Inspecting Deep Web Links
Introduction
If you have ever decided to explore what on earth someone can find on the so-called 'Deep Web,' then you have probably gone through the pain were more than half the links available online do not work.
The majority of people will look for 'hidden wikis' which contain a list of multiple deep web (.onion) URLs and then use the TorBrowser in the attempt of discovering if the 'services' that the specific site provides are those that the 'wiki' claims it does. These 'wikis' contain links to social networks, forums, and blog websites or even sites which sell drugs, and supply hitman and hacking services.
FREE role-guided training plans
This is all great for gaining awareness of all the crazy madness found on the trails of the Deep Web. However, the problem is - and trust me it is a big one - that more than 70% of the links will not work. As a result, we clearly want to be able to see whether the sites are active, before realizing that most of them are not - so, let's go ahead and do that.
Action
We are going to use a tool I recently developed called ONIOFF, a simple tool - written in pure python - for inspecting Deep Web URLs (or onions). Make sure Tor is running on your device ($ service tor start) and then download ONIOFF by cloning the Git Repo and simply installing its requirements:
$ git clone https://github.com/k4m4/onioff.git
$ cd onioff
$ pip install -r requirements.txt
Next, we want to create a flat (.txt) file which contains many, line-separated onion links (the exact amount is up to you obviously). To do so, we can use hidden wikis such as thehiddenwiki.org or torhiddenwiki.com and extract all links into our text file.
Subsequently, we want to use ONIOFF to inspect our links and see which of them are active and running. If they are, indeed, running, ONIOFF will also give us each site's title. Without any further ado, let's run it:
$ python onioff.py -f [Link File] -o [Report File]
Once we have executed our command, all active sites and their title will be displayed in our CLI, and a report will be saved into our output (-o) file. For example, you should be able to see something like the following:
FREE role-guided training plans
Conclusion
Now, we are aware of all 'actually working' sites and can thus explore the Deep Web with ease, without having to go through the struggle of inactive .onion URLs! Hope you found this useful. Go ahead and explore all the weird things you can find on the 'Deep' part of the Web - and remember, always stay on the white side.
In this Series
- Inspecting Deep Web Links
- Free Valentine's Day cybersecurity cards: Keep your love secure!
- How to design effective cybersecurity policies
- What is attack surface management and how it makes the enterprise more secure
- Is a cybersecurity boot camp worth it?
- The aftermath: An analysis of recent security breaches
- Understanding cybersecurity breaches: Types, common causes and potential risks
- Breaking the Silo: Integrating Email Security with XDR
- What is Security Service Edge (SSE)?
- Cybersecurity in Biden’s era
- Password security: Using Active Directory password policy
- Inside a DDoS attack against a bank: What happened and how it was stopped
- Inside Capital One’s game-changing breach: What happened and key lessons
- A DevSecOps process for ransomware prevention
- What is Digital Risk Protection (DRP)?
- How to choose and harden your VPN: Best practices from NSA & CISA
- Will immersive technology evolve or solve cybercrime?
- Twitch and YouTube abuse: How to stop online harassment
- Can your personality indicate how you’ll react to a cyberthreat?
- The 5 biggest cryptocurrency heists of all time
- Pay GDPR? No thanks, we’d rather pay cybercriminals
- Customer data protection: A comprehensive cybersecurity guide for companies
- Online certification opportunities: 4 vendors who offer online certification exams [updated 2021]
- FLoC delayed: what does this mean for security and privacy?
- Stolen company credentials used within hours, study says
- Don’t use CAPTCHA? Here are 9 CAPTCHA alternatives
- 10 ways to build a cybersecurity team that sticks
- Verizon DBIR 2021 summary: 7 things you should know
- 2021 cybersecurity executive order: Everything you need to know
- Kali Linux: Top 5 tools for stress testing
- Android security: 7 tips and tricks to secure you and your workforce [updated 2021]
- Mobile emulator farms: What are they and how they work
- 3 tracking technologies and their impact on privacy
- In-game currency & money laundering schemes: Fortnite, World of Warcraft & more
- Quantitative risk analysis [updated 2021]
- Understanding DNS sinkholes - A weapon against malware [updated 2021]
- Python for network penetration testing: An overview
- Python for exploit development: Common vulnerabilities and exploits
- Python for exploit development: All about buffer overflows
- Python language basics: understanding exception handling
- Python for pentesting: Programming, exploits and attacks
- Increasing security by hardening the CI/CD build infrastructure
- Pros and cons of public vs internal container image repositories
- CI/CD container security considerations
- Vulnerability scanning inside and outside the container
- How Docker primitives secure container environments
- Top 4 Zapier security risks
- Common container misconfigurations and how to prevent them
- Building container images using Dockerfile best practices
- Securing containers using Docker isolation
- Introduction to container security
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
General security
Free Valentine's Day cybersecurity cards: Keep your love secure!
General security
General security