PunkSPIDER is a global-reaching web vulnerability search engine aimed at web applications. The goal is to allow the user to determine vulnerabilities in websites across the Internet quickly, easily, and intuitively.
In simple terms, that means the authors have created a security scanner and the required architecture that can execute a large number of web application vulnerability scans: all at the same time. The tool, or rather arsenal, works off an Apache Hadoop cluster and can handle tens of thousands of scans.
How Can I See if a Website I Use is Vulnerable?
Searching for a specific website is easy! If you know the URL of your site you can simply type the URL in the search box (without http or https) and find your website. Once there you will be presented with the number of vulnerabilities present on the site.
Let’s try an example together, let’s say you’re looking to check if the New York Times website http://www.nytimes.com is vulnerable. You could type in
www.nytimes.com in the search bar, and you should receive a result back that looks like the following:
bsqli:0 | sqli:0 | xss:0 | trav:0 | mxi:0 | osci:0 | xpathi:0 | Overall Risk:0
The first line gives you the domain of the result. The timestamp field on line 2 is the time that the site was added to our system. Below that is the interesting part, the total number of vulnerabilities found on the website. If you’re non-technical, you can ignore almost every part of that and just look at the Overall Risk field – this will tell you the risk of visiting a website.
As a rule of thumb anything with an Overall Risk of 1 should make you very wary, anything with an Overall Risk of greater than 1 you should stay away from entirely.
What Types of Vulnerabilities does PunkSPIDER Map?
- BSQLI = Blind SQL Injection
- SQLI = SQL Injection
- XSS = Cross Site Scripting
- TRAV = Path Traversal
- MXI = Mail Header Injection or Email Injection
- OSCI = Operating System Command Injection
- XPATHI = XPath Injection
Check it out here: