Author Topic: PunkSPIDER  (Read 5172 times)

0 Members and 2 Guests are viewing this topic.

Offline vezzy

  • Royal Highness
  • ****
  • Posts: 771
  • Cookies: 172
    • View Profile
PunkSPIDER
« on: February 25, 2013, 02:50:43 am »
http://punkspider.hyperiongray.com/

This is new and has recently been getting attention, notably from Slashdot and The Register. It was also presented at ShmooCon 2013.

From the About page:

Quote
PunkSPIDER is a global web application vulnerability search engine powered by PunkSCAN. What that means is that we have built a scanner and architecture that can handle a massive number of web application vulnerability scans, set it loose on the Internet, and made the results available to you. It runs off of an Apache Hadoop cluster and is able to handle tens of thousands of scans every day.

Current tools are able to perform a limited number of scans, and are not built for stability, they're meant for single websites (they also crash a lot and often get caught in infinite loops, but we'll stop complaining now). Because PunkSPIDER is built on an extremely scalable architecture and is built for stability, the number of scan results that the framework can produce per day unattended is virtually limitless.

There are various potential applications to PunkSPIDER. The first is to aid organizations in vulnerability detection and mitigation of their publicly available assets. Not every organization has access to a diligent security team that can perform regular vulnerability checks against their web apps. Using PunkSPIDER an organization can simply type in their URL and know whether they have critical vulnerabilities that need fixing.

Furthermore, Hyperion Gray believes in open information, and we believe that the general public should have vulnerability scan information on the sites to which it is entrusting its oftentimes critical information. The bad guys have access to this information, so why shouldn't you?  Using PunkSPIDER, you can check whether that store you have saved your credit card info to is terribly insecure and leaking your information all over the place.

You can download source code for PunkSCAN in our Code/Downloads section. Please contact punkspider@hyperiongray.com if you'd like to know more or would like to help out with the PunkSPIDER project.
Quote from: Dippy hippy
Just brushing though. I will be semi active mainly came to find a HQ botnet, like THOR or just any p2p botnet

Offline aichi

  • /dev/null
  • *
  • Posts: 8
  • Cookies: 2
  • aichi ninja
    • View Profile
    • aichi-ninja's github
Re: PunkSPIDER
« Reply #1 on: March 11, 2013, 06:53:55 am »
No scan I did returned any results, not even on vulnerable servers.
-- silence is not a virtue
http://aichi-ninja.blogspot.com/