**Update: This project was presented at ShmooCon 2013. We've received a ton of positive feedback, we appreciate the community's support for our mission! A few people have rightly noted that this project is controversial. Good. We're hoping this project brings a lot of new attention to the poor state of global web application security.
PunkSPIDER is a global web application vulnerability search engine powered by PunkSCAN. What that means is that we have built a scanner and architecture that can handle a massive number of web application vulnerability scans, set it loose on the Internet, and made the results available to you. It runs off of an Apache Hadoop cluster and is able to handle tens of thousands of scans every day.
Current tools are able to perform a limited number of scans, and are not built for stability, they're meant for single websites (they also crash a lot and often get caught in infinite loops, but we'll stop complaining now). Because PunkSPIDER is built on an extremely scalable architecture and is built for stability, the number of scan results that the framework can produce per day unattended is virtually limitless.
There are various potential applications to PunkSPIDER. The first is to aid organizations in vulnerability detection and mitigation of their publicly available assets. Not every organization has access to a diligent security team that can perform regular vulnerability checks against their web apps. Using PunkSPIDER an organization can simply type in their URL and know whether they have critical vulnerabilities that need fixing.
Furthermore, Hyperion Gray believes in open information, and we believe that the general public should have vulnerability scan information on the sites to which it is entrusting its oftentimes critical information. The bad guys have access to this information, so why shouldn't you? Using PunkSPIDER, you can check whether that store you have saved your credit card info to is terribly insecure and leaking your information all over the place.