You should see several files in the directory, as shown below:
tar xzf skipfish-2.02b.tgz
In the Terminal window, execute this command:
cp dictionaries/minimal.wl skipfish.wl
./skipfish -o /tmp/skip1 -A guest:guest -m 5 -LVY -X -u "http://192.168.5.93/webgoat/attack"
Replace the IP address with the real address of your WebGoat target machine.
Note: each time you run Skipfish, you must specify a new directory for output (-o). If you run it again, use /tmp/skip2, etc.
When Skipfish starts, you will see this screen:
While it is running, you will see messages like this:
When it finishes, you will see this:
At the top, a summary appears, showing counts of vulnerabilities with colored dots. The red dot indicates the most dangerouos problems:
Scroll down to see a more detailed list:
Click the red item to expand it, showing each URL tested, and the exact test that was performed: