Ever sit there and wonder what I2P is being used for that you can’t see? I do. And like most of my bad ideas, I let that curiosity get out of hand - now there’s a tool mapping the hidden corners of .b32.i2p space, making the invisible just a little less invisible.
A few key points:
I’m not brute-forcing B32s. (Total waste of time.) I’m not here to crash your services. I am running a floodfill router and sniffing LeaseSets as they announce themselves in real time. I can only see a small slice of the network at any point in time.
Most of the LeaseSets I find? Short-lived tunnels, nothing I can use. But I scan them anyway. Sometimes they pan out.
What the scanner doesn't and doesn’t do.
The scanner hits every .b32.i2p address it finds, fully aware that 99.999% of them lead to nothing interesting.
It’s simple:
“Hey, are you alive?”
If a site responds, I record it. Some get automatically sorted into categories; others go on the manual review list. No magic there.
If there’s no response? I’ll check back later with exponential backoff - no need to hammer dead addresses.
Current speed? Easily scanning 50,000 sites per hour, without even warming up the hardware.
Let’s be clear I don’t scan for exploits. But, obvious flaws are obvious. I’m not hijacking services. But, someone else will do these things and actively do.
I've also got a number honeypot sites running. If they get hit, I know someone else is scanning.
Protip: They get hit from time to time.
Early Observations (Without Spoiling the Fun)
The obvious stuff? Yeah, I find it. Public sites, well-known services, the usual suspects.
But the rest? It gets weird.
Misconfigured torrent clients?
Everywhere. Lock your stuff down before the clowns show up. And yes, I mean literal clowns - floppy shoes, red noses, honking all over your hard drive.
If clowns are your thing, here you go. Enjoy. magnet:?xt=urn:btih:4a456275d7ba72b483dfc62a50835e6fdf225c2e
I2P router console... wide open?
No password? Congrats, I know your IP address and router hash now. That wasn’t an accident - you made a dumb decision on purpose. Why?
Home router interfaces?
Found a few of those too. Again, I have to ask: why would you do that?
Random exposed directories?
One person had their entire C:\ shared for the world. No, I’m not making that up.
And yeah, the kind of stuff nobody should ever see. Thankfully, that’s rare - but it’s out there.
I track everything I see, disk space is cheap. Most of the addresses are very short lived, but some of them are long lived. Those are the ones that I'm most interested in.
The Worst Part?
Anyone can do this.
I’m just a guy in a van with too much curiosity and no supervision. If I can do this, imagine what someone with real funding could pull off.
If you run a service on I2P, odds are I’ll find it... Even if you never tell anyone about it. There are ways to help mitigate this, but that’s for another post.
What’s Next?
I’m debating starting a Wall of Shame - an occasional post showcasing exactly what not to do on I2P. Could be educational... probably funny... maybe terrifying. It will be fun!
More posts on this topic are coming. Stay tuned. And seriously - lock your shit down.