skipfish是Google推出的一款免费、开源、Web应用程序安全检测工具。skipfish主要特点:
    扫描速度快
    易于使用
    尖端的安全逻辑

目前skipfish更新至2.00b版，新版本主要改变如下：
    Minor bug fix to path parsing to avoid problems with /.$foo/,
    Improved PHP error detection (courtesy of Niels Heinen),
    Improved dictionary logic (courtesy of Niels Heinen) and new documentation of the same,
    Improved support for file.ext keywords in the dictionary,
    Fixed missing content_checks() in unknown_check_callback() (courtesy of Niels Heinen),
    Improved an oversight in dictionary case sensitivity,
    Improved pivots.txt data,
    Support for supplementary read-only dictionaries (-W +dict),
    Change to directory detection to work around a certain sneaky server behavior.
    TODO: Revise dictionaries!!!

工具下载：http://code.google.com/p/skipfish/downloads/detail?name=skipfish-2.00b.tgz&can=2&q=