PunkSPIDER, Scan Tor for Vulnerabilities!

Within the famous Tor Network, it’s estimated that just 7,000 Tor domains exist. The online Dark Web Scanner “PunkSPIDER” can scan the Tor Network and reveal vulnerabilities.

The Tor network is a first stop choice for those who are privacy lovers as well as freedom of speech exponents can get together for congregations. The utilize Tor and Tor network to attempt to stay out of sight. However, just a couple of weeks ago, the entire Tor Network has been exposed even the deepest layers hidden in the midst of the Dark Web.

Alejandro Caceres as well as Amanda Towler in which operate Hyperion Gray, LLC has set the PunkSPIDER afoot upon the deep Dark Web. However, much to the two’s surprise the Dark Web is nowhere near as huge as experts have been proclaiming.

When they booted/started up PunkSpider a couple of weeks ago, they were surprised to learn that it only took a total of 3 hours to complete the entire scan. When the scan of the deep Dark Web upon the Tor Network, there were only a total of 7,000 registered .Onion domains.

PunkSPIDER works by utilizing a custom-written crawler script using Apache Nutch to “Crawl” around websites, then it will index the site into a Solr Database. From there, the site(s) are then queued up in order to be scanned “Fuzzed” to find any vulnerabilities. While the process itself is not as complicated as you may expect it to be, there is a twist to this project. Every aspect of the process that PunkSPIDER performs, is distributed across a “Hadoop Cluster”. This makes the crawling a much faster and even more efficient than what you would expect to see from our traditional values of web crawling and fuzzing.

You may have even noticed that the 7,000 domain names are not a lot of sights, with 100 flaws uncovered in total. This number is lower than that of PunkSPIDERs dataset, and the reason is because most of the registered sites are just a single page websites containing static HTML. This poses a low risk as they contain hardly any, if none at all, attack surface risks upon the application side. Other sites that were crawled were nothing more than blank pages.

During the crawl, there was a number of sites hosted upon the Dark Web in which were offering illegal content. Such illegal content consisted of child pornography.