onionscan analys

2023-01-14 18:09:37 +01:00 · 2023-01-14 18:09:37 +01:00 · c83cfc9e74
commit c83cfc9e74
parent de261542f6
2 changed files with 144 additions and 0 deletions
--- a/flagging.py
+++ b/flagging.py
@ -0,0 +1,24 @@
+def scoring(baseScore):
+    print("Final score:", baseScore)
+    if baseScore >= 90:
+        print("Hidden service don't shows significant marks of potential insecurities.")
+        print("Minimal recommended Tor Browser mode: Standard")
+    if baseScore < 90:
+        if baseScore > 73:
+            print("Hidden service shows some kind of potential insecurities.")
+            print("Recommendation: don't use it for critical activities.")
+            print("Minimal recommended Tor Browser mode: Safer")
+        if baseScore <= 73 and baseScore > 60:
+            print("Hidden service showse significant marks of potential insecurities.")
+            print("Recommendation: don't use it for critical activities.")
+            print("Recommendation: don't share any personalized information within this hidden service.")
+            print("Minimal recommended Tor Browser mode: Safer")
+        if baseScore <= 60 and baseScore > 50:
+            print("Hidden service is likely insecure.")
+            print("Recommendation: don't use it for any activities other than browsing.")
+            print("Recommendation: don't share ANY information within this hidden service.")
+            print("Recommendation: generate new circut for this hidden service if you still insist to use it.")
+            print("Minimal recommended Tor Browser mode: Safest")
+        if baseScore <= 50:
+            print("Hidden service is problably honeypot.")
+            print("Recommendation: don't use it at all.")
--- a/main.py
+++ b/main.py
@ -0,0 +1,120 @@
+import os
+import json
+import re
+from flagging import scoring
+
+onionReport = os.getenv("ONIONSCAN_REPORT")
+#http_headers = os.getenv("HTTP_HEADERS")
+
+if len(onionReport) == 0:
+    print("OnionScan report not found, exiting...")
+    exit()
+
+onionReport = json.loads(onionReport)
+#http_headers = json.loads(http_headers)
+
+print("Starting analysis...")
+print("Starting at the base score 100")
+baseScore = 100
+
+hiddenService = onionReport['hiddenService']
+print("Hidden service address:", hiddenService)
+if hiddenService == " http://ciadotgov4sjwlzihbbgxnqg3xiyrg7so2r2o3lt5wz5ypk4sxyjstad.onion":
+    baseScore = 0
+    print("Score goes down, now:", baseScore)
+    print("This hidden service is likely owned by CIA.")
+    scoring(baseScore)
+    exit()
+
+ssh = onionReport['sshDetected']
+print("SSH?", ssh)
+if ssh:
+    baseScore = baseScore * 0.67
+    print("Score goes down, now:", baseScore)
+    print("SSH key:", onionReport['sshKey'])
+
+ftp = onionReport['ftpDetected']
+print("FTP?", ftp)
+if ftp:
+    baseScore = baseScore * 0.67
+    print("Score goes down, now:", baseScore)
+    print("FTP fingerprint:", onionReport['ftpFingerprint'])
+    print("FTP banner:", onionReport['ftpBanner'])
+    ftp = onionReport['ftpDetected']
+
+smtp = onionReport['smtpDetected']
+print("SMTP?", smtp)
+if smtp:
+    baseScore = baseScore * 0.67
+    print("Score goes down, now:", baseScore)
+    print("SMTP fingerprint:", onionReport['smtpFingerprint'])
+    print("SMTP banner:", onionReport['smtpBanner'])
+
+bitcoin = onionReport['bitcoinDetected']
+print("Bitcoin?", bitcoin)
+if bitcoin:
+    baseScore = baseScore * 0.81
+    print("Score goes down, now:", baseScore)
+    bitcoinInfo = onionReport['bitcoinServices']['bitcoin']
+    print("Bitcoin user agent:", bitcoinInfo['userAgent'])
+    print("Bitcoin version:", bitcoinInfo['protocolVersion'])
+    print("Bitcoin onion peers:", bitcoinInfo['onionPeers'])
+
+idReport = onionReport['identifierReport']
+
+privateKey = idReport['privateKeyDetected']
+print("Private key found?", privateKey)
+if privateKey:
+    baseScore = baseScore * 0.63
+    print("Score goes down, now:", baseScore)
+
+apacheStatus = idReport['foundApacheModStatus']
+print("Apache status found?", apacheStatus)
+if apacheStatus:
+    baseScore = baseScore * 0.87
+    print("Score goes down, now:", baseScore)
+
+ipAddress = idReport['ipAddresses']
+print("IP address leakage?", ipAddress)
+if ipAddress:
+    baseScore = baseScore * 0.55
+    print("Score goes down, now:", baseScore)
+
+emailAddress = idReport['emailAddresses']
+print("Email address found?", emailAddress)
+if emailAddress:
+    baseScore = baseScore * 0.959
+    print("Score goes down, now:", baseScore)
+
+analyticsId = idReport['analyticsIDs']
+print("Analytics tags?", analyticsId)
+if analyticsId:
+    baseScore = baseScore * 0.6
+    print("Score goes down, now:", baseScore)
+
+risks = onionReport['simpleReport']['risks']
+print("OnionScan detected risks:\n")
+for r in risks:
+    t = r['title']
+    print("\tName:", t)
+    s = r['severity']
+    print("\tSeverity:", s)
+    if s == "info":
+        baseScore = baseScore * 0.999
+        print("\tScore goes down, now:", baseScore)
+    if s == "low":
+        baseScore = baseScore * 0.959
+        print("\tScore goes down, now:", baseScore)
+    if s == "medium":
+        baseScore = baseScore * 0.939
+        print("\tScore goes down, now:", baseScore)
+    if s == "high":
+        baseScore = baseScore * 0.87
+        print("\tScore goes down, now:", baseScore)
+    if s == "critical":
+        baseScore = baseScore * 0.77
+        print("\tScore goes down, now:", baseScore)
+    print("")
+
+scoring(baseScore)
+print("Analysis ended.")