[tor-onions] Privacy Audits for Onion Services
VinÃcius Zavam
egypcio at gmail.com
Thu Sep 20 11:18:43 UTC 2018
On Fri, Aug 31, 2018, 19:59 Micah Lee <micah at micahflee.com> wrote:
> On 08/30/18 08:33, Jason S. Evans wrote:
> > Hi all,
> >
> > How can I best audit an onion service to make sure that my IP can not
> > easily be compromised? Is there a list of things to do to try to hack my
> > own site to try to find the IP?
>
> In addition to what everyone else said, there's also a pretty awesome
> tool called OnionScan which will scan http onion services looking for
> leaks -- IP address, but also things like exif metadata in jpegs it finds.
>
> I used this on the onion site version of https://onionshare.org and it
> discovered that I had apache2's mod_status enabled which was leaking the
> real IP address of the server.
>
> Here's the website:
> https://onionscan.org/
>
> Here's the code, along with build instructions (it's written in golang):
> https://github.com/s-rah/onionscan
sweet!
I just finished to port OnionScan for FreeBSD, and should be in the tree
soon; https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=231508
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-onions/attachments/20180920/8ce2695a/attachment.html>
More information about the tor-onions
mailing list