PunkSPIDER – A Web Vulnerability Search Engine


PunkSPIDER is a global-reaching web vulnerability search engine aimed at web applications. The goal is to allow the user to determine vulnerabilities in websites across the Internet quickly, easily, and intuitively. Please use PunkSPIDER responsibly.

PunkSPIDER -  A Web Vulnerability Search Engine

In simple terms, that means the authors have created a security scanner and the required architecture that can execute a large number of web application vulnerability scans: all at the same time. The tool, or rather arsenal, works off an Apache Hadoop cluster and can handle tens of thousands of scans.

How Can I See if a Website I Use is Vulnerable?

Searching for a specific website is easy! If you know the URL of your site you can simply type the URL in the search box (without http or https) and find your website. Once there you will be presented with the number of vulnerabilities present on the site.


Let’s try an example together, let’s say you’re looking to check if our the New York Times website http://www.nytimes.com is vulnerable. You could type in www.nytimes.com in the search bar, and you should receive a result back that looks like the following:

The first line gives you the domain of the result. The timestamp field on line 2 is the time that the site was added to our system. Below that is the interesting part, the total number of vulnerabilities found on the website. If you’re non-technical, you can ignore almost every part of that and just look at the Overall Risk field – this will tell you the risk of visiting a website.

As a rule of thumb anything with an Overall Risk of 1 should make you very wary, anything with an Overall Risk of greater than 1 you should stay away from entirely.

What Types of Vulnerabilities does PunkSPIDER Map?

Check it out here:

https://www.punkspider.org/

Posted in: Exploits/Vulnerabilities, Web Hacking

,


Latest Posts:


Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.
HiddenWall - Create Hidden Kernel Modules HiddenWall – Create Hidden Kernel Modules
HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers.
Anteater - CI/CD Security Gate Check Framework Anteater – CI/CD Security Gate Check Framework
Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of filenames, binaries, deprecated functions, staging variables and more.


Comments are closed.