skipfish是Google推出的一款免费、开源、Web应用程序安全检测工具。skipfish主要特点:
扫描速度快
易于使用
尖端的安全逻辑
目前skipfish更新至2.01b版，新版本主要改变如下：
  Substantial improvement to SQL injection checks.
  Improvements to directory traversal checks (courtesy of Niels Heinen).
  Fix to numerical brute-force logic.
  Major improvement to directory brute force: much better duplicate elimination in some webserver configurations.
  Added a check for attacker-controlled prefixes on inline responses. This currently leads to UTF-7 BOM XSS, Flash, Java attacks (thanks to Niels Heinen).
工具下载:http://code.google.com/p/skipfish/downloads/list