0x7fffb41ca758) at skipfish.c:398

Hi Michal,

I noticed that if there is a form on a webpage which looks like
<form method="post">
  ... form content ...
</form>
then skipfish completely ignores this form and don't even tries to submit 
anything. Even when I used the auto-complete rules for this form.

Once I've added the action attribute it started submitting this form.

I guess many forms omit action being supposed that it'll be submmitted to 
the current location.

cc -L/usr/local/lib/ -L/opt/local/lib skipfish.c -o skipfish -O3
-Wno-format -Wall -funsigned-char -g -ggdb -D_FORTIFY_SOURCE=0
-I/usr/local/include/ -I/opt/local/include/  \
          http_client.c database.c crawler.c analysis.c report.c -lcrypto
-lssl -lidn -lz
http_client.c:39:18: error: idna.h: No such file or directory
http_client.c: In function ‘parse_url’:
http_client.c:277: warning: implicit declaration of function 
‘idna_to_ascii_8z’
http_client.c:277: error: ‘IDNA_SUCCESS’ undeclared (first use in this
function)
http_client.c:277: error: (Each undeclared identifier is reported only once
http_client.c:277: error: for each function it appears in.)
report.c: In function ‘copy_static_code’:
report.c:744: warning: passing argument 3 of ‘scandir’ from incompatible
pointer type
make: *** [skipfish] Error 1
Note: before submitting, check:
http://code.google.com/p/skipfish/wiki/KnownIssues

Is possible to limit the bandwith?
I try skipfish with an domain and I make a DoS :S

After 1h it eat up over 2GB of RAM. It's too much, especially since I used
minimal.wl. To reproduce it scanning page I administrate is enough. I can
provide its URL, but privately.

skipfish version 1.06b by <[email protected]>

Scan statistics
---------------

       Scan time : 1:04:41.0108
   HTTP requests : 6467537 sent (1666.70/s), 4322432.00 kB in, 2537108.25
kB out (1767.42 kB/s)  
     Compression : 2239519.75 kB in, 6157672.50 kB out (46.66% gain)    
 HTTP exceptions : 2 net errors, 0 proto errors, 1 retried, 0 drops
 TCP connections : 64060 total (101.09 req/conn)  
  TCP exceptions : 0 failures, 2 timeouts, 1 purged
  External links : 1643732 skipped
    Reqs pending : 8367         

Database statistics
-------------------

          Pivots : 5486 total, 5279 done (96.23%)    
     In progress : 123 pending, 71 init, 3 attacks, 10 dict    
   Missing nodes : 100 spotted
      Node types : 1 serv, 88 dir, 4899 file, 123 pinfo, 241 unkn, 104 par,
30 val
    Issues found : 120 info, 6 warn, 3840 low, 8149 medium, 0 high impact
       Dict size : 2894 words (1010 new), 46 extensions, 256 candidates

Can't use LDFLAGS to pass -l<ibraries> to linker, because with
-Wl,--as-needed it will break, objects need to come before libraries.

Explained here, http://www.gentoo.org/proj/en/qa/asneeded.xml

Section: "Importance of linking order"

Attached patch fixes the issue

skipfish segfaultet while scanning an application.

Core was generated by 
`./skipfish -C AUDSSESSION 1d5282c6539eb1d7480d2b7b4ee107ec -N -o /tmp/auds
-g'.

The directory was empty so no logs can be provided.  A corefile can be
provided on request. 

gdb output:


