PunkSPIDER - Web Application Vulnerability Search Engine

PunkSPIDER - Web App Vulnerability Search Engine

PunkSPIDER is a web application vulnerability search engine powered by PunkScan.

If you don't know anything about PunkScan, read this:

PunkSCAN is a ridiculously stable and fast distributed mass web application scanner. It is intended to deeply scan a massive number of targets, looking for common vulnerabilities. 

It can be set up to continuously scan said targets and handle errors gracefully without compromising the rest of the job. It works by leveraging an existing Hadoop cluster to greatly improve scan time, depth, performance, and stability.

How To Use PunkSPIDER

First, go to www.punkspider.org

PunkSPIDER.org snapshot

Enter a URL or a search term in the box and then configure the search according to your needs.

After configuring the search, click on the "Search!" button.

It will show you the results almost instantaneously:

PunkSPIDER Search results

As you can see in the above image, the first line of a result gives you the domain of the result. The Timestamp field on line 2 is the time that the site was added to the PunkSPIDER system.

Below that is the interesting part, the total number of vulnerabilities found on the website. You can get more details about the vulnerabilities by clicking on the "show details".

Search result details

In the details section, the first 2 lines give you the type of vulnerability and the protocol (HTTP or HTTPS). The next two lines provide you with the exact URL in which the vulnerability was found along with the parameter that allowed the injection to take place. If you click on the link, you are technically probing the website for that vulnerability, this may be considered impolite.

When you're done, you can click on the "hide details" to collapse it.

That's all. I hope you liked reading this article. 

If you find this article worthy, please share...


No comments

Powered by Blogger.