Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 22 Current »

The Basics

PunkSPIDER is a global-reaching web application vulnerability search engine. The goal is to allow the user to determine vulnerabilities in websites across the Internet quickly, easily, and intuitively. Please use PunkSPIDER responsibly. Our search patterns have recently changed, so please read this carefully!

How Can I See if a Website I Use is Vulnerable?

Searching for a specific website is easy! If you know the URL of your site you can simply type the URL in the search box (without http or https) and find your website. Once there you will be presented with the number of vulnerabilities present on the site.

Let's try an example together, let's say you're looking to check if our the New York Times website http://www.nytimes.com is vulnearble. You could type in www.nytimes.com in the search bar, and you should receive a result back that looks like the following:

www.nytimes.com
Scanned: 2014-05-18T12:30:55.000055Z
bsqli:0 | sqli:0 | xss:0 | trav:0 | mxi:0 | osci:0 | xpathi:0 | Overall Risk:0

The first line gives you the domain of the result. The Timestamp field on line 2 is the time that the site was added to our system. Below that is the interesting part, the total number of vulnerabilities found on the website. If you're non-technical, you can ignore almost every part of that and just look at the Overall Risk field - this will tell you the risk of visiting a website. As a rule of thumb anything with an Overall Risk of 1 should make you very wary, anything with an Overall Risk of greater than 1 you should stay away from entirely.

How Do I Get More Details On Vulnerabilities Found?

If you find a website has a vulnerability you can get details on it by clicking on the show details next to the vulnerabilities.

www.race360.com
Scanned: 2014-05-18T12:30:55Z
bsqli:0 | sqli:3 | xss:0 | trav:0 | mxi:0 | osci:0 | xpathi:0 | Overall Risk:2 hide details

Type: sqli
Protocol: http
Parameter: method
Vulnerability URL: http://www.race360.com/memberslogon.asp?r=%2Fclubs%2Fenrollment.asp%3F&method=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%23--%27%40%21%5C&f=y


Type: sqli
Protocol: http
Parameter: eventid
Vulnerability URL: http://www.race360.com/marathonracesdetail.asp?eventid=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%23--%27%40%21%5C


Type: sqli
Protocol: http
Parameter: r
Vulnerability URL: http://www.race360.com/memberslogon.asp?r=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%23--%27%40%21%5C&method=a&f=y

The first 2 lines give you the type of vulnerability and the protocol (http or https). The next two lines provide you with the exact URL in which the vulnerability was found along with the parameter that allowed the injection to take place - if you click this link, you are technically probing a website for this vulnerability, this may be considered impolite. When you're done you can click on the hide details to collapse it.

Broad Searches and Advanced Searching

Searches with PunkSPIDER may function somewhat differently to what you are used to if you used PunkSPIDER 2.0. In particular, we are more focused on data reduction rather than data overload. This may be a bit counter intuitive for a first-time user, so please read this section before attempting to search PunkSPIDER and sending us an email that you can't find something (smile).

Wildcards & Title Searches

PunkSPIDER no longer allows wildcard searches - why you ask? We've greatly increased our set of results, we feel that allowing wildcard searches opens up the potential for people to do searches like [wildcard]bank[wildcard], that's not cool. So if you try to use a wildcard in your search, it won't work and you will get a warning from PunkSPIDER! We also no longer allow Title searches, because this also opens PunkSPIDER up to finding vulnerabilities on types of sites instead of specific sites.

If you're a security researcher interested in doing analysis on the dataset, we have the entire set available here. This dataset is every website we found that has a vulnerability, it does not include sites that we scanned that don't have vulnerabilities.

More on Advanced Searching/Understanding the Search Engine

For most searches, simply typing the domain of the URL you're looking for without thinking too much should work just fine (e.g. www.nytimes.com). For more advanced searching needs, however, it is important to note a few things about searching with PunkSPIDER:

  • Searches can be changed to be additive (AND) or non-additive (OR) in terms of vulnerability filters. In other words if you have OR along with BSQLI and XSS checked, you will find results with BSQLI or XSS vulnerabilities
  • Broad searches are purposefully difficult in PunkSPIDER, searching for bank for example will not give you anything with the word bank in the domain, our algorithm searches the beginning and end of a domain, so searching for bank will give you stuff like bank-bank-kan.hi5.com but not www.bankofamerica.com (because it starts with www)

I'm A Pen Tester or Security Researcher, How Can I Use This?

Cool. Part of what we're doing here is allowing you to find obvious bugs in sites that you might be pen testing. I'm hoping PunkSPIDER can both save you a little bit of time if you're doing web applications tests and also allow you to gather active reconnaissance data by using passive reconnaissance techniques (i.e. searching PunkSPIDER as opposed to fuzzing them yourself). Simply type in the domain or domains of the organization you are testing and check the vulnerability boxes one by one to see if they have any SQL, BSQL, or XSS bugs that PunkSCAN has picked up.

If you're interested in finding massive amounts of vulnerabilities for security research or curiosity simply check one of the boxes for a vulnerability and use really broad searches. Some of the more common ones would be something like com or net.

Aren't quite getting the results you want? Let us know! We scan a massive corpus of websites, fairly representative of the entire Internet's web apps, but it's also possible for us to miss stuff.

If you're interested in programmatic access to our PunkSPIDER results, the API is completely open. We ask that you don't crush us with traffic, limiting your requests to about 1 per second or so.

I'm Not In the Security Field, I Don't Know What SQLi, BSQLi, XSS, etc. Means

No worries, you don't have to. All you need to know: they're bad. They allow others to potentially steal your sensitive information and you don't want them on your site or a site that you visit.

I Want to Use PunkSPIDER to "Hack the Planet"

That is so 90s. Also don't.

I'm New to the Whole Website Vulnerability Thing and I have More Questions

First, check this page out. If you still have more questions, no worries, shoot us an email at punkspider@hyperiongray.com, we can answer all of your questions there! If you would please put something to indicate that you're a human so we'll know you're not a spam bot - a quick sentence or a haiku is always nice. If you have a private question just email it to punkspider@hyperiongray.com and we'll respond as soon as possible.

I'm interested in Knowing More and I Have More Questions

Cool, same process as above. Shoot us an email at punkspider@hyperiongray.com.

  • No labels