• Back

Blog

Punkspider & SpiderFoot Join Forces

QOMP­­­LX Collaborates with Widely Used OSINT Tool SpiderFoot to Expand Availability of Punkspider

The spiders unite! QOMPLX is excited to announce a new collaboration with SpiderFoot to integrate Punkspider findings into the popular automated Open-Source Intelligence (OSINT) platform. Released live today, this integration expands the reach of Punkspider and further QOMPLX’s goal of increasing awareness of the dire state of basic web security, while responsibly providing website owners, operators and security professionals with additional useful tools and disclosures to address key vulnerabilities.

This past weekend at DEFCON 29, Punkspider’s creators delivered a major presentation highlighting its newest feature, a web browser extension that shows users how risky their browsing sessions are with an easy to understand “trip report”. Punkspider’s simple interface helps users visualize their journey around the web and how to avoid “dumpster fires”, websites with common but serious vulnerabilities.

The new SpiderFoot-Punkspider module includes the same information as the Punkspider browser extension but offers another insightful interface for thousands of security professionals using SpiderFoot to assess organizational risk. As with the browser extension, full vulnerability details are not included in the SpiderFoot module.

Steve Micallef, founder and creator of SpiderFoot, said “After hearing about PunkSpider’s reboot, I was excited to get PunkSpider’s insights into SpiderFoot users’ hands since the public knowledge of any vulnerabilities present on a website is really valuable intelligence for defenders. The team have been amazingly collaborative and share our vision of giving defenders the data they need to identify and fix issues before the bad guys find them.”

“We look forward to continued collaboration with Steve and others in the industry as we release Punkspider in a responsible and effective way that protects site owners and the average consumer with the goal of improving basic web security for everyone,” said Rich Kelley, Vice President of Applied Research at QOMPLX.

For more information about how Punkspider includes robust safeguards to curb misuse, please read our responsible disclosure policy here.

About SpiderFoot

First released in 2005, SpiderFoot was born from the idea that security professionals need a single interface aggregating information about their targets. SpiderFoot helps defenders find this data and make it understandable to ascertain the security posture of their target, whether it be their own organization, their client, or their adversary.

About Punkspider Reboot

Leveraging a combination of distributed computing and proprietary data, Punkspider performs internet scale reconnaissance and spots vulnerabilities across a vast array of public website. Punkspider was originally launched by Alex Caceres and the Hyperion Gray team and was a widely used tool within the cyber community after its initial unveiling at DEFCON 21 in 2013. Today, Punkspider is supported by an expanded and dedicated engineering team at QOMPLX with major architecture and performance updates that provide significant stability and functionality improvements. It builds on a modern distributed architecture with scalability at every turn and handles volume in the billions - including maintaining these results on a consistently updated basis.