PunkSPIDER Search Help

Owned by Alejandro Caceres
Last updated: Mar 21, 2015

The Basics

PunkSPIDER is a global-reaching web application vulnerability search engine. The goal is to allow the user to determine vulnerabilities in websites across the Internet quickly, easily, and intuitively. Please use PunkSPIDER responsibly. Our search patterns have recently changed, so please read this carefully!

How Can I See if a Website I Use is Vulnerable?

Searching for a specific website is easy! If you know the URL of your site you can simply type the URL in the search box (without http or https) and find your website. Once there you will be presented with the number of vulnerabilities present on the site.

Let's try an example together, let's say you're looking to check if our the New York Times website http://www.nytimes.com is vulnearble. You could type in www.nytimes.com in the search bar, and you should receive a result back that looks like the following:

www.nytimes.com
Scanned: 2014-05-18T12:30:55.000055Z
bsqli:0 | sqli:0 | xss:0 | trav:0 | mxi:0 | osci:0 | xpathi:0 | Overall Risk:0

The first line gives you the domain of the result. The Timestamp field on line 2 is the time that the site was added to our system. Below that is the interesting part, the total number of vulnerabilities found on the website. If you're non-technical, you can ignore almost every part of that and just look at the Overall Risk field - this will tell you the risk of visiting a website. As a rule of thumb anything with an Overall Risk of 1 should make you very wary, anything with an Overall Risk of greater than 1 you should stay away from entirely.

How Do I Get More Details On Vulnerabilities Found?

If you find a website has a vulnerability you can get details on it by clicking on the show details next to the vulnerabilities.

www.race360.com
Scanned: 2014-05-18T12:30:55Z
bsqli:0 | sqli:3 | xss:0 | trav:0 | mxi:0 | osci:0 | xpathi:0 | Overall Risk:2 hide details

Type: sqli
Protocol: http
Parameter: method
Vulnerability URL: http://www.race360.com/memberslogon.asp?r=%2Fclubs%2Fenrollment.asp%3F&method=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%23--%27%40%21%5C&f=y


Type: sqli
Protocol: http
Parameter: eventid
Vulnerability URL: http://www.race360.com/marathonracesdetail.asp?eventid=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%23--%27%40%21%5C


Type: sqli
Protocol: http
Parameter: r
Vulnerability URL: http://www.race360.com/memberslogon.asp?r=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%23--%27%40%21%5C&method=a&f=y

The first 2 lines give you the type of vulnerability and the protocol (http or https). The next two lines provide you with the exact URL in which the vulnerability was found along with the parameter that allowed the injection to take place - if you click this link, you are technically probing a website for this vulnerability, this may be considered impolite. When you're done you can click on the hide details to collapse it.

Broad Searches and Advanced Searching

Searches with PunkSPIDER may function somewhat differently to what you are used to if you used PunkSPIDER 2.0. In particular, we are more focused on data reduction rather than data overload. This may be a bit counter intuitive for a first-time user, so please read this section before attempting to search PunkSPIDER and getting confused as to why you can't find anything (smile).

Wildcards & Title Searches Are No More

PunkSPIDER no longer allows wildcard searches - why you ask? We've greatly increased our set of results, we feel that allowing wildcard searches opens up the potential for people to do full dumps of our database and it also puts a great strain on our limited cloud resources. So if you try to use a wildcard in your search, it won't work and you will get a warning from PunkSPIDER! We also no longer allow Title searches, because this also opens PunkSPIDER up to finding vulnerabilities on types of sites instead of specific sites, for example looking at titles with the word bank.

If you're a security researcher interested in doing analysis on the dataset, we have the entire set of vulnerabilities here. This dataset is every website we found that has a vulnerability, it does not include sites that we scanned that don't have vulnerabilities. Use this wisely, we're releasing this for research purposes.

More on Advanced Searching/Understanding the Search Engine

For most searches, simply typing the domain of the URL you're looking for without thinking too much should work just fine (e.g. www.nytimes.com). For more advanced searching needs, however, it is important to note a few things about searching with PunkSPIDER:

  • Searches can be changed to be additive (AND) or non-additive (OR) in terms of vulnerability filters. In other words if you have OR along with BSQLI and XSS checked, you will find results with BSQLI or XSS vulnerabilities
  • Searches attempt to be intuitive and "just work," essentially a search can be thought of sort of like the following: [wildcard]<your search term>[wildcard]. So if you search for com, your search will essentially be something like *com* which will match anything with the word com in it (including suffixes of .com)

I'm A Pen Tester or Security Researcher, How Can I Use This?

Cool. Part of what we're doing here is allowing you to find obvious bugs in sites that you might be pen testing. I'm hoping PunkSPIDER can both save you a little bit of time if you're doing web applications tests and also allow you to gather active reconnaissance data by using passive reconnaissance techniques (i.e. searching PunkSPIDER as opposed to fuzzing them yourself). Simply type in the domain or domains of the organization you are testing and check the vulnerability boxes with the OR field set and check out the results.

If you're interested in finding massive amounts of vulnerabilities for security research or curiosity simply check one of the boxes for a vulnerability and use really broad searches. Some of the more common ones would be something like com or net, sorry but we don't allow wildcard searches anymore.

Aren't quite getting the results you want? Let us know! We scan a massive corpus of websites, fairly representative of the entire Internet's web apps, but it's also possible for us to miss stuff.

If you're interested in programmatic access to our PunkSPIDER results, the API is completely open. We ask that you don't crush us with traffic, limiting your requests to about 1 per second or so.

I'm Not In the Security Field, I Don't Know What SQLi, BSQLi, XSS, etc. Means

No worries, you don't have to. All you need to know: they're bad. They allow others to potentially steal your sensitive information and you don't want them on your site or a site that you visit.

I Want to Use PunkSPIDER to "Hack the Planet"

That is so 90s. Also don't.

I'm New to the Whole Website Vulnerability Thing and I have More Questions

First, check this page out. If you still have more questions, no worries, shoot us an email at punkspider@hyperiongray.com, we can answer all of your questions there! If you would please put something to indicate that you're a human so we'll know you're not a spam bot - a quick sentence or a haiku is always nice. If you have a private question just email it to punkspider@hyperiongray.com and we'll respond as soon as possible.

I'm interested in Knowing More and I Have More Questions

Cool, same process as above. Shoot us an email at punkspider@hyperiongray.com.