[tor-onions] Privacy Audits for Onion Services
Micah Lee
micah at micahflee.com
Fri Aug 31 17:01:54 UTC 2018
On 08/30/18 08:33, Jason S. Evans wrote:
> Hi all,
>
> How can I best audit an onion service to make sure that my IP can not
> easily be compromised? Is there a list of things to do to try to hack my
> own site to try to find the IP?
In addition to what everyone else said, there's also a pretty awesome
tool called OnionScan which will scan http onion services looking for
leaks -- IP address, but also things like exif metadata in jpegs it finds.
I used this on the onion site version of https://onionshare.org and it
discovered that I had apache2's mod_status enabled which was leaking the
real IP address of the server.
Here's the website:
https://onionscan.org/
Here's the code, along with build instructions (it's written in golang):
https://github.com/s-rah/onionscan
More information about the tor-onions
mailing list