Summary of PunkSPIDER Web show with asked questions

Summary of PunkSPIDER Web show with asked questions

Henry Dalziel | General Hacking Posts, Hacker Hotshots, Pentesting Tools, Product Reviews | May 3, 2013

We love PunkSPIDER and PunkSCAN.

PunkSPIDER is the best thing since sliced bread and grilled cheese. PunkSPIDER is a great service and Alejandro during our Concise Courses Hacker Hotshot event not only really explained it very well – but with a depth of passion that we have rarely seen on our information security web show. Trust me, out of all the information security and assurance shows we have done – this is one not to miss. The PunkSPIDER and PunkSCAN service looks like it is going to be around for a while and we really encourage you to use the service and add it to your pentesting tool box.

So what’s PunkSPIDER again?
We’ve written a bunch on the subject (WTF is PunkSPIDER is probably the best place to start if you are completely new) and never get bored of posting new stuff about this awesome project. Some of the reasons we like it are that it is not only useful but it is also very powerful. It aids pentesters and security professionals identify vulnerabilities with significant ease.

Got questions?
Viewers and Concise Courses asked various questions to Alejandro (the co-deveoper) which he more than happily answered. They were:

(If you have a question please visit the page and post your comment or question. We can post a reply for you!).

  • How is PunkSPIDER different to SHODAN? What is the main difference?
  • How would you like the PunkSPIDER project to develop? Perhaps becoming an ‘industry standard for pentesters?’
  • You mentioned that PunkSPIDER respects a robots file, would an .htaccess file placed on a server block PunkSCAN?
  • At Concise Courses we have an interest in SCADA – can the program be tweaked to hit and scan known SCADA vulnerabilities?
  • There was a recent massive wordpress attack looking for admin default passwords and using brute force. Could PunkSPIDER have been used for that purpose – i.e. scanning for weak default passwords? Reason I ask is because it would help people firm up wordpress.
  • Could you explain the PunkSPIDER scoring system?
  • Are you aware of any companies that are using PunkSPIDER or using it to generate business?
    There are going to be many people watching this that are going to be like: A, what you are doing and B, loving your energy because you clearly love what you are doing which is amazing and will be inspired by what you – the question is, how did you get together with your team? How did this all happen, what was the process and is there any advice that you can share with your peers in essence that want to develop something themselves and put a team together as well?

One of the key things we discussed was the difference between PunkSPIDER, Metasploit and SHODAN. We recently posted an overview of the Metaploit Framework for beginners, and if you are interested in that then you should certainly also check out PunkSPIDER.

Have you used PunkSPIDER? Do you have any comments to add? We’d love to hear from you!

Leave a comment or reply below...thanks!