About a year ago, I had an idea. I thought, "I wonder if anyone has ever scanned the entire Internet for vulnerabilities? How could you even do that? I wonder if I could do it from my living room..." So I decided to start an open-source project under a company I started called Hyperion Gray.
I gathered some old laptops, built a Hadoop cluster in my living room (because, c'mon, 'Hadoop' is such a cool word!), and started writing a new kind of web vulnerability scanner (PunkSCAN) that would work on a distributed computing architecture. Then I started spidering the Internet for targets and built a searchable repository using the wonderful and open source Apache Nutch and Solr for whatever I'd find while, well, spidering and scanning the Internet. All of it. Thus began the PunkSPIDER project. PunkSPIDER has a number of uses for us techies and security researchers, but its most interesting use case is to allow average Internet users to check if the websites that they entrust their sensitive data to is leaking it all over the place. Users can do this with little to no knowledge of website security, all through a friendly search engine interface. It is a fully featured search engine to prevent your information from being stolen, by allowing you to see if the websites that you use can be easily hacked.
Along the way, I realized that maybe this wasn't a one-man-with-a-day-job kind of project, so I started looking for help. I happened upon a freelancer calling himself Jay Springbernate (you Java developers might get this silly name - I commend him for having a geeky enough handle that even I didn't get it), who turned out to be a guy named Tomas who would help take this project to the next level, the guy who had all the skills that I didn't but wished I did. Together, with our blood, sweat, tears, nights and weekends and absolutely no 5-Hour Energy or Mountain Dew Full Throttle or whatever (it's true!), we've built up to PunkSPIDER v1.2.
So our hard work has paid off, and our project has been accepted as a topic at ShmooCon 2013! (I may or may not have a genie in a lamp and 2 wishes left...shhh.) So, we're thinking that maybe we're on to something, and, if you've read this far, we're hoping you think so too.
This KickStarter project is our attempt to raise the money to build PunkSPIDER 2.0. Your generous support will allow us to cover our hosting costs (yeah -- that ramshackle Hadoop cluster in my living room got augmented with a big-boy cloud cluster and the cloud is not free), as well as some of the new and expanded features we're super excited about. Also, your money *may* go to pay for mine and Jay's funeral costs, since my girlfriend and his wife are probably going to kill us if we spend any more time on this project...
Anyway, here's some of our ideas, and since this is an open-source project, your ideas are obviously welcome as well:
- Keep it free - PunkSPIDER will always be free, easily usable, and accessible by the general public. Period.
- Improved searching - Currently we support searching by website URL, title, and vulnerability type. However we'd like to expand these to include searching by country and additional vulnerability types.
- Free vulnerability alert subscription system - We believe that one great use of PunkSPIDER is to check for vulnerabilities in websites that you use. These can cause you to lose tons of personal information through absolutely no fault of your own. We'd like to provide an automated alert system that lets you know if your information is at risk if you inadvertently use an insecure website.
- Improve PunkSCAN - We'd like to improve the free and open source engine that runs PunkSPIDER (PunkSCAN). We'd like to make it even faster, more efficient, and more thorough. We believe this would not only benefit PunkSPIDER users but also security researchers that would like to reuse or learn from our unique architecture.
We've done our best to make sure that this project meets all the rules on KickStarter. There's a distinct project start and end point, and we're not moochers -- we're not going to move in, sleep on your couch, drink the last of the milk and ask you if you're going to eat that last slice of pizza (looking at you, Vance). We hope you like our prizes, which are mostly centered around giving you major street cred for being awesome -- priceless!! (actually, it's a minimum $5...).
If you love us as much as we love you, spread the word, tell your friends, and throw a few bones our way, if you can. And at the very least, give us feedback -- we're building this for you!
Risks and challenges
Well, for starters, Tomas and I have day jobs, and I'm pretty sure an open-source project isn't a get rich quick scheme (*coughmetasploitcough*). But this hasn't stopped us so far and it certainly won't if we have a cheering crowd behind us. Also, we never sleep, so no worries there.
Really, though, one of the challenges I foresee is having the time and money to maintain and continuously grow and improve on the PunkSPIDER project and keep it relevant as the world changes. My ideal solution is to build a big enough community around the project that it maintains and grows itself! That's the beauty of an open-source project -- eventually it's not mine anymore, it belongs to The People.
But someone needs to drive the train (I think trains still need drivers...right?), and as the project's founder I will make sure that a viable, stable and FREE version is always available to the community. I've proved my dedication to PunkSPIDER to myself (and to my bank account...), and I'll prove it to you too.Learn about accountability on Kickstarter
- (35 days)