PunkSPIDER Vulnerability Repository, Scanning the Tor Network

The Dark Web has had its weaknesses uncovered these last few days. The Tor network is designed to keep what a person does online completely anonymous. However, some of the best hackers in the world set out to prove that there was really nothing you can do to hide. This was completed with an automatic scanner called PunkSPIDER.

punk spider

All About PunkSPIDER

PunkSPIDER was designed by Alejandro Caceres and Amanda Towler. The scanner works much like Google does when indexing websites and content on these websites.

However, the scanner works specifically for Tor-based websites.  The idea was to help improve the security that is seen in what has been termed the “dark web.” But, the scanner is also seeing some legal benefits as well.

The scanner can pinpoint those tor network sites that could be illegal, and harmful to the integrity of the Internet. If the scanner were to find this information, it could be turned over to the proper legal enforcement agencies and taken down.

Caceres and Towler are the head figures of Hyperion Gray, a research organization. The organization has the distinct privilege of being in charge of the Memex search project being used by the US military’s research arm, Darpa to help with law enforcement, specifically human trafficking.

To scan the entire Tor network, the scanner took approximately 3 hours to complete the search. In this time frame, it searched around 7,000 websites with the .onion extension. However, only 2,100 websites responded to HTTP requests promptly for the scanner to check these sites. The results of these 2,100 sites are that there were:

  • 50 sites had vulnerabilities
  • 100 flaws total were uncovered

Caceres found these results to be lower than what they expected. However, explained this by stating:

“I suspect because many .onion sites are just single-page websites with static HTML on them and hardly any kind of attack surface on the application side. Some sites were also just totally blank.”

The team has not released a lot of details on what was found on these sites, as they are releasing some information found in the law. In particular, Caceres referenced one site that was being given to legal authorities to shut down, as there was content that Caceres categories as a “weird subset of child porn.”

Though the goal of PunkSPIDER is to help sites to stay attack free, the goal is also to make the Internet a safer place. With the results that PunkSPIDER can offer, finding out those harmful sites can now be easier than ever.

However, you should make the Internet a safer place for yourself activating a reliable VPN that protects your sensitive data.

Joel Timothy is a writer who has a passion for tech and internet security and privacy.


Please enter your comment!
Please enter your name here