About Innumbra
Innumbra is a metadata-only dark web search engine that indexes .onion hidden services on the Tor network. Unlike traditional search engines, Innumbra does not store or cache page content. It indexes titles, server technology, uptime status, content hashes, threat intelligence classifications, and page language — providing OSINT researchers with structured data about the dark web without hosting any of its content.
The index is built from multiple sources: public .onion directories, breadth-first crawling, and user submissions. Every site is checked against the Ahmia CSAM blocklist. Features include real-time change detection, warrant canary monitoring, content-hash-based mirror detection, technology stack fingerprinting, and a wayback-style snapshot timeline.
Frequently Asked Questions
What is Innumbra?
Innumbra is a dark web meta-search engine that indexes .onion hidden services on the Tor network. It provides metadata-only indexing — titles, server technology, uptime status, language detection, and threat intelligence classifications — without storing or caching any actual page content. It is designed as an OSINT (Open Source Intelligence) tool for security researchers, journalists, and threat analysts.
How does Innumbra discover .onion sites?
Innumbra uses a multi-source discovery pipeline: it imports known .onion addresses from public directories (Ahmia, Fresh Onions, Tor66), performs BFS (breadth-first search) crawling to discover linked sites, and accepts user submissions. Each discovered site is periodically checked for status, and metadata is extracted including server software, technology stack, page language, and content hashes for mirror detection.
What is warrant canary tracking?
A warrant canary is a public statement, often PGP-signed, declaring that a service provider has not received secret government subpoenas or gag orders. Innumbra's canary tracker automatically detects these statements on .onion sites, hashes them cryptographically, and monitors for changes. If a canary is modified or disappears, it may indicate the site has been served with a legal order — a critical signal for security researchers and privacy advocates.
How does mirror detection work?
Innumbra computes a normalized SHA-256 hash of each site's content after stripping dynamic elements like scripts, nonces, timestamps, and session tokens. Sites with identical content hashes are grouped as mirrors. This helps researchers identify redundant infrastructure, track site operators across multiple .onion addresses, and detect when a site migrates to a new address.
What search filters are available?
Innumbra supports advanced search syntax: status:online or status:offline for availability, cti:ransomware or cti:marketplace for threat intelligence, tech:nginx for server technology, lang:ru for language, and after:2025-01 or before:2024-06 for date ranges. Combine any of these with free-text keywords for precise results.
Does Innumbra store dark web content?
No. Innumbra is strictly a metadata-only index. It stores titles, server headers, technology fingerprints, uptime history, content hashes, and structural metadata — never actual page content. The Ahmia CSAM blocklist is enforced on all ingested data, and users can report sites for review. This approach provides research value while avoiding the legal and ethical issues of hosting dark web content.