PunkSPIDER, the crawler that scanned the Dark Web

Security experts developed their PunkSPIDER, a Tor crawler, that already scanned more than 7000 domains and discovered numerous vulnerabilities.

We have discussed several times about the Tor anonymizer network and the way it is exploited  by criminal crews to sell any kind of illegal product and service.

Last week, an automated scanner dubbed PunkSPIDER was launched in the Tor network to uncover security issues in hidden services.

PunkSPIDER was developed by the hackers Alejandro Caceres and Amanda Towler in an effort to improve the overall security of the serviced hosted on the popular anonymizing networks.

We’re just beginning, but the potential of PunkSPIDER is remarkable. A few years ago I have developed something similar, the Artemis Project, and I strongly believe that such a project can provide amazing results.

PunkSPIDER scanned about 7,000 .onion domains in only three hours.

“You might notice that’s not a lot of sites. If there’s one thing we’ve learned from Memex it’s that the number of Hidden Services [sites that hide their server location using the Tor network]up at any time has been greatly overestimated.” Caceres told to Forbes.

The experts made available the results of the crawling activity in a Google-like search tool, such kind of results could aid security experts and law enforcement in the fight against illegal activities in the Dark Web. The discovery of a security hole in a hidden service could be exploited by hackers to compromise these websites and investigate on their operators.

The experts provided as example the case of one vulnerable site crawled by the PunkSPIDER that contained “a weird subset of child porn”.

“After looking through them there is at least one that we’d like to share with law enforcement before releasing it publicly.” Caceres told FORBES. 

Let’s give a look to the findings of the scan made by the researchers, on 7,000 scanned domains nearly 2,100 were affected by more than 50 security vulnerabilities.

“Of those 2,100 sites roughly 50 had vulnerabilities, with 100 flaws uncovered in total. “This is lower than our normal dataset, I suspect because many .onion sites are just single-page websites with static HTML on them and hardly any kind of attack surface on the application side. Some sites were also just totally blank.” said Careces.

Stay tuned …

Pierluigi Paganini

(Security Affairs – Deep Web, PunkSPIDER, hacking)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Pwn2Own Berlin 2025: total prize money reached $1,078,750

Pwn2Own Berlin 2025 wrapped up with $383,750 awarded on the final day, pushing the total…

3 hours ago

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 45

Security Affairs Malware newsletter includes a collection of the best articles and research on malware…

23 hours ago

Security Affairs newsletter Round 524 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles…

23 hours ago

Experts found rogue devices, including hidden cellular radios, in Chinese-made power inverters used worldwide

Chinese "kill switches" found in Chinese-made power inverters in US solar farm equipment that could…

1 day ago

US Government officials targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials

FBI warns ex-officials are targeted with deepfake texts and AI voice messages impersonating senior U.S.…

2 days ago