When it comes to Dark web OSINT tool, I would recommend Onionscan tool which is free and open source tool, written in GO language & it checks for onion website vulnerabilities, misconfiguration etc.,
\nI would like to select digital ocean platform to run our tool, so follow below instruction to setup the droplet in the Digital Ocean.
\nStep1: You need to create droplets as shown in below.
\nStep2: Select “Ubuntu 20.04 (LTS) x64” distribution or latest version and set-up the required details to create a droplet.
\nStep 3: Viola! Now your droplet has been created.
\nFirst and foremost, you need to do is to connect your VPN server.
\n\n\n\nssh root@public_ip
Note: You can connect the VPN Server using SSH in the terminal if your using Mac/Linux Platform. Incase if your using windows 10 machine you can enable Linux Sub-system or SSH App
\nAs I have connected to my VPN machine, now I need to download the pre-requisites which are required for downloading Onionscan. You can refer official page to check the dependencies for the onion_scan.
\nBefore you download onioscan dependencies, make sure that you got python and TOR installed on your machine, if not please type below commands.
\napt-get update\n\napt-get install tor git bison libexif-dev\n\napt-get install python3-pip\n\npip3 install stemStem is a Python controller library that allows our application to interact with Tor.
\nStep1: Visit the official Go downloads page and find the version for the current binary release’s tarball and download it using curl command line utility.
\ncurl -O https://dl.google.com/go/go1.10.16.linux-amd64.tar.gzStep2: Extract the Tarball
\ntar xvf go1.10.16.linux-amd64.tar.gzStep 3: Change the permission and move the file to local
\nsudo chown -R root:root ./go\nsudo mv go /usr/localStep 4: Now set-up go path.
\nsudo nano ~/.profileAdd the following below line at the end.
\nexport GOPATH=$HOME/work
\nexport PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
\nStep 5: Now refresh the profile and check the version of Go
\nsource ~/.profileNow we have installed GO, now we can easily download the onionscan from below repository
\ngo get github.com/s-rah/onionscan\n\ngo install github.com/s-rah/onionscan@latestNow we have successfully installed Onionscan!!
\nThanks to the author of Automatingosint, who has created onionscan automated python script which will kill a stuck onionscan process and grab a fresh IP address from the TOR network and I have made small modification on the script and converted into python3 version.
\nYou can download it from below repo link using wget command.
\nLink: https://raw.githubusercontent.com/4n6shetty/Darkweb_OnionScan/main/OnionScannerPython3
\nwget https://raw.githubusercontent.com/4n6shetty/Darkweb_OnionScan/main/OnionScannerPython3Now you need to modify the TOR configuration to allow our Automated Python script to request a new IP address, please follow below command:
\ntor --hash-password MozshettyMozshetty is the password which will authenticate to the Tor controller (Refer PythonScript Codeline: 96 ), you can always use your own password but make sure that you update in python script.
\nNow you need to open Tor Configuration file to add the Local Tor Controller port and password to authenticate the controller for requesting new identity.
\nnano -w /etc/tor/torrcAdd below code at the bottom and save the file.
\nControlPort 9051
\nControlListenAddress 127.0.0.1
\nHashedControlPassword 16:101E5D7DF75EF8166007903672136AAC460422C2F8BB256F18DFED6E32
\nNow all you need to do is to restart the Tor by typing below command.
\nservice tor restartNow, we have almost reached to the last step, that is creating onion link repo, I have created by own .onion repo list which includes popular drug marketplace (Ex: darkode reborn, Blackhole, silkroad mirror etc.,) and .onion directories, make sure that you update the .onion repo list file name in the python script (Refer Code Line: 26, 28)
\nFinally, Its time to run our onionscan python script and output is stored in JSON format in the folder called onionscan_results and most important thing is don't forget to use SCREENcommand before running the script so that scanning process keeps running even if you get disconnected from the server.
\nPython3 OnionScannerPython3You can always reach out to me via email > 4n6shetty(at)pm(dot)me
","excerpt":"When it comes to Dark web OSINT tool, I would recommend Onionscan tool which is free and open source tool, written in GO language & it checks for…","frontmatter":{"date":"May 13, 2020","slug":"/Setting-up-Darkweb-Monitoring-using-Onionscan-deployed-in-Virtual-Private-Server","title":"Setting up Darkweb Monitoring using Onionscan deployed in Virtual Private Server","description":"Setting up Darkweb Monitoring using Onionscan deployed in Virtual Private Server","featuredImage":{"childImageSharp":{"gatsbyImageData":{"layout":"fullWidth","backgroundColor":"#080808","images":{"fallback":{"src":"/static/f6d1d8e475fd8891b8a93fc8bbb2b7ae/5267c/web-2592005_1920.jpg","srcSet":"/static/f6d1d8e475fd8891b8a93fc8bbb2b7ae/7284f/web-2592005_1920.jpg 750w,\n/static/f6d1d8e475fd8891b8a93fc8bbb2b7ae/29ba9/web-2592005_1920.jpg 1080w,\n/static/f6d1d8e475fd8891b8a93fc8bbb2b7ae/c8896/web-2592005_1920.jpg 1366w,\n/static/f6d1d8e475fd8891b8a93fc8bbb2b7ae/5267c/web-2592005_1920.jpg 1920w","sizes":"100vw"},"sources":[{"srcSet":"/static/f6d1d8e475fd8891b8a93fc8bbb2b7ae/57584/web-2592005_1920.webp 750w,\n/static/f6d1d8e475fd8891b8a93fc8bbb2b7ae/984df/web-2592005_1920.webp 1080w,\n/static/f6d1d8e475fd8891b8a93fc8bbb2b7ae/4a276/web-2592005_1920.webp 1366w,\n/static/f6d1d8e475fd8891b8a93fc8bbb2b7ae/9c00f/web-2592005_1920.webp 1920w","type":"image/webp","sizes":"100vw"}]},"width":1,"height":0.6666666666666666}}}}}},"pageContext":{"id":"6d01085b-700d-5535-b1f4-ec4c1a7826f0","previous":null,"next":{"id":"d92cac10-6e7d-5480-8e2c-f749e392d999","frontmatter":{"slug":"/IDS-IPS-Evading-Techniques","template":"blog-post","title":"IDS/IPS Evading Techniques using Invalid TCP checksum "}}}}, "staticQueryHashes": ["228695001","2744905544","358227665"]}