{"id":4244,"date":"2016-09-14T21:51:33","date_gmt":"2016-09-14T16:21:33","guid":{"rendered":"https:\/\/www.qadit.com\/blog\/?p=4244"},"modified":"2016-09-14T21:51:33","modified_gmt":"2016-09-14T16:21:33","slug":"punkspider-a-web-vulnerability-search-engine","status":"publish","type":"post","link":"https:\/\/qadit.com\/blog\/punkspider-a-web-vulnerability-search-engine\/","title":{"rendered":"PunkSPIDER \u2013 A Web Vulnerability Search Engine"},"content":{"rendered":"
\n
\n<\/a><\/p>\n

PunkSPIDER is a global-reaching web vulnerability search engine aimed at web applications. The goal is to allow the user to determine vulnerabilities in websites across the Internet quickly, easily, and intuitively. Please use PunkSPIDER responsibly.<\/p>\n

\"PunkSPIDER<\/p>\n

In simple terms, that means the authors have created a security scanner and the required architecture that can execute a large number of web application vulnerability scans: all at the same time. The tool, or rather arsenal, works off an Apache Hadoop cluster and can handle tens of thousands of scans.<\/p>\n

How Can I See if a Website I Use is Vulnerable?<\/h3>\n

Searching for a specific website is easy! If you know the URL of your site you can simply type the URL in the search box (without https or https) and find your website. Once there you will be presented with the number of vulnerabilities present on the site.<\/p>\n

Let\u2019s try an example together, let\u2019s say you\u2019re looking to check if our the New York Times website https:\/\/www.nytimes.com<\/a> is vulnerable. You could type in www.nytimes.com<\/code> in the search bar, and you should receive a result back that looks like the following:<\/p>\n

\n

\n

\n\n\n
\n<\/td>\n\n
\n

www<\/span>.<\/span>nytimes<\/span>.<\/span>com<\/span><\/p>\n

Scanned<\/span>:<\/span> <\/span>2014<\/span>–<\/span>05<\/span>–<\/span>18T12<\/span>:<\/span>30<\/span>:<\/span>55.000055Z<\/span><\/p>\n

bsqli<\/span>:<\/span>0<\/span> <\/span>|<\/span> <\/span>sqli<\/span>:<\/span>0<\/span> <\/span>|<\/span> <\/span>xss<\/span>:<\/span>0<\/span> <\/span>|<\/span> <\/span>trav<\/span>:<\/span>0<\/span> <\/span>|<\/span> <\/span>mxi<\/span>:<\/span>0<\/span> <\/span>|<\/span> <\/span>osci<\/span>:<\/span>0<\/span> <\/span>|<\/span> <\/span>xpathi<\/span>:<\/span>0<\/span> <\/span>|<\/span> <\/span>Overall <\/span>Risk<\/span>:<\/span>0<\/span><\/p>\n<\/div>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n

The first line gives you the domain of the result. The timestamp field on line 2 is the time that the site was added to our system. Below that is the interesting part, the total number of vulnerabilities found on the website. If you\u2019re non-technical, you can ignore almost every part of that and just look at the Overall Risk field \u2013 this will tell you the risk of visiting a website. <\/p>\n

As a rule of thumb anything with an Overall Risk of 1 should make you very wary, anything with an Overall Risk of greater than 1 you should stay away from entirely.<\/p>\n

What Types of Vulnerabilities does PunkSPIDER Map?<\/h3>\n

Check it out here:<\/p>\n

https:\/\/ift.tt\/1EVyh7U<\/a><\/p>\n<\/section>\n<\/div>\n

via https:\/\/ift.tt\/2c7q5fF<\/p>\n","protected":false},"excerpt":{"rendered":"

PunkSPIDER is a global-reaching web vulnerability search engine aimed at web applications. The goal is to allow the user to determine vulnerabilities in websites across the Internet quickly, easily, and intuitively. Please use PunkSPIDER responsibly. In simple terms, that means the authors have created a security scanner and the required architecture that can execute a … <\/p>\n

Continue reading “PunkSPIDER \u2013 A Web Vulnerability Search Engine”<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[12],"tags":[],"class_list":["post-4244","post","type-post","status-publish","format-standard","hentry","category-itsec"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9AH7Q-16s","_links":{"self":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/4244","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/comments?post=4244"}],"version-history":[{"count":1,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/4244\/revisions"}],"predecessor-version":[{"id":4245,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/4244\/revisions\/4245"}],"wp:attachment":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/media?parent=4244"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/categories?post=4244"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/tags?post=4244"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}