...
Searches with PunkSPIDER may function somewhat differently to what you are used to if you used PunkSPIDER 2.0. In particular, we are more focused on data reduction rather than data overload. This may be a bit counter intuitive for a first-time user, so please read this section before attempting to search PunkSPIDER and sending us an email that getting confused as to why you can't find something anything 
.
Wildcards & Title Searches Are No More
PunkSPIDER no longer allows wildcard searches - why you ask? We've greatly increased our set of results, we feel that allowing wildcard searches opens up the potential for people to do searches like [wildcard]bank[wildcard], that's not coolfull dumps of our database and it also puts a great strain on our limited cloud resources. So if you try to use a wildcard in your search, it won't work and you will get a warning from PunkSPIDER! We also no longer allow Title searches, because this also opens PunkSPIDER up to finding vulnerabilities on types of sites instead of specific sites, for example looking at titles with the word bank.
If you're a security researcher interested in doing analysis on the dataset, we have the entire set available of vulnerabilities here. This dataset is every website we found that has a vulnerability, it does not include sites that we scanned that don't have vulnerabilities. Use this wisely, we're releasing this for research purposes.
More on Advanced Searching/Understanding the Search Engine
...
- Searches can be changed to be additive (AND) or non-additive (OR) in terms of vulnerability filters. In other words if you have OR along with BSQLI and XSS checked, you will find results with BSQLI or XSS vulnerabilities
- Broad searches are purposefully difficult in PunkSPIDER, searching for bank for example will not give you anything with the word bank in the domain, our algorithm searches the beginning and end of a domain, so searching for bank will give you stuff like bank-bank-kan.hi5.com but not www.bankofamerica.com (because it starts with wwwSearches attempt to be intuitive and "just work," essentially a search can be thought of sort of like the following: [wildcard]<your search term>[wildcard]. So if you search for com, your search will essentially be something like *com* which will match anything with the word com in it (including suffixes of .com)
I'm A Pen Tester or Security Researcher, How Can I Use This?
Cool. Part of what we're doing here is allowing you to find obvious bugs in sites that you might be pen testing. I'm hoping PunkSPIDER can both save you a little bit of time if you're doing web applications tests and also allow you to gather active reconnaissance data by using passive reconnaissance techniques (i.e. searching PunkSPIDER as opposed to fuzzing them yourself). Simply type in the domain or domains of the organization you are testing and check the vulnerability boxes one by one to see if they have any SQL, BSQL, or XSS bugs that PunkSCAN has picked upwith the OR field set and check out the results.
If you're interested in finding massive amounts of vulnerabilities for security research or curiosity simply check one of the boxes for a vulnerability and use really broad searches. Some of the more common ones would be something like com or net, sorry but we don't allow wildcard searches anymore.
Aren't quite getting the results you want? Let us know! We scan a massive corpus of websites, fairly representative of the entire Internet's web apps, but it's also possible for us to miss stuff.
...