The author of PUNKSpider talks to Concise Courses

The author of PUNKSpider talks to Concise Courses

Henry Dalziel | Hacker Hotshots, Pentesting Tools | April 23, 2013

Alejandro Caceres will be on Hacker Hotshots May 2nd 12 EST/ 9PST.

Alejandro’s presentation and talk will be: “PunkSPIDER: An Open Source, Scalable Distributed Fuzzing Project Targeting the Entire Internet”

The security scanner (aka PunkSPIDER) has raised a few eyebrows in the community and that’s why we are really looking forward to welcome Alejandro. Amongst other things we will be discussing two major topics:

Firstly – sharing information regarding the inner workings of PunkSPIDER and its custom-written scanner, PunkSCAN. Hopefully there will be time to demonstrate how basic techniques in offensive security can be amplified using distributed computing.

Secondly – we will be establishing a basic understanding of PunkSPIDER, something which will be achieved as we weave in all the possible uses for PunkSPIDER.

Amazing….We really hope you can join us!

What is PUNKSpider?
We recently posted a brief summary or rather review of PUNKSpider but in summary this is what PUNKSpider is: PunkSPIDER is defined as being a global web application vulnerability search engine powered by PunkSCAN. PunkSCAN can cope with massive amounts of data specifically to check and scan for web application vulnerabilities. The key thing is that it can compute thousands of scans every day.

It is hoped that this service will be used by penetration testers and so far it seems that the feedback has been very positive. There has been a degree of criticism in the sense that they (the developers) have been accused of giving a tool to make script-kiddies life easier.

In response to this, here’s a quote directly from Alejandro.

“We’re not giving script kiddies any information that they can’t get on their own. In fact any and every website on the public internet is likely to get scanned for vulnerabilities by someone within weeks of going up. If the average website owner could plug in an IDS and watch the traffic on their website, they could see this for themselves – I do this in my day job and it’s admittedly pretty astonishing.”

Leave a comment or reply below...thanks!