onionscan analys

2023-01-14 18:09:37 +01:00 · 2023-01-14 18:09:37 +01:00 · c83cfc9e74
commit c83cfc9e74
parent de261542f6
2 changed files with 144 additions and 0 deletions
--- a/flagging.py
+++ b/flagging.py
@ -0,0 +1,24 @@
 def scoring(baseScore):
    print("Final score:", baseScore)
    if baseScore >= 90:
        print("Hidden service don't shows significant marks of potential insecurities.")
        print("Minimal recommended Tor Browser mode: Standard")
    if baseScore < 90:
        if baseScore > 73:
            print("Hidden service shows some kind of potential insecurities.")
            print("Recommendation: don't use it for critical activities.")
            print("Minimal recommended Tor Browser mode: Safer")
        if baseScore <= 73 and baseScore > 60:
            print("Hidden service showse significant marks of potential insecurities.")
            print("Recommendation: don't use it for critical activities.")
            print("Recommendation: don't share any personalized information within this hidden service.")
            print("Minimal recommended Tor Browser mode: Safer")
        if baseScore <= 60 and baseScore > 50:
            print("Hidden service is likely insecure.")
            print("Recommendation: don't use it for any activities other than browsing.")
            print("Recommendation: don't share ANY information within this hidden service.")
            print("Recommendation: generate new circut for this hidden service if you still insist to use it.")
            print("Minimal recommended Tor Browser mode: Safest")
        if baseScore <= 50:
            print("Hidden service is problably honeypot.")
            print("Recommendation: don't use it at all.")
--- a/main.py
+++ b/main.py
@ -0,0 +1,120 @@
 import os
 import json
 import re
 from flagging import scoring
 onionReport = os.getenv("ONIONSCAN_REPORT")
 #http_headers = os.getenv("HTTP_HEADERS")
 if len(onionReport) == 0:
    print("OnionScan report not found, exiting...")
    exit()
 onionReport = json.loads(onionReport)
 #http_headers = json.loads(http_headers)
 print("Starting analysis...")
 print("Starting at the base score 100")
 baseScore = 100
 hiddenService = onionReport['hiddenService']
 print("Hidden service address:", hiddenService)
 if hiddenService == " http://ciadotgov4sjwlzihbbgxnqg3xiyrg7so2r2o3lt5wz5ypk4sxyjstad.onion":
    baseScore = 0
    print("Score goes down, now:", baseScore)
    print("This hidden service is likely owned by CIA.")
    scoring(baseScore)
    exit()
 ssh = onionReport['sshDetected']
 print("SSH?", ssh)
 if ssh:
    baseScore = baseScore * 0.67
    print("Score goes down, now:", baseScore)
    print("SSH key:", onionReport['sshKey'])
 ftp = onionReport['ftpDetected']
 print("FTP?", ftp)
 if ftp:
    baseScore = baseScore * 0.67
    print("Score goes down, now:", baseScore)
    print("FTP fingerprint:", onionReport['ftpFingerprint'])
    print("FTP banner:", onionReport['ftpBanner'])
    ftp = onionReport['ftpDetected']
 smtp = onionReport['smtpDetected']
 print("SMTP?", smtp)
 if smtp:
    baseScore = baseScore * 0.67
    print("Score goes down, now:", baseScore)
    print("SMTP fingerprint:", onionReport['smtpFingerprint'])
    print("SMTP banner:", onionReport['smtpBanner'])
 bitcoin = onionReport['bitcoinDetected']
 print("Bitcoin?", bitcoin)
 if bitcoin:
    baseScore = baseScore * 0.81
    print("Score goes down, now:", baseScore)
    bitcoinInfo = onionReport['bitcoinServices']['bitcoin']
    print("Bitcoin user agent:", bitcoinInfo['userAgent'])
    print("Bitcoin version:", bitcoinInfo['protocolVersion'])
    print("Bitcoin onion peers:", bitcoinInfo['onionPeers'])
 idReport = onionReport['identifierReport']
 privateKey = idReport['privateKeyDetected']
 print("Private key found?", privateKey)
 if privateKey:
    baseScore = baseScore * 0.63
    print("Score goes down, now:", baseScore)
 apacheStatus = idReport['foundApacheModStatus']
 print("Apache status found?", apacheStatus)
 if apacheStatus:
    baseScore = baseScore * 0.87
    print("Score goes down, now:", baseScore)
 ipAddress = idReport['ipAddresses']
 print("IP address leakage?", ipAddress)
 if ipAddress:
    baseScore = baseScore * 0.55
    print("Score goes down, now:", baseScore)
 emailAddress = idReport['emailAddresses']
 print("Email address found?", emailAddress)
 if emailAddress:
    baseScore = baseScore * 0.959
    print("Score goes down, now:", baseScore)
 analyticsId = idReport['analyticsIDs']
 print("Analytics tags?", analyticsId)
 if analyticsId:
    baseScore = baseScore * 0.6
    print("Score goes down, now:", baseScore)
 risks = onionReport['simpleReport']['risks']
 print("OnionScan detected risks:\n")
 for r in risks:
    t = r['title']
    print("\tName:", t)
    s = r['severity']
    print("\tSeverity:", s)
    if s == "info":
        baseScore = baseScore * 0.999
        print("\tScore goes down, now:", baseScore)
    if s == "low":
        baseScore = baseScore * 0.959
        print("\tScore goes down, now:", baseScore)
    if s == "medium":
        baseScore = baseScore * 0.939
        print("\tScore goes down, now:", baseScore)
    if s == "high":
        baseScore = baseScore * 0.87
        print("\tScore goes down, now:", baseScore)
    if s == "critical":
        baseScore = baseScore * 0.77
        print("\tScore goes down, now:", baseScore)
    print("")
 scoring(baseScore)
 print("Analysis ended.")