Core was generated by `./skipfish -C AUDSSESSION
1d5282c6539eb1d7480d2b7b4ee107ec -N -o /tmp/auds3 -g'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007f653967a7f4 in strcasecmp () from /lib/libc.so.6
(gdb) bt
#0  0x00007f653967a7f4 in strcasecmp () from /lib/libc.so.6
#1  0x00000000004052c6 in set_value (type=<value optimized out>, 
    name=0x491a1f0 "form", val=<value optimized out>, 
    offset=<value optimized out>, par=0x49295e8) at http_client.c:139
#2  0x000000000041ede2 in collect_form_data (req=<value optimized out>, 
    res=<value optimized out>) at analysis.c:545
#3  scrape_response (req=<value optimized out>, res=<value optimized out>)
    at analysis.c:789
#4  0x00000000004133e3 in par_dict_callback (req=0x4916410, res=0x4917600)
    at crawler.c:1894
#5  0x000000000040bbae in next_from_queue () at http_client.c:2038
#6  0x00000000004033b6 in main (argc=<value optimized out>, 
    argv=<value optimized out>) at skipfish.c:419
(gdb) u
The program is not running.
(gdb) up
#1  0x00000000004052c6 in set_value (type=<value optimized out>, 
    name=0x491a1f0 "form", val=<value optimized out>, 
    offset=<value optimized out>, par=0x49295e8) at http_client.c:139
139       if (name && strcasecmp((char*)par->n[i], (char*)name)) continue;
(gdb) print name
$1 = (u8 *) 0x491a1f0 "form"
(gdb) print par->n[i]
$2 = (u8 *) 0x0
(gdb) print i
$3 = 1

Sorry for creating a new issue but that's the only way to attach a file
here. Skipfish compiles cleanly, not much tested in production.

What steps will reproduce the problem?
1. Download skipfish-1.01b.tgz
2. Extract
3. cd skipfish
4. make

What is the expected output? What do you see instead?

➜  skipfish ✗ make
cc skipfish.c -o skipfish -Wall -funsigned-char -g -ggdb -U_FORTIFY_SOURCE -O3 
-Wno-
format http_client.c database.c crawler.c analysis.c report.c -lcrypto -lssl 
-lidn -lz
http_client.c:38:18: error: idna.h: No such file or directory
http_client.c: In function ‘parse_url’:
http_client.c:275: warning: implicit declaration of function 
‘idna_to_ascii_8z’
http_client.c:275: error: ‘IDNA_SUCCESS’ undeclared (first use in this 
function)
http_client.c:275: error: (Each undeclared identifier is reported only once
http_client.c:275: error: for each function it appears in.)
report.c: In function ‘copy_static_code’:
report.c:744: warning: passing argument 3 of ‘scandir’ from incompatible 
pointer type
make: *** [skipfish] Error 1
➜  skipfish ✗ ls
COPYING       analysis.c    crawler.c     debug.h       report.c      
string-inl.h
Makefile      analysis.h    crawler.h     dictionaries  report.h      types.h
README        assets        database.c    http_client.c same_test.c
alloc-inl.h   config.h      database.h    http_client.h skipfish.c

What version of the product are you using? On what operating system?
1.01b
OSX 10.6.2

➜  skipfish ✗ cc --version
i686-apple-darwin10-gcc-4.2.1 (GCC) 4.2.1 (Apple Inc. build 5646) (dot 1)
Copyright (C) 2007 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

How does proxy-support work? I did not find this information from 
documentation.

In the source http_client.c, line 863.

By looking at the code, I have seen :

ASD("Connction: keep-alive\r\n");

instead of :

ASD("Connection: keep-alive\r\n");

the 'e' character is missing.

Have installed idn and all other pre-requisites. Attempting to Make generates:
http_client.c:39:18: error: idna.h: No such file or directory

Tested:
skipfish-1.11b.tgz

command:
bash-3.2$ ./skipfish -o test123abc http://10.0.0.1

Output:
skipfish version 1.11b by <[email protected]>
[-]  SYSTEM ERROR : Unable to open wordlist 'skipfish.wl'
    Stop location : load_keywords(), database.c:968
       OS message : No such file or directory

No problem if run like:
./skipfish -W /dev/null -o test123abc http://10.0.0.1

Skipfish is run from within the directory it was compiled.

bash-3.2$ find ./ -name *.wl
.//dictionaries/complete.wl
.//dictionaries/default.wl
.//dictionaries/extensions-only.wl
.//dictionaries/minimal.wl

Line 93 of extensions-only.wl appears to be malformed:
w 1 1 1 dmse 1 1 1 7z

It should probably be:
w 1 1 1 dms
e 1 1 1 7z