By combining the principles of offensive security and distributed computing we were able to build an extremely fast and scalable web application scanner, PunkSCAN. It is an extremely stable and fast web application scanner that runs on a Hadoop cluster and as part of this presentation we're releasing it free and open source. PunkSPIDER, the main focus of this presentation, is the result of setting PunkSCAN loose on the Internet, and making the results searchable (also for free) through a web front end and REST API.
We expect PunkSPIDER will have many functions, but we are particularly hoping that by doing this, the general public becomes more aware of the security of the websites to which they are entrusting their critical data (hint: mostly they're a mess). By holding those accountable that release these obviously insecure web applications, we hope that we will see a shift towards the average user steering clear of those websites, providing incentive for secure coding practices, or at the very least incentive for running basic vulnerability checks on a web application prior to deployment. We will be the stick that hits web app developers and web app administrators when they do something dangerously sloppy.