>200M dark web resource records created
Shows Void Runner's collection depth across hidden services, markets, forums, communication hubs, and historical dark web infrastructure.


Dark Web Intelligence
Active collection and correlation across hidden services turns dark web observations into connected investigation context.
Void Runner preserves Dendrite's original emphasis on dark web services, users, communication hubs, hidden infrastructure, and historical records that remain useful after a service disappears.
Shows Void Runner's collection depth across hidden services, markets, forums, communication hubs, and historical dark web infrastructure.
Validates the system's ability to extract, normalize, and correlate user identifiers across dark web services and communication contexts.
Connects dark web observations to adversary infrastructure, preserving historical C2 context even after services move or disappear.
What it is
Dendrite's dark web intelligence engine maps resources and users across hidden services and correlates them to broader infrastructure context.
Data coverage
Workflow
Analyst use
Audience
Dark web intelligence for mapping hidden services, users, infrastructure, and historical records.
Use dark web records, user context, and infrastructure links to identify emerging threats before they appear in finished reporting.
Pivot from hidden services, usernames, communication hubs, and infrastructure artifacts into connected leads for active investigations.
Study dark web services, historical records, and cross-service patterns with normalized context that supports deeper technical analysis.
Connect services, users, communication venues, and historical records to support long-running investigations and partner-ready intelligence.
Features
Identify hidden services and preserve the metadata needed to understand what they are, how they behave, and how they change over time.
Connect usernames, handles, aliases, and behavioral signals across services so analysts can follow activity beyond a single dark web property.
Map forums, chats, markets, and other communication spaces where users, services, and infrastructure relationships emerge.
Preserve records from services that move, disappear, or change structure so past observations remain available for future investigations.
Use cases
Move from an onion service or dark web artifact into related domains, IPs, certificates, services, and other infrastructure context.
Follow users, aliases, venues, and interaction patterns across dark web communities to build a clearer view of actor activity.
Use retained historical records to keep investigations moving after a hidden service changes location, goes offline, or removes content.
Data flow
Void Runner turns hidden services, users, hubs, and historical records into connected investigation pivots.
Void Runner turns hidden services, users, hubs, and historical records into connected investigation pivots.
Input
Processing
Output
Delivery
Delivery options for Void Runner: API, CLI, Unified Web Platform, Dataset export.
API
CLI
Platform
Dataset export
Related
Command & Control Intelligence
Perpetual enumeration, fingerprinting, and monitoring of C2 infrastructure connected to malware campaigns and threat actor activity.
Cryptocurrency Data Intelligence
Cryptocurrency data correlated to wallets, services, dark web activity, infrastructure, and investigation-ready entity context.
Identity Exposure Intelligence
A homogenized breach and credential intelligence set correlated to infrastructure, services, users, and organizational risk context.
Collaborative Intelligence Workspace
A graphical workspace for exploring Dendrite and supported third-party data, coordinating investigations, and sharing intelligence.
Operationalize
Talk with Dendrite about access, delivery options, and the right starting point for your team.