Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.
With the below command SkipFish;
-S is used to load that dictionary,
-W to specify an initially empty file for any newly learned site-specific keywords
and -o reduces the risk of persistent effects of a scan is , which inhibits all form parsing and submission steps
./skipfish -W web_scan.wl -S dictionaries/medium.wl -o /root/Desktop/web_scan/ http://altoromutual.com
Once the above command is entered you get be prompted with the SkipFish welcome screen.
The scan is running against the test site.
Once the scan has completed the results are stored within the index.html file.
How the results look when opened inside the browser.