{"id":4134,"date":"2016-09-13T16:08:04","date_gmt":"2016-09-13T08:08:04","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=4134"},"modified":"2016-09-13T16:24:12","modified_gmt":"2016-09-13T08:24:12","slug":"punkspider-web-vulnerability-search-engine","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2016\/09\/punkspider-web-vulnerability-search-engine\/","title":{"rendered":"PunkSPIDER &#8211;  A Web Vulnerability Search Engine"},"content":{"rendered":"<p>PunkSPIDER is a global-reaching web vulnerability search engine aimed at web applications. The goal is to allow the user to determine vulnerabilities in websites across the Internet quickly, easily, and intuitively. Please use PunkSPIDER responsibly.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.darknet.org.uk\/wp-content\/uploads\/2016\/09\/PunkSPIDER-A-Web-Vulnerability-Search-Engine-640x359.png\" alt=\"PunkSPIDER -  A Web Vulnerability Search Engine\" width=\"640\" height=\"359\" class=\"aligncenter size-medium wp-image-4281\" srcset=\"https:\/\/www.darknet.org.uk\/wp-content\/uploads\/2016\/09\/PunkSPIDER-A-Web-Vulnerability-Search-Engine-640x359.png 640w, https:\/\/www.darknet.org.uk\/wp-content\/uploads\/2016\/09\/PunkSPIDER-A-Web-Vulnerability-Search-Engine-750x420.png 750w, https:\/\/www.darknet.org.uk\/wp-content\/uploads\/2016\/09\/PunkSPIDER-A-Web-Vulnerability-Search-Engine.png 884w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/><\/p>\n<p>In simple terms, that means the authors have created a security scanner and the required architecture that can execute a large number of web application vulnerability scans: all at the same time. The tool, or rather arsenal, works off an Apache Hadoop cluster and can handle tens of thousands of scans.<\/p>\n<h3>How Can I See if a Website I Use is Vulnerable?<\/h3>\n<p>Searching for a specific website is easy! If you know the URL of your site you can simply type the URL in the search box (without http or https) and find your website. Once there you will be presented with the number of vulnerabilities present on the site.<\/p>\n<script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3033787195489589\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<!-- Darknet Responsive Post Ad Links [previously link ad unit] -->\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-client=\"ca-pub-3033787195489589\"\r\n     data-ad-slot=\"5456620019\"\r\n     data-ad-format=\"auto\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script>\n<p>Let&#8217;s try an example together, let&#8217;s say you&#8217;re looking to check if our the New York Times website <a href=\"http:\/\/www.nytimes.com\">http:\/\/www.nytimes.com<\/a> is vulnerable. You could type in <code>www.nytimes.com<\/code> in the search bar, and you should receive a result back that looks like the following:<\/p>\n<pre>www.nytimes.com\r\nScanned: 2014-05-18T12:30:55.000055Z\r\nbsqli:0 | sqli:0 | xss:0 | trav:0 | mxi:0 | osci:0 | xpathi:0 | Overall Risk:0<\/pre>\n<p>The first line gives you the domain of the result. The timestamp field on line 2 is the time that the site was added to our system. Below that is the interesting part, the total number of vulnerabilities found on the website. If you&#8217;re non-technical, you can ignore almost every part of that and just look at the Overall Risk field &#8211; this will tell you the risk of visiting a website. <\/p>\n<p>As a rule of thumb anything with an Overall Risk of 1 should make you very wary, anything with an Overall Risk of greater than 1 you should stay away from entirely.<\/p>\n<h3>What Types of Vulnerabilities does PunkSPIDER Map?<\/h3>\n<ul>\n<li>BSQLI = <a href=\"https:\/\/www.owasp.org\/index.php\/Blind_SQL_Injection\">Blind SQL Injection<\/a><\/li>\n<li>SQLI = <a href=\"https:\/\/www.owasp.org\/index.php\/SQL_Injection\">SQL Injection<\/a><\/li>\n<li>XSS = <a href=\"https:\/\/www.owasp.org\/index.php\/XSS_Attacks\">Cross Site Scripting<\/a><\/li>\n<li>TRAV = <a href=\"https:\/\/www.owasp.org\/index.php\/Path_Traversal\">Path Traversal<\/a><\/li>\n<li>MXI = <a href=\"http:\/\/en.wikipedia.org\/wiki\/Email_injection\">Mail Header Injection or Email Injection<\/a><\/li>\n<li>OSCI = <a href=\"https:\/\/www.owasp.org\/index.php\/OS_Command_Injection\">Operating System Command Injection<\/a><\/li>\n<li>XPATHI = <a href=\"https:\/\/www.owasp.org\/index.php\/XPATH_Injection\">XPath Injection<\/a><\/li>\n<\/ul>\n<p>Check it out here:<\/p>\n<p><a href=\"https:\/\/www.punkspider.org\/\">https:\/\/www.punkspider.org\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>PunkSPIDER is a global-reaching web vulnerability search engine aimed at web applications. The goal is to allow the user to determine vulnerabilities in websites across the Internet quickly, easily, and intuitively. Please use PunkSPIDER responsibly. In simple terms, that means the authors have created a security scanner and the required architecture that can execute a [&hellip;]<\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"PunkSPIDER is a web vulnerability search engine aimed at web applications. The goal is to allow the user to determine vulnerabilities in websites quickly.","_seopress_robots_index":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[10,15],"tags":[5299,770],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Darknet","author_link":"https:\/\/www.darknet.org.uk\/author\/darknet\/"},"_links":{"self":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/4134"}],"collection":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/comments?post=4134"}],"version-history":[{"count":0,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/4134\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/media?parent=4134"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/categories?post=4134"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/tags?post=4134"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}