OnionScan
OnionScan is a tool for scanning hidden services for opsec leaks and software misconfiguration that could enable an attacker to determine the service operator. It will run on any operating system with Golang.
Install Go(lang)
On a Mac it's simple:
brew install go
On Linux, it may be available similarly via your package manager (probably as golang).
On other systems, follow the instructions to download and install from the Go website (or ask for a USB stick for Windows/Mac installers).
Install OnionScan
go get github.com/HouzuoGuo/tiedot go get golang.org/x/crypto/openpgp go get golang.org/x/net/proxy go get golang.org/x/net/html go get github.com/rwcarlsen/goexif/exif go get github.com/rwcarlsen/goexif/tiff go get github.com/s-rah/onionscan go install github.com/s-rah/onionscan.go
Make it scan
OnionScan should now be installed in your GOPATH. On Mac, this should be ~/go (if not, find it by running go env GOPATH).
cd ~/go ./onionscan --verbose yourhiddenservice.onion
What it's doing
OnionScan crawls to look for things that might give away identity like images with EXIF tags and PGP identities. It also checks SSH endpoints, analytics IDs, and server fingerprinting that can be used to determine if two sites are hosted on the same infrastructure. And Apache's mod_status. And more.
OnionScan's output (in verbose mode) should give you a good idea of what it's checking. When it's finished it should show a report something like this:
--------------- OnionScan Report ---------------
Generating Report for: yourhiddenservice.onion
Info: Found Identities
Items Identified:
onion-munch.jpg
There are a number of reports from aggregated OnionScans of thousands of hidden services, with great visualisations available on onionscan.org.
That's all folks
Some further reading:
- The OnionScan reports
- Building a Tor Hidden Service From Scratch
- Dark Web OSINT with Python and OnionScan
- Why we need Tor now more than ever
Anonoblog | Robin Doherty | robindoherty.com | @rdoh | rdoherty@gmail.com | PGP