Sign In

Communications of the ACM

ACM News

Controversial Tool Calls Out Thousands of Hackable Websites

View as: Print Mobile App Share:
A broken wall.

PunkSpider's creators abandoned the project several years ago. But now they're back, and shining a spotlight on the web's many flaws.

Credit: Sam Whitney/Getty Images

The web has long been a playground for hackers, offering up hundreds of millions of public-facing servers to comb through for basic vulnerabilities to exploit. Now one hacker tool is about to take that practice to its logical, extreme conclusion: Scanning every website in the world to find and then publicly release their exploitable flaws, all at the same time—and all in the name of making the web more secure.

At the Defcon hacker conference next week, Alejandro Caceres and Jason Hopper plan to release—or, rather, to upgrade and re-release after a years-long hiatus—a tool called PunkSpider. Essentially a search engine that constantly crawls the entire web, PunkSpider automatically identifies hackable vulnerabilities in websites, and then allows anyone to search those results to find sites susceptible to everything from defacement to data leaks.

PunkSpider's creators say it will catalog hundreds of thousands of those unpatched vulnerabilities at launch, making all of them publicly accessible. Caceres and Hopper acknowledge that in doing so, their tool could potentially expose those sites to real-world attacks. But they hope that visibility will force the web's administrators to acknowledge that their websites contain simple, glaring, and in some cases dangerous flaws—and hopefully fix them.

From Wired
View Full Article



No entries found