diff --git a/README.md b/README.md
index 4e07c7c..5d4a8a9 100644
--- a/README.md
+++ b/README.md
@@ -485,6 +485,7 @@ See also *[Intercepting Web proxies](#intercepting-web-proxies)*.
 * [WebReaver](https://www.webreaver.com/) - Commercial, graphical web application vulnerability scanner designed for macOS.
 * [cms-explorer](https://code.google.com/archive/p/cms-explorer/) - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
 * [joomscan](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) - Joomla vulnerability scanner.
+* [skipfish](https://www.kali.org/tools/skipfish/) - Performant and adaptable active web application security reconnaissance tool.
 * [w3af](https://github.com/andresriancho/w3af) - Web application attack and audit framework.
 
 ## Online Resources