Punkspider, the renowned web vulnerability scanner, is re-launching and bringing free, powerful, scalable web vulnerability scanning capabilities to security teams and security practitioners.
Punkspider 5.0 will vastly expand the scale of Punkspider’s scanning and add to its detections, with a priority on spotting OWASP Top 10 vulnerabilities. The new update to the tool is the largest ever and the first in 3 years. It was made possible by the recent acquisition of Punkspider’s parent company, Hyperion Gray, by QOMPLX, the leader in cloud-native risk analytics.
Google for the “Broken Web”
Heralded as the “Google of the Broken Web,” Punkspider has been democratizing web vulnerability scanning since it was launched in 2013. Designed by Alejandro Caceres and the Hyperion Gray team, Punkspider was funded by the Pentagon's Defense Advanced Research Project Agency (DARPA)It crawls and identifies vulnerabilities across the entire public web including commonly exploited vulnerabilities like Cross-Site Scripting, SQL Injection, and Path Traversal.
Widely used within the information security community, Punkspider has been demonstrated at leading industry events including ShmooCon in Washington D.C. and the DEF CON Conference in Las Vegas and gained a large base of users. As part of QOMPLX, the project gained dedicated development and operational resources to conduct even larger scans of the web and to substantially refine and reimagine Punkspider’s features.
Version 5.0 Launch
Punkspider’s dedicated engineering and information security experts have gone to work architecting, updating, and providing stability and functionality improvement. Version 5.0 improves Punkspider’s scalability compared with earlier releases, leveraging a modern distributed architecture capable of scanning web domains in the billions, and with scan results updated regularly.
Version 5.0 also debuts Punkspider’s newest feature, a web browser extension that shows users how risky their browsing sessions are with an easy-to-understand “trip report.” With realtime knowledge of a web site’s vulnerabilities, users can steer around web security “dumpster fires” that may put their security and privacy at risk.
Web Scanning: More Important Than Ever
The ability to assess risky web sites is more important than ever before. Sophisticated adversaries target vulnerable sites to create “watering hole” attacks that can plant malware or harvest sensitive credentials as the first stage in long-term intrusions. Attacks via compromised websites have been used by cyber criminals.
The update to Punkspider will greatly augment the toolkit for ordinary web surfers as well as corporate security teams, independent auditors and more. It will provide a powerful and free resource that can be used in lieu of expensive, proprietary scanning tools.
Key to the update is an expanded list of detections that give users insight into OWASP Top 10 vulnerabilities - the most commonly found web vulnerabilities. These include injection flaws - such as SQL injection - cross site scripting and broken authentication.
Knowledge (of Vulns) is Power!
“Knowledge is power, and we want to empower regular consumers and security professionals - we all need a shared perspective on how dangerous the sites we visit on the web really are. So we’ve remade Punkspider for everyone,” said QOMPLX CEO Jason Crabtree. “Not only will Punkspider sport all of its earlier features, but our reboot expanded coverage across the OWASP top 10.”
“Punkspider has always been about bringing a hacker mindset to cybersecurity and it’s been my passion project for years,” said Caceres who is the Director of Computer Network Exploitation at QOMPLX and Founder of Hyperion Gray. “I’m thrilled we are bringing it back—better than ever—to help everyone protect themselves and their companies online. It’s a bad day for the bad guys,'' said Caceres.
The new version of Punkspider will soon be available at punkspider.io and the web browser extension with trip report, is currently available at Punkspider Extension. To get notified about the Punkspider 5.0 release, insights and updates, use the form below to sign up!