Initial Documentation Commit

README.md

@@ -1,63 +1,96 @@
-# <img src="onionscan.png" alt="OnionScan"/>
+## What is OnionScan?
+
+# <img src="templates/images/logo.png" alt="OnionScan"/>
 
 [![Build Status](https://travis-ci.org/s-rah/onionscan.svg?branch=onionscan-0.2)](https://travis-ci.org/s-rah/onionscan)
 
-## What is OnionScan?
+OnionScan is a free and open source tool for investigating the Dark Web. For all
+the amazing technological innovations in the anonymity and privacy space, there 
+is always a constant threat that has no effective technological patch - human
+error.
 
-OnionScan is a free and open source tool for investigating the Dark Web.
+Whether it is operational security leaks or software misconfiguration - most
+often times the attacks on anonymity don't come from breaking the underlying
+systems, but from ourselves.
 
-The purpose of this tool is to make you a better onion service provider. You owe
-it to yourself and your users to ensure that attackers cannot easily exploit and 
-deanonymize.
+OnionScan has two primary goals:
 
-OnionScan is not a general vulnerability scanner or security tool. It does not
-feature scans that can be commonly found in other tools targeted at regular
-websites e.g. XSS detection.
+* We want to help **operators of hidden services find and fix operational security 
+ issues with their services**. We want to help them detect misconfigurations and we
+ want to inspire a new generation of anonymity engineering projects to help make
+ the world a more private place.
+
+* Secondly we want to help **researchers** and **investigators monitor and track Dark Web sites**.
+ In fact we want to make this as easy as possible. Not because we agree with the 
+ goals and motives of every investigation force out there - most often we don't.
+ But by making these kinds of investigations easy, we hope to create a powerful
+ incentive for new anonymity technology (see goal #1)
+
+## Installing
 
-## Go Dependencies
+### A Note on Dependencies
+
+In order to install OnionScan you will need the following dependencies not 
+provided by the core go standard library:
 
 * golang.org/x/net/proxy - For the Tor SOCKS Proxy connection.
+* golang.org/x/net/crypto - For PGP parsing
+* golang.org/x/net/html - For HTML parsing
 * github.com/rwcarlsen/goexif - For EXIF data extraction.
-* github.com/mvdan/xurls - For some URL parsing.
 * github.com/HouzuoGuo/tiedot/db - For crawl database.
 
-## Installing
-
 ### Grab with go get
 
 `go get github.com/s-rah/onionscan`
 
 ### Compile/Run from git cloned source
 
-`go install github.com/s-rah/onionscan` and then run the program in `./bin/onionscan`.
+Once you have cloned the repository into somewhere that go can find it you can
+run `go install github.com/s-rah/onionscan` and then run the binary in `$GOPATH/bin/onionscan`.
 
-Or, you can just do `go run github.com/s-rah/onionscan.go` to execute without compiling.
+Alternatively, you can just do `go run github.com/s-rah/onionscan.go` to run without compiling.
 
-## Running
+## Quick Start
 
-For a simple report detailing the high, medium and low risk areas found:
+For a simple report detailing the high, medium and low risk areas found with a
+hidden service:
 
-`./bin/onionscan blahblahblah.onion`
+`onionscan notarealhiddenservice.onion`
 
 The most interesting output comes from the verbose option:
 
-`./bin/onionscan --verbose blahblahblah.onion`
-
-There is also a JSON output, if you want to integrate with something else:
+`onionscan --verbose notarealhiddenservice.onion`
 
-`./bin/onionscan --jsonReport blahblahblah.onion`
+There is also a JSON output, if you want to integrate with another program or 
+application:
 
-If you would like to use a proxy server listening on something other that `127.0.0.1:9050`, then you can use the --torProxyAddress flag:
+`onionscan --jsonReport notarealhiddenservice.onion`
 
-`./bin/onionscan --torProxyAddress=127.0.0.1:9150 blahblahblah.onion`
+If you would like to use a proxy server listening on something other that 
+`127.0.0.1:9050`, then you can use the --torProxyAddress flag:
 
-To only scan for the web service and skip the other scans
-
-`./bin/onionscan --scans web --torProxyAddress=127.0.0.1:9150 blahblahblah.onion`
+`onionscan --torProxyAddress=127.0.0.1:9150 notarealhiddenservice.onion`
 
 More detailed documentation on usage can be found in [doc](doc/README.md).
 
 ## What is scanned for?
 
 An list of privacy and security problems which are detected by OnionScan can be
 found [here](doc/what-is-scanned-for.md).
+
+You can also directly configure the types of scanning that onionscan does using
+the scans parameter.
+
+`./bin/onionscan --scans web notarealhiddenservice.onion`
+
+## Running the OnionScan Correlation Lab
+
+If you are a researcher monitoring multiple sites you will definitely want to use
+the OnionScan Correlation Lab - a web interface hosted by OnionScan that allows
+you to discover, search and tag different identity correlations.
+
+You can find a full guide on the OnionScan correlation lab [here](doc/correlation-lab.md).
+
+# <img src="./doc/images/correlation-lab-main.png" title="The main OnionScan Correlation Lab Screen"/>
+
+

doc/correlation-lab.md

@@ -0,0 +1,7 @@
+# OnionScan Correlation Lab
+
+<img src="./images/correlation-lab-main.png" title="The main OnionScan Correlation Lab Screen"/>
+
+# Discovery Identity Correlations
+
+# Tagging Correltions