摘要
Skipfish是Google2010年推出的一款开源Web安全检测工具,与Nikto和Nessus等工具相比,skipfish使用递归抓取和基于字典的探针技术生成交互式目标网站地图,在性能上采用单线程复用技术、自定义的http堆栈和启发式行为分析等技术减少了网络探测流量,使其具有显著的速度优势。文章针对其源码,重点分析了其使用主要的数据结构、执行流程、多I/O异步机制和字典的使用,对于理解Skipfish软件架构和关键技术并以此为基础进行应用扩展和优化提供了有力的帮助。
Skipfish is an open source web security testing tool launched by Google in 2010.Compared with similar tools such as Nikto and Nessus,Skipfish uses recursive crawl and dictionary-based probe technology to generate an interactive map of the target site.The use of multiplexing single-thread,customized http stack,heuristic behavior analysis and other technologies in performance has reduced the network traffic,and gives Skipfish a significant speed advantage.In this paper,skipfish's source code is analyzed,focusing on its major data structures,the implementation process,multiple I/O asynchronous mechanism and the use of dictionaries.The work is helpful to understand skipfish's software architecture and key technology,and use it as a basis for a special expansion and optimization.
出处
《信息网络安全》
2011年第10期34-37,共4页
Netinfo Security
基金
国家博士后基金(20090451241)
江苏省计算机信息处理技术重点实验室基金(2010)