Edited at

Ichidan でTorネットワーク内の情報収集

More than 1 year has passed since last update.

What is Ichidan?

Ichidan Is a Shodan-Like Search Engine for the Dark Web

Shodanのようなダークウェブ用の検索エンジン

取り急ぎ作成


検索してみる

image.png

SSH が有効な.onionドメインを探してみる

検索欄にSSHと記述

image.png


プログラミング

Pythonから検索し結果をdbに保存

import socks

import socket
import urllib
import re
import sqlite3
import datetime

URL = "http://ichidanv34wrx7m7.onion"

def create_connection(address, timeout=None, source_address=None):
sock = socks.socksocket()
sock.connect(address)
return sock

def now(format_str):
return datetime.datetime.now().strftime(format_str)

class ConnTor:
def __init__(self):
socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, "127.0.0.1", 9050, True)
socket.socket = socks.socksocket
socket.create_connection = create_connection

class Ichidan:
def __init__(self):
ConnTor()
print "[+] Connected Tor Network"

"""
def __login(self):
pass
"""

def search(self, query, page=1):
url = URL + "/search?page=" + str(page) + "&query=" + query
data = urllib.urlopen(url).read()
last_page = [row for row in re.findall("<a href=\"/search.*?\">([0-9]{1,9})</a>", data)][-1]
print "[+] Found", last_page, "pages"

db = DB()
for page_num in range(1, int(last_page)+1):
print "[-] Now Page -->", url
url = URL + "/search?page=" + str(page_num) + "&query=" + query
data = urllib.urlopen(url).read()
for row in re.findall("<a href=\".*?.onion\">(.*?.onion)</a>", data):
db.insert(row, query, now("%Y-%m-%d %H:%M:%S"))
#print row
db.commit()
db.close()

class DB:
def __init__(self):
db_name = "ichidan_%s.db" % now("%Y%m%d-%H%M%S")
self.conn = sqlite3.connect(db_name)
self.__create_table()

def __create_table(self):
sql = u"""
create table ichidan (
id integer primary key autoincrement,
domain text,
query text,
create_at text
);
"""

self.conn.execute(sql)

def insert(self, *vals):
self.conn.execute("INSERT INTO ichidan(domain, query, create_at) VALUES(?, ?, ?)", vals)

def commit(self):
self.conn.commit()

def close(self):
self.conn.close()

if __name__ == '__main__':
Ichidan().search("http")

こんな感じにDBへ

> sqlite3 ichidan_20170917-024842.db

SQLite version 3.16.2 2017-01-06 16:32:41
Enter ".help" for usage hints.
sqlite> select * from ichidan;
1|tz7qvsthacppuca4.onion|http|2017-09-17 02:48:44
2|4wqn65ss6hoeqynv.onion|http|2017-09-17 02:48:44
3|4sy6ebszykvcv2n6.onion|http|2017-09-17 02:48:44
4|s3ppk2geaa5ml4kt.onion|http|2017-09-17 02:48:44
5|e4kgvc56gdzop6ch.onion|http|2017-09-17 02:48:44
6|protonirockerxow.onion|http|2017-09-17 02:48:44
7|hrvis2syj6kvaqru.onion|http|2017-09-17 02:48:44
8|424pt7j3e74xfqxu.onion|http|2017-09-17 02:48:44
9|jthvk4azzct2lptc.onion|http|2017-09-17 02:48:44
10|kwkvnpncl7qej6js.onion|http|2017-09-17 02:48:44
11|sx3rwjwhigz3aafs.onion|http|2017-09-17 02:48:46
12|rzb5nlpvy5oqnket.onion|http|2017-09-17 02:48:46
13|ikfwzqtlnjxwfq3t.onion|http|2017-09-17 02:48:46
14|yzszwhdftasz3bj2.onion|http|2017-09-17 02:48:46
15|ou63pmih66umazou.onion|http|2017-09-17 02:48:46
16|ojgnw7wt6ozfzeeh.onion|http|2017-09-17 02:48:46
17|writeas7pm7rcdqg.onion|http|2017-09-17 02:48:46
18|vxxca6ydhe3acv6h.onion|http|2017-09-17 02:48:46
19|roothitpesjylrta.onion|http|2017-09-17 02:48:46
20|mv7kzfntye5jxt62.onion|http|2017-09-17 02:48:46
21|escrowgc7gjgtk2k.onion|http|2017-09-17 02:48:48
22|22222222bxxurr35.onion|http|2017-09-17 02:48:48
23|acidair46niz7sg4.onion|http|2017-09-17 02:48:48
24|3xdvknchriugpjjh.onion|http|2017-09-17 02:48:48
25|2jv5r7k66ralyk3g.onion|http|2017-09-17 02:48:48
26|fresh57ii4ejc6hx.onion|http|2017-09-17 02:48:48
27|qm3cctbjv2qg7jni.onion|http|2017-09-17 02:48:48
28|ed2by3umdjat6tnz.onion|http|2017-09-17 02:48:48
29|phe6z7vfj3trzz64.onion|http|2017-09-17 02:48:48
30|a3hse43gyxnqyx3k.onion|http|2017-09-17 02:48:48
...

やったぜv(´・ω・`)v