PentestingDarkWebSites/tools.md

Tor setup

Checking to see if tor is running

The following command could be used to get the status of the tor service.

sudo service tor status

The following command can be used to see if tor is actually useable. The command will look for any open ports.It should say that tor is listening on port 9051 or 9050. But the port could be changed to any port.

sudo netstat -tulpn | grep LISTEN

The next commands could be used to start tor as a service,

sudo service tor start

Depending on the machine you are using it might not work. Here are a few other commands that can be used to start tor.

sudo systemctl tor restart

Restarting tor.

sudo systemctl restart tor

Tools

docker-onion-nmap

• https://github.com/milesrichardson/docker-onion-nmap

BurpSuite

BurpSuite is a hacker's best friend, it can do pretty much any web attack. BurpSuite can also be used with tor.

Here are some guides on how to set up with TOR:

• https://brezular.com/2020/01/02/how-to-configure-burpsuite-to-use-tor-as-proxy/
• https://kalinull.medium.com/how-to-intercept-tor-hidden-service-requests-with-burp-proxy-6214035963a0

The creators of BurpSuite also have a site where you can practice your skills and do labs... https://portswigger.net/web-security/all-labs

Dirsearch

Dirsearch Make sure to is running & installed,

sudo systemctl tor start

The command above could be used to start the tor service.

sudo python3 dirsearch.py -u link.onion --proxy 127.0.0.1:9051

The command above can be used to scan a dark web site. We used the --proxy so the tool can access the onion.

Shodan

Shodan is a great tool. The tool is free for the first couple of results but if you have a paid account you can view all the pages. During Black Firday, they have a killer dealer where you can buy it for like 10$. A couple of years ago I got a life time subscription for $5. If you cant pay, don't worry there are other sites that can be used.

• https://www.zoomeye.org
• https://censys.io
• https://ivre.rocks
• https://leakix.net

Once a while I like to search for keywords like:

• onion
• look for open ports, 9001, 9030, 9040, 9050
• names of services
• the Onion URL to the site

In the past there has been a couple of times where a site's testing server was exposed on the internet. Sites like Shodan are constantly scanning the internet and cralwing each page that they show on the platform. Sometimes the web site owner will not set up the web server correctly so the IP will leak and the site will have its IP eposed.

OnionScan

• https://github.com/s-rah/onionscan

dirstalk

• https://github.com/stefanoj3/dirstalk

This tool has built in ways to use with tor. - https://github.com/stefanoj3/tordock

docker run -d -p 127.0.0.1:9150:9150 stefanoj3/tordock:latest

After running you the docker you should run this command.

dirstalk scan http://some.onion  --dictionary mydictionary.txt --socks5 127.0.0.1:9150