Security comes at a high price in life. Freedom, security, and democracy are not guaranteed. Small tools always bring advantages to the user that can be used to automate processes. These creative scripts aim to show you how simple functions can save a lot of time and money, eliminating the need to purchase expensive security packages for basic scanning tasks.
This project provides an example of how to use Python libraries Stem and Scapy to work with the Tor network. Stem is a library for interacting with Tor, while Scapy is used for creating and manipulating network packets. Together, they allow for anonymized network operations.
- Python 3.x
- Stem
- Scapy
- Tor
- Install Python 3.x from Python's official website.
- Install Stem using pip:
pip install stem
- Install Scapy using pip:
pip install scapy
- Ensure Tor is installed and running. You can download and install Tor from Tor Project's official website.
To connect to an existing Tor process and retrieve basic information:
from stem import Signal
from stem.control import Controller
with Controller.from_port(port = 9051) as controller:
controller.authenticate() # Authenticate if necessary
print("Tor Version:", controller.get_version())
print("Allowed SocksPort:", controller.get_conf("SocksPort"))
# Request a new identity
controller.signal(Signal.NEWNYM)
print("New identity requested")
To start a new Tor process directly from your Python script:
from stem.process import launch_tor_with_config
tor_process = launch_tor_with_config(
config = {
'SocksPort': '9050',
'ControlPort': '9051',
},
init_msg_handler = lambda line: print(line),
)
print("Tor process started")
# Terminate the Tor process
tor_process.terminate()
To send network packets through the Tor network using Scapy:
from scapy.all import *
import socks
import socket
# Set up Tor Socks proxy
socks.set_default_proxy(socks.SOCKS5, "127.0.0.1", 9050)
socket.socket = socks.socksocket
# Create and send a simple ICMP packet
packet = IP(dst="8.8.8.8")/ICMP()
response = sr1(packet, timeout=10)
if response:
response.show()
else:
print("No response received")
The single.py
script starts a Tor process, requests a new Tor identity, and performs security checks on a specified domain (both Onion and regular websites) using various tools. The script runs the following steps:
- Start Tor Process: Initializes a Tor process with a specified configuration for
SocksPort
andControlPort
. - Authenticate with Tor Controller: Connects to the Tor control port and authenticates.
- Request New Identity: Requests a new Tor identity using the
NEWNYM
signal. - Perform Security Checks: Executes security tools (
nmap
,nikto
,socat
) on the specified domain and prints the results. - Terminate Tor Process: Ends the Tor process after completing the checks.
The from_file.py
script extends the functionality of single.py
by reading multiple domains from a text or CSV file and performing security checks on each. The script follows these steps:
- Start Tor Process: Initializes a Tor process with a specified configuration for
SocksPort
andControlPort
. - Authenticate with Tor Controller: Connects to the Tor control port and authenticates.
- Read Domains from File: Reads a list of domains from a text or CSV file.
- Iterate Over Domains:
- Requests a new Tor identity for each domain.
- Executes security tools (
nmap
,nikto
,socat
) on each domain and prints the results.
- Terminate Tor Process: Ends the Tor process after processing all domains.
These scripts can be used to automate security testing of both Onion and regular domains. They demonstrate how to:
- Integrate Tor with security tools.
- Automate the process of changing Tor identities.
- Perform repeated security checks on multiple domains.
Additional tools and tasks that could be automated with similar scripts include:
- Vulnerability scanning with other tools like OpenVAS.
- Web application security testing with OWASP ZAP.
- Network traffic analysis with Wireshark.
- Automated penetration testing with Metasploit.
By leveraging these scripts, various security testing and network analysis tasks can be performed automatically within the Tor network.
If you find this project useful and want to support it, there are several ways to do so:
- If you find the white paper helpful, please ⭐ it on GitHub. This helps make the project more visible and reach more people.
- Become a Follower: If you're interested in updates and future improvements, please follow my GitHub account. This way you'll always stay up-to-date.
- Learn more about my work: I invite you to check out all of my work on GitHub and visit my developer site https://volkansah.github.io. Here you will find detailed information about me and my projects.
- Share the project: If you know someone who could benefit from this project, please share it. The more people who can use it, the better. If you appreciate my work and would like to support it, please visit my GitHub Sponsor page. Any type of support is warmly welcomed and helps me to further improve and expand my work.
Thank you for your support! ❤️
S. Volkan Kücükbudak
This project is licensed under the GPLv3 License.