Dark Web OSINT With Python and OnionScan: Part One by Justin.
When you tire of what passes for political discussion on Twitter and/or Facebook this weekend, why not try your hand at something useful?
Like looking for data leaks on the Dark Web?
You could, in theory at least, notify the sites of their data leaks. 😉
One of the aspects of announced leaks that never ceases to amaze me are reports that read:
Well, we pawned the (some string of letters) database and then notified them of the issue.
Before getting a copy of the entire database? What’s the point?
All you have accomplished is making another breach more difficult and demonstrating your ability to breach a system where the root password was most likely “god.”
Anyway, Justin gets you started on seeking data leaks on the Dark Web saying:
You may have heard of this awesome tool called OnionScan that is used to scan hidden services in the dark web looking for potential data leaks. Recently the project released some cool visualizations and a high level description of what their scanning results looked like. What they didn’t provide is how to actually go about scanning as much of the dark web as possible, and then how to produce those very cool visualizations that they show.
At a high level we need to do the following:
- Setup a server somewhere to host our scanner 24/7 because it takes some time to do the scanning work.
- Get TOR running on the server.
- Get OnionScan setup.
- Write some Python to handle the scanning and some of the other data management to deal with the scan results.
- Write some more Python to make some cool graphs. (Part Two of the series)
Let’s get started!
Very much looking forward to Part 2!
Enjoy!