What's going on here, how do I use this?
The idea behind PunkSPIDER is very simple - we're doing a bunch of complicated stuff to find insecurities in websites. This search engine just provides a simple way for you to find out if we've found vulnerabilities in a website that you use or own. There's just a few things that you need to know to get started.
Why should I care?
Vulnerabilities in websites can be devastating to you as a user. If a website is storing your sensitive information, a single vulnerability could potentially cause this information to be stolen. For sites that aren't storing your information, they can be riddled with malware or other nasty things - these websites should be avoided. For website owners, having a dangerous website can obviously be bad for business if you get hacked and have to tell your customers that you've lost their information or that they contracted malware from your website.
Searching for stuff
Searching for stuff is easy. In most cases, just type in a part of a URL like google when searching for google.com or hyperiongray when searching for websites in the domain of hyperiongray.com. If you need more advanced search help check out this link here.
OK, I found the website I want, what now? How do I use this information?
Well, in simplest terms, if the website you searched for has any vulnerabilities, you should avoid that website. If you absolutely can't avoid it all together, at least avoid giving the website any of your personal or financial information. If you absolutely must create an account on that website, don't re-use any usernames or passwords from any of your other accounts.
Let's do an example together. Let's say you're worried that Hyperion Gray's website has a vulnerability. The website is located at http://www.hyperiongray.com. So you've typed in hyperiongray in the search bar and come back with this:
The stuff below the Timestamp field shows the 7 types of vulnerabilities that PunkSPIDER is checking for and the results of our check. If you see anything other than 0's, BE CAREFUL on that website! Avoid it if you can and be very cautious if you can't. One very important thing to note is that if we found 0 vulnerabilities, that does not necessarily mean they don't exist, it just means that we haven't found any yet. We're here to help but your most important tool is always your own best judgement
If you are new to web security, this probably looks like a bunch of nonsense, but these are abbreviations for the vulnerabilities that we're checking for. You can read about each one in layman's terms at the links below, but you don't really need to know the details if you're just a casual user, the above information should be enough to get you started. If you're curious, however, feel free to read on!
- BSQLI = Blind SQL Injection https://www.owasp.org/index.php/Blind_SQL_Injection
- SQLI = SQL Injection https://www.owasp.org/index.php/SQL_Injection
- XSS = Cross Site Scripting https://www.owasp.org/index.php/XSS_Attacks
- TRAV = Path Traveral https://www.owasp.org/index.php/Path_Traversal
- MXI = Mail Header Injection or Email Injection http://en.wikipedia.org/wiki/Email_injection
- OSCI = Operating System Command Injection https://www.owasp.org/index.php/OS_Command_Injection
- XPATHI = XPath Injection https://www.owasp.org/index.php/XPATH_Injection
I still have more questions
No problem! Just email us at firstname.lastname@example.org and ask away. We're friendly and responsive, so don't be shy!