PunkSpider Tool Calls Out Thousands of Hackable Websites

The web has long been a playground for hackers, offering up hundreds of millions of public-facing servers to comb through for basic vulnerabilities to exploit. Now one hacker tool is about to take that practice to its logical, extreme conclusion: Scanning every website in the world to find and then publicly release their exploitable flaws, all at the same time—and all in the name of making the web more secure.

At the Defcon hacker conference next month, Alejandro Caceres and Jason Hopper plan to release—or, rather, to upgrade and re-release after a years-long hiatus—a tool called PunkSpider. Essentially a search engine that constantly crawls the entire web, PunkSpider automatically identifies hackable vulnerabilities in websites, and then allows anyone to search those results to find sites susceptible to everything from defacement to data leaks.

PunkSpider's creators say it will catalog hundreds of thousands of those unpatched vulnerabilities at launch, making all of them publicly accessible. Caceres and Hopper acknowledge that in doing so, their tool could potentially expose those sites to real-world attacks. But they hope that visibility will force the web's administrators to acknowledge that their websites contain simple, glaring, and in some cases dangerous flaws—and hopefully fix them.