onionscan
onionscan copied to clipboard
s-rah
Design 3rd Party Database Lookups
There have been discussions and suggestions in #3 and #6 for using external services such as Tineye and Shodan for comparing fingerprints collected. As hidden services may be scanned by onionscan, possibly even by the owners of hidden services, to prevent the chances of correlation between scanners and sites, all IP accesses using onionscan should have the option of being accessed through an anonymising service.
Great Idea. Given the nature of the tool, the default should be any network connections use the Tor Proxy. Not sure where to capture these kind of things yet, probably in a CONTRIBUTORS.md file for designing new features.
As hidden services may be scanned by onionscan, possibly even by the owners of hidden services
Good point. I think it would be wise to put any access to centralized external services behind an option that is disabled by default, and otherwise access them over Tor. Even when querying over Tor, e.g. Shodan her host*, as well as possibly routers along the way, would learn that certain key fingerprints are being queried, which is an information leak. Not as bad as a query from a direct IP of course but it's something to mind.
(* I've heard that at least some of the bitcoin block explorers, that allow for querying addresses and transaction IDs, keep track of what is requested and by whom)
