Skip to content
/ TORVision Public

TORVision is an analytical tool for tracing and visualizing TOR network activity, reconstructing probable origin IPs using automated metadata collection, machine learning scoring. It features interactive Streamlit dashboards with timeline replay, forensic PCAP/log analysis, exportable reports empowering investigation.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

TORVision-Team/TORVision

BranchesTags

Repository files navigation

TORVision An Analytical System for TOR Node Correlation, Origin Prediction & Forensic Intelligence

TORVision is an advanced metadata-driven analysis platform designed to help investigators understand TOR relay behavior, identify likely entry/guard nodes, visualize network flows, and correlate forensic logs — without breaking TOR encryption.

The system uses public metadata, ML-based scoring, graph correlation, timeline replay, weather forecasting, and suspicious activity alerts to deliver actionable intelligence.

Key Features:- 🔹 1. TOR Data Collection

Automatic extraction of TOR relay metadata using Onionoo API

Periodic scheduled updates

Stores historical snapshots (for forecasting & trend analysis)

🔹 2. Node Correlation Engine

Time-based matching of entry → middle → exit nodes

Similarity scoring based on timestamps, bandwidth & flags

Graph-based correlation using NetworkX

🔹 3. ML-Based Origin Prediction

Predicts likely entry/guard nodes

Confidence scoring model (Decision Tree / RandomForest)

Continuously improves as new data is fetched

🔹 4. Visualization Dashboard

Interactive relay map

Network graph animation

Timeline reconstruction

Confidence meter display

Forensic match overlay

🔹 5. Forensic Log Integration

Upload PCAP or network logs

Extract suspicious IPs & timestamps

Match against TOR relay database

Highlight overlapping or suspicious nodes

🔹 6. TOR Weather Forecasting ⭐ Unique Feature

Predicts:

Future number of exit nodes

Country-wise activity trends

Node stability probability

Possible outages

Example: “Forecast: Exit nodes in Europe likely to increase by 12% in next 4 hours.”

🔹 7. Suspicious Activity Alerts

The system automatically detects:

Sudden drop in relay counts

Country-based spikes

Over-stable nodes (possible surveillance)

Bandwidth anomalies

System Workflow:-

TOR Data Collector fetches live relay data

Preprocessor normalizes timestamps & builds features

Correlation Engine links entry → exit nodes

ML Module calculates confidence score

Weather Module predicts future TOR trends

Alerts Module flags suspicious events

Forensic Module overlays PCAP/log data

Dashboard visualizes everything

Report Generator exports final PDF Exit node bursts

About

TORVision is an analytical tool for tracing and visualizing TOR network activity, reconstructing probable origin IPs using automated metadata collection, machine learning scoring. It features interactive Streamlit dashboards with timeline replay, forensic PCAP/log analysis, exportable reports empowering investigation.

Topics

machine-learning logs cyber-security

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages