skipfish是Google推出的一款免费、开源、Web应用程序安全检测工具。skipfish主要特点:
    High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving  2000 requests  per second with responsive  targets.
    Ease of use: heuristics to support a variety  of quirky web frameworks and mixed-technology sites, with automatic  learning capabilities, on-the-fly wordlist creation, and form  autocompletion.
    Cutting-edge security logic: high quality, low false positive, differential security checks, capable  of spotting a  range of subtle flaws, including blind injection vectors.
目前skipfish已经更新至1.9.1b版,新版主要改变如下:
 Minor fix to pivots.txt.
工具下载:http://code.google.com/p/skipfish/downloads/detail?name=skipfish-1.91b.tgz&can=2&q=