Whether it is operational security leaks or software misconfiguration – most often times the attacks on anonymity don’t come from breaking the underlying systems, but from ourselves.
OnionScan has two primary goals:
We want to help operators of hidden services find and fix operational security issues with their services. We want to help them detect misconfigurations and we want to inspire a new generation of anonymity engineering projects to help make the world a more private place.
Secondly we want to help researchers and investigators monitor and track Dark Web sites. In fact we want to make this as easy as possible. Not because we agree with the goals and motives of every investigation force out there – most often we don’t. But by making these kinds of investigations easy, we hope to create a powerful incentive for new anonymity technology (see goal #1)
OnionScan requires either Go 1.6 or 1.7.
In order to install OnionScan you will need the following dependencies not provided by the core go standard library:
http://ift.tt/1O3q20r – For the Tor SOCKS Proxy connection.
http://ift.tt/2fNTCw0 – For PGP parsing
http://ift.tt/1zLQOE6 – For HTML parsing
http://ift.tt/2fNQr7F – For EXIF data extraction.
http://ift.tt/2eor0EG – For crawl database.
See the wiki for guidance.
Grab with go get
go get http://ift.tt/2619FZ9
Compile/Run from git cloned source
Once you have cloned the repository into somewhere that go can find it you can run go install http://ift.tt/2rOVTfK then run the binary in $GOPATH/bin/onionscan.
Alternatively, you can just do go run http://ift.tt/1T4UhUA to run without compiling.
For a simple report detailing the high, medium and low risk areas found with a hidden service:
The most interesting output comes from the verbose option:
onionscan –verbose notarealhiddenservice.onion
There is also a JSON output, if you want to integrate with another program or application:
onionscan –jsonReport notarealhiddenservice.onion
If you would like to use a proxy server listening on something other that 127.0.0.1:9050, then you can use the –torProxyAddress flag:
onionscan –torProxyAddress=127.0.0.1:9150 notarealhiddenservice.onion
More detailed documentation on usage can be found in doc.
What is scanned for?
A list of privacy and security problems which are detected by OnionScan can be found here.
You can also directly configure the types of scanning that onionscan does using the scans parameter.
./bin/onionscan –scans web notarealhiddenservice.onion
Running the OnionScan Correlation Lab
If you are a researcher monitoring multiple sites you will definitely want to use the OnionScan Correlation Lab – a web interface hosted by OnionScan that allows you to discover, search and tag different identity correlations.
You can find a full guide on the OnionScan correlation lab here.