100's of Dark Web Sites Should Now Be Considered Compromised

Earlier this morning, a blog post was published titled: Dark Web OSINT With Python and OnionScan: Part One.

The post outlines the process of using Python and OnionScan to check onion services.

At the end of this post, there is a link to a dump of OnionScan results for many thousands of onion services.

These dumps contain many things, OnionScan output is rather verbose. However, where sites have Apache mod_status compromises or can be fingerprinted this dump leads to direct or almost-direct deanonymization of these sites.

As previously reported, hundreds of sites are vulnerable to these kinds of attacks.

This was always a possibility - These sites didn't become vulnerable overnight and we have written before about how easy it is to do this.

When releasing OnionScan and publishing the periodic reports, we always knew that this kind of thing was a possibility - which is why we have been so vocal about trying to get site operators to fix the known issues.

The data dump only lowers the bar, and really, not by much.

We are glad to say that since the release of OnionScan we are aware of many new sites, and plenty of older ones having used the tool to find and fix vulnerabilities.

We again urge onion site operators to examine their sites today and take steps necessary to patch leaky Apache modules, bad software or fingerprintable protocols.

Things are only going to get more risky if you don't.