U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

PunkSPIDER, the crawler that scanned the Dark Web

Security experts developed their PunkSPIDER, a Tor crawler, that already scanned more than 7000 domains and discovered numerous vulnerabilities. We have discussed several times about the Tor anonymizer network and the way it is exploited  by criminal crews to sell any kind of illegal product and service. Last week, an automated scanner dubbed PunkSPIDER was launched in the […]

PunkSPIDER, the crawler that scanned the Dark Web

Security experts developed their PunkSPIDER, a Tor crawler, that already scanned more than 7000 domains and discovered numerous vulnerabilities.

We have discussed several times about the Tor anonymizer network and the way it is exploited  by criminal crews to sell any kind of illegal product and service.

Last week, an automated scanner dubbed PunkSPIDER was launched in the Tor network to uncover security issues in hidden services.

PunkSPIDER was developed by the hackers Alejandro Caceres and Amanda Towler in an effort to improve the overall security of the serviced hosted on the popular anonymizing networks.

We’re just beginning, but the potential of PunkSPIDER is remarkable. A few years ago I have developed something similar, the Artemis Project, and I strongly believe that such a project can provide amazing results.

PunkSPIDER scanned about 7,000 .onion domains in only three hours.

“You might notice that’s not a lot of sites. If there’s one thing we’ve learned from Memex it’s that the number of Hidden Services [sites that hide their server location using the Tor network]up at any time has been greatly overestimated.” Caceres told to Forbes.

The experts made available the results of the crawling activity in a Google-like search tool, such kind of results could aid security experts and law enforcement in the fight against illegal activities in the Dark Web. The discovery of a security hole in a hidden service could be exploited by hackers to compromise these websites and investigate on their operators.

PunkSpider

The experts provided as example the case of one vulnerable site crawled by the PunkSPIDER that contained “a weird subset of child porn”.

“After looking through them there is at least one that we’d like to share with law enforcement before releasing it publicly.” Caceres told FORBES. 

Let’s give a look to the findings of the scan made by the researchers, on 7,000 scanned domains nearly 2,100 were affected by more than 50 security vulnerabilities.

“Of those 2,100 sites roughly 50 had vulnerabilities, with 100 flaws uncovered in total. “This is lower than our normal dataset, I suspect because many .onion sites are just single-page websites with static HTML on them and hardly any kind of attack surface on the application side. Some sites were also just totally blank.” said Careces.

Stay tuned …

Pierluigi Paganini

(Security Affairs – Deep Web, PunkSPIDER, hacking)