From c83cfc9e744351a399b8d291749f688de3d68e73 Mon Sep 17 00:00:00 2001 From: anon Date: Sat, 14 Jan 2023 18:09:37 +0100 Subject: [PATCH] onionscan analys --- flagging.py | 24 +++++++++++ main.py | 120 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 144 insertions(+) create mode 100644 flagging.py create mode 100644 main.py diff --git a/flagging.py b/flagging.py new file mode 100644 index 0000000..dbab33d --- /dev/null +++ b/flagging.py @@ -0,0 +1,24 @@ +def scoring(baseScore): + print("Final score:", baseScore) + if baseScore >= 90: + print("Hidden service don't shows significant marks of potential insecurities.") + print("Minimal recommended Tor Browser mode: Standard") + if baseScore < 90: + if baseScore > 73: + print("Hidden service shows some kind of potential insecurities.") + print("Recommendation: don't use it for critical activities.") + print("Minimal recommended Tor Browser mode: Safer") + if baseScore <= 73 and baseScore > 60: + print("Hidden service showse significant marks of potential insecurities.") + print("Recommendation: don't use it for critical activities.") + print("Recommendation: don't share any personalized information within this hidden service.") + print("Minimal recommended Tor Browser mode: Safer") + if baseScore <= 60 and baseScore > 50: + print("Hidden service is likely insecure.") + print("Recommendation: don't use it for any activities other than browsing.") + print("Recommendation: don't share ANY information within this hidden service.") + print("Recommendation: generate new circut for this hidden service if you still insist to use it.") + print("Minimal recommended Tor Browser mode: Safest") + if baseScore <= 50: + print("Hidden service is problably honeypot.") + print("Recommendation: don't use it at all.") \ No newline at end of file diff --git a/main.py b/main.py new file mode 100644 index 0000000..2f539fd --- /dev/null +++ b/main.py @@ -0,0 +1,120 @@ +import os +import json +import re +from flagging import scoring + +onionReport = os.getenv("ONIONSCAN_REPORT") +#http_headers = os.getenv("HTTP_HEADERS") + +if len(onionReport) == 0: + print("OnionScan report not found, exiting...") + exit() + +onionReport = json.loads(onionReport) +#http_headers = json.loads(http_headers) + +print("Starting analysis...") +print("Starting at the base score 100") +baseScore = 100 + +hiddenService = onionReport['hiddenService'] +print("Hidden service address:", hiddenService) +if hiddenService == " http://ciadotgov4sjwlzihbbgxnqg3xiyrg7so2r2o3lt5wz5ypk4sxyjstad.onion": + baseScore = 0 + print("Score goes down, now:", baseScore) + print("This hidden service is likely owned by CIA.") + scoring(baseScore) + exit() + +ssh = onionReport['sshDetected'] +print("SSH?", ssh) +if ssh: + baseScore = baseScore * 0.67 + print("Score goes down, now:", baseScore) + print("SSH key:", onionReport['sshKey']) + +ftp = onionReport['ftpDetected'] +print("FTP?", ftp) +if ftp: + baseScore = baseScore * 0.67 + print("Score goes down, now:", baseScore) + print("FTP fingerprint:", onionReport['ftpFingerprint']) + print("FTP banner:", onionReport['ftpBanner']) + ftp = onionReport['ftpDetected'] + +smtp = onionReport['smtpDetected'] +print("SMTP?", smtp) +if smtp: + baseScore = baseScore * 0.67 + print("Score goes down, now:", baseScore) + print("SMTP fingerprint:", onionReport['smtpFingerprint']) + print("SMTP banner:", onionReport['smtpBanner']) + +bitcoin = onionReport['bitcoinDetected'] +print("Bitcoin?", bitcoin) +if bitcoin: + baseScore = baseScore * 0.81 + print("Score goes down, now:", baseScore) + bitcoinInfo = onionReport['bitcoinServices']['bitcoin'] + print("Bitcoin user agent:", bitcoinInfo['userAgent']) + print("Bitcoin version:", bitcoinInfo['protocolVersion']) + print("Bitcoin onion peers:", bitcoinInfo['onionPeers']) + +idReport = onionReport['identifierReport'] + +privateKey = idReport['privateKeyDetected'] +print("Private key found?", privateKey) +if privateKey: + baseScore = baseScore * 0.63 + print("Score goes down, now:", baseScore) + +apacheStatus = idReport['foundApacheModStatus'] +print("Apache status found?", apacheStatus) +if apacheStatus: + baseScore = baseScore * 0.87 + print("Score goes down, now:", baseScore) + +ipAddress = idReport['ipAddresses'] +print("IP address leakage?", ipAddress) +if ipAddress: + baseScore = baseScore * 0.55 + print("Score goes down, now:", baseScore) + +emailAddress = idReport['emailAddresses'] +print("Email address found?", emailAddress) +if emailAddress: + baseScore = baseScore * 0.959 + print("Score goes down, now:", baseScore) + +analyticsId = idReport['analyticsIDs'] +print("Analytics tags?", analyticsId) +if analyticsId: + baseScore = baseScore * 0.6 + print("Score goes down, now:", baseScore) + +risks = onionReport['simpleReport']['risks'] +print("OnionScan detected risks:\n") +for r in risks: + t = r['title'] + print("\tName:", t) + s = r['severity'] + print("\tSeverity:", s) + if s == "info": + baseScore = baseScore * 0.999 + print("\tScore goes down, now:", baseScore) + if s == "low": + baseScore = baseScore * 0.959 + print("\tScore goes down, now:", baseScore) + if s == "medium": + baseScore = baseScore * 0.939 + print("\tScore goes down, now:", baseScore) + if s == "high": + baseScore = baseScore * 0.87 + print("\tScore goes down, now:", baseScore) + if s == "critical": + baseScore = baseScore * 0.77 + print("\tScore goes down, now:", baseScore) + print("") + +scoring(baseScore) +print("Analysis ended.") \ No newline at end of file