Henry Dalziel | Latest InfoSec News, Pentesting Tools, Product Reviews | April 17, 2013

The guys behind PunkSPIDER sum it up well: “If we’re not raising some eyebrows, we’re not doing our job properly.” In our opinion, that is what information security is all about. Thinking like your adversary is the best way to predict and defend against advanced persistent threats. PunkSPIDERS’s creators provide powerful cyber security-focused tools to the community, and with this particular pentesting tool, they certainly raised the bar.

So what is PunkSPIDER?
PunkSPIDER is a global web application vulnerability search engine powered by PunkSCAN. In simple terms, that means that they have created a security scanner and the required architecture that can execute a large number of web application vulnerability scans: all at the same time. The tool, or rather arsenal, works off an Apache Hadoop cluster and can handle tens of thousands of scans.

Anything you can do we can do better
What about the current pentesting tools in the hackosphere? To summarize our research into PunkSPIDER, the reason why PunkSPIDER seems to fare so well is because the current suite of pentesting tools can only perform a fixed amount of scans, and are not that great with stability (for the most part). In addition, a lot of the comparable tools are designed to operate for single websites whereas PunkSPIDER is built on an extremely scalable architecture and was designed bottom-up for stability, with the end result being more scanning uptime.

The main man is Alejandro Caceres, CTO at Hyperion Gray, who presented the PunkSPIDER tool at ShmooCon 2013 this February.

Have you used this application? We’d love to have your thoughts below. Thanks!

Leave a comment or reply below...thanks!