forked from s-rah/onionscan
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
67 additions
and
27 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,63 +1,96 @@ | ||
# <img src="onionscan.png" alt="OnionScan"/> | ||
## What is OnionScan? | ||
|
||
# <img src="templates/images/logo.png" alt="OnionScan"/> | ||
|
||
[![Build Status](https://travis-ci.org/s-rah/onionscan.svg?branch=onionscan-0.2)](https://travis-ci.org/s-rah/onionscan) | ||
|
||
## What is OnionScan? | ||
OnionScan is a free and open source tool for investigating the Dark Web. For all | ||
the amazing technological innovations in the anonymity and privacy space, there | ||
is always a constant threat that has no effective technological patch - human | ||
error. | ||
|
||
OnionScan is a free and open source tool for investigating the Dark Web. | ||
Whether it is operational security leaks or software misconfiguration - most | ||
often times the attacks on anonymity don't come from breaking the underlying | ||
systems, but from ourselves. | ||
|
||
The purpose of this tool is to make you a better onion service provider. You owe | ||
it to yourself and your users to ensure that attackers cannot easily exploit and | ||
deanonymize. | ||
OnionScan has two primary goals: | ||
|
||
OnionScan is not a general vulnerability scanner or security tool. It does not | ||
feature scans that can be commonly found in other tools targeted at regular | ||
websites e.g. XSS detection. | ||
* We want to help **operators of hidden services find and fix operational security | ||
issues with their services**. We want to help them detect misconfigurations and we | ||
want to inspire a new generation of anonymity engineering projects to help make | ||
the world a more private place. | ||
|
||
* Secondly we want to help **researchers** and **investigators monitor and track Dark Web sites**. | ||
In fact we want to make this as easy as possible. Not because we agree with the | ||
goals and motives of every investigation force out there - most often we don't. | ||
But by making these kinds of investigations easy, we hope to create a powerful | ||
incentive for new anonymity technology (see goal #1) | ||
|
||
## Installing | ||
|
||
## Go Dependencies | ||
### A Note on Dependencies | ||
|
||
In order to install OnionScan you will need the following dependencies not | ||
provided by the core go standard library: | ||
|
||
* golang.org/x/net/proxy - For the Tor SOCKS Proxy connection. | ||
* golang.org/x/net/crypto - For PGP parsing | ||
* golang.org/x/net/html - For HTML parsing | ||
* github.com/rwcarlsen/goexif - For EXIF data extraction. | ||
* github.com/mvdan/xurls - For some URL parsing. | ||
* github.com/HouzuoGuo/tiedot/db - For crawl database. | ||
|
||
## Installing | ||
|
||
### Grab with go get | ||
|
||
`go get github.com/s-rah/onionscan` | ||
|
||
### Compile/Run from git cloned source | ||
|
||
`go install github.com/s-rah/onionscan` and then run the program in `./bin/onionscan`. | ||
Once you have cloned the repository into somewhere that go can find it you can | ||
run `go install github.com/s-rah/onionscan` and then run the binary in `$GOPATH/bin/onionscan`. | ||
|
||
Or, you can just do `go run github.com/s-rah/onionscan.go` to execute without compiling. | ||
Alternatively, you can just do `go run github.com/s-rah/onionscan.go` to run without compiling. | ||
|
||
## Running | ||
## Quick Start | ||
|
||
For a simple report detailing the high, medium and low risk areas found: | ||
For a simple report detailing the high, medium and low risk areas found with a | ||
hidden service: | ||
|
||
`./bin/onionscan blahblahblah.onion` | ||
`onionscan notarealhiddenservice.onion` | ||
|
||
The most interesting output comes from the verbose option: | ||
|
||
`./bin/onionscan --verbose blahblahblah.onion` | ||
|
||
There is also a JSON output, if you want to integrate with something else: | ||
`onionscan --verbose notarealhiddenservice.onion` | ||
|
||
`./bin/onionscan --jsonReport blahblahblah.onion` | ||
There is also a JSON output, if you want to integrate with another program or | ||
application: | ||
|
||
If you would like to use a proxy server listening on something other that `127.0.0.1:9050`, then you can use the --torProxyAddress flag: | ||
`onionscan --jsonReport notarealhiddenservice.onion` | ||
|
||
`./bin/onionscan --torProxyAddress=127.0.0.1:9150 blahblahblah.onion` | ||
If you would like to use a proxy server listening on something other that | ||
`127.0.0.1:9050`, then you can use the --torProxyAddress flag: | ||
|
||
To only scan for the web service and skip the other scans | ||
|
||
`./bin/onionscan --scans web --torProxyAddress=127.0.0.1:9150 blahblahblah.onion` | ||
`onionscan --torProxyAddress=127.0.0.1:9150 notarealhiddenservice.onion` | ||
|
||
More detailed documentation on usage can be found in [doc](doc/README.md). | ||
|
||
## What is scanned for? | ||
|
||
An list of privacy and security problems which are detected by OnionScan can be | ||
found [here](doc/what-is-scanned-for.md). | ||
|
||
You can also directly configure the types of scanning that onionscan does using | ||
the scans parameter. | ||
|
||
`./bin/onionscan --scans web notarealhiddenservice.onion` | ||
|
||
## Running the OnionScan Correlation Lab | ||
|
||
If you are a researcher monitoring multiple sites you will definitely want to use | ||
the OnionScan Correlation Lab - a web interface hosted by OnionScan that allows | ||
you to discover, search and tag different identity correlations. | ||
|
||
You can find a full guide on the OnionScan correlation lab [here](doc/correlation-lab.md). | ||
|
||
# <img src="./doc/images/correlation-lab-main.png" title="The main OnionScan Correlation Lab Screen"/> | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
# OnionScan Correlation Lab | ||
|
||
<img src="./images/correlation-lab-main.png" title="The main OnionScan Correlation Lab Screen"/> | ||
|
||
# Discovery Identity Correlations | ||
|
||
# Tagging Correltions |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.