Onionscan: Analyzing hidden services
The Dark Web is always in the eye of authorities like the FBI, establishing possible baits for users who commit these activities to bite, or looking for vulnerabilities that expose the real users behind the anonymous identities.
Researcher Sarah Jamie Lewis (@SarahJamieLewis) released a tool called OnionScan.
Researcher Sarah Jamie Lewis (@SarahJamieLewis) released a tool called OnionScan.
OnionScan what it does is look for sensitive information related to hidden websites under Tor. For example, this tool can search the metadata that contains an image to see if it includes information about the user (name on the PC or GPS coordinates), or know the status of the server of a page, which can lead to your getting to know the real IP of the page, or be able to know what other websites are managed by the same person. In fact, you can find encryption keys that are shared by several websites, which would indicate a strong correlation between several websites, indicating that they have the same owner.
Well, after the short description I will tell you my personal experience, I have used this tool a lot but it has been a little tangled documentation when I want to configure go, well, at last I was able to configure everything, there are only some problems with the web interface that runs in port 8080 and I have not managed to solve it yet, when I do I will notify you.
Now we will proceed with the installation:
First I will assume that they use debian and have root permissions, we will update a bit:
user @ computer: $ apt-get update
Then we will install some dependencies:
user @ computer: $ apt-get install tor git libexif-dev
Now let's install Go:
user @ computer: $ bash <<(curl -s -S -L https://raw.githubusercontent.com/moovweb/gvm/master/binscripts/gvm-installer)
user @ computer: $ source /root/.gvm/scripts/gvm
We will install the latest version supported by onionscan.
user @ computer: $ gvm install go1.7 --binary
Now let's activate go 1.7
user @ computer: $ gvm use go1.7
Excellent, now we will install some dependencies necessary for the use of onionscan:
user @ computer: $ - go get github.com/HouzuoGuo/tiedot
- go get golang.org/x/crypto/openpgp
- go get golang.org/x/net/proxy
- go get golang.org/x/net/ html
- go get github.com/rwcarlsen/goexif/exif
- go get github.com/rwcarlsen/goexif/tiff
- go get golang.org/x/crypto/openpgp
- go get golang.org/x/net/proxy
- go get golang.org/x/net/ html
- go get github.com/rwcarlsen/goexif/exif
- go get github.com/rwcarlsen/goexif/tiff
Excellent, we have everything ready, now we will download and install onionscan:
user @ computer: $ go get github.com/s-rah/onionscan
user @ computer: $ go install github.com/s-rah/onionscan
Well, we have everything in order, we just have to execute the onionscan command and we will see all the available options and parameters, this syntax is normally used to see the results as the tool is working:
user @ computer: $ onionscan --verbose serviciooculto.onion
This will be very useful to check the level of "anonymity" that has its hidden service.
![[EXCLUSIVE!!!] CAPMONSTER PRO 2.10.7.0 CRACKED BY ANONYMOOSE](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidHgK2jErCvRhSbjRWkhYjS_dDaHMHbDQAGUUQtqQpFkLTvHXj-yMVCAxcdE4sfrFNhvsI8OHRmBKeEAHAL_L_uqqygf8ADk5gIaf5Wa4Gv-btL_SmIzjbCUonUNtNztvegMLIoRvSF3IA/s72-c/unknown.png)
![BlackBullet 2.4.4 [Cracked]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKc5nEpTlCYYPXm9yIVxxn5rzIxulCJ5VohirlITjYB60tGvzgy1RxoDGThIytgQ-KEQDDNM9phW6aZm_ZI6scZaTnLddrtt8st6EqiYKvOZEF3HLCxt5rH-dDaqdpYEKj1Mmrq7pFpLIh/s72-c/maxresdefault.jpg)
