PunkSpider – the Web Exploits Search Engine – rises from death

by -
Photo: Sean Gallup (Getty Images)

techno.rentetan.com – The controversial tool could keep a wave of easy hacks checked or unlocked.

One of the Web’s most controversial cybersecurity projects will be revived next week. Pokspider, mainly a web-based tool for creating a web-based searchable database of hackable sites, will be resurfaced next week, WIRED reports. This is their first time since darkness came in 2015. This is the tool.

In short, PunkSpider works by scanning sites on the open internet automatically and “fuzzing.” Especially hacker speaking to feed data into a website’s code to see which vulnerabilities jump out. PunkSpider will then search for sites that could lead to some of the common exploits in an arsenal of hackers, such as SQL injections and scripting of cross-Sites. Although these are considered to be quite easy to remove (and protect from), tons of sites throughout the web are wide open.

Back in 2019, for example, HackerOne showed that white-hat hackers reported the aforementioned cross-site scripts, which basically allow hackers to inject malicious links to otherwise benign (and sometimes neglected) sites, were the top vulnerability in their bug bounty program. More recently, we have seen a few prominent sites such as the far right refuge Gab being hit by SQL injections; in Gab’s case, 70 gigabytes of its user’s data have finally been leaked.

Ten years ago, PunkSpiders original iteration of Dev Alejandro Caceres and of its software firm, Hyperion Gray, started the pet project of the software. But Caceres soon met with technical – and tax – blocks that led to the scanning of the web only once a year, before it collapsed completely. However, the Virginia-based technology company QOMPLX acquired Hyperion Gray earlier this year and announced that PunkSpider will be rebooting not long after that.

The new project will include an extension of the Chrome browser to check the websites you visit to identify possible security defaults that users can search through a site URL or the type of vulnerability they are curious of. PunkSpider will assign a rating on a given site, depending on how crooked a site is by bugs, using the “fire-dump” rating system which rates (as the name suggests) the amount of a site security dumpster.

However, there is always an ethical question that comes with releasing them to the public with one of these sort of hackers-friendly search engines — like PunchSprider, Shode or Censys. On one hand, it could convince the site operator to get its shit together and close this gap when tipped away from a site vulnerability. On the other hand, having a list of easily accessible sites means that everyone, good or bad, can walk about free.

That means there’s a very real possibility that some of these sites will be opened for dangerous attacks that they won’t otherwise suffer for the cyber Security community as all the good tools of Caceres can do. At the very least, this motivates these operators to take their safety seriously.