The anonymity and untraceability of the darknet provide fertile ground for the development of illegal trade and terrorism. In recent years, the number of darknet websites dominated by Tor and I2P has been increasing sharply. There have been many vulnerabilities that have happened on the darknet causing a generalized impact on the real world, which is attracting increasing concern from all sides. In order to monitor the traffic of darknet and find out whether the vulnerabilities discussed on the darknet may lead to serious consequences in the real world, we propose a method to predict the threat of the darknet based on machine learning. Firstly, the project builds a crawler system, using the privoxy service to set up agents and using Tor service to connect to the darknet. Then, with firefox’s headless browser, we recursively access the contents of the darknet webpage. The project crawls the HTML of webpage and searches for important contents in HTML through python’s selenium library. The crawled data and returned header information are stored in the database. As a pack of software, kibana can perform full-text searches of data stored in the elasticsearch database. In addition, based on react framework, web visualization of database data is realized by using echarts, grommet, grid-layout and other control groups. Line charts, pie charts and lists are used to display the total amount of data, extra daily data and other information. Finally, the project washes HTML data to obtain corpus. The word vector and Lda model are combined to realize web page classification. The labeled data set, containing vulnerability exploitation, is modeled by various methods, including Bayesian, random forest, SVM and other common methods. With the performance of the model evaluated, SVM can achieve 93% accuracy rate on 80% of the test sets. On this basis, the time node when the vulnerability may be used in the open network is predicted.