Hacking Book | Free Online Hacking Learning


ichidan: the most powerful dark web search engine, dark web version of shodan!

Posted by bassolino at 2020-02-27

E security September 15 news recently, a netizen on twitter found a new dark web portal, which allows users to search tor onion site by using various services on the Internet exposed by Shodan search.

E security note: Shodan is a search engine, but it is different from Google, which is used to search online devices in cyberspace. You can search specific devices or search specific types of devices through Shodan. The most popular search content on Shodan is: webcam, Linksys, Cisco, Netgear, SCADA, etc.

The website is called ichidan, which may be a variation of Japanese words or the Uzbek word "neili". This service is located in ichidanv34wrx7m7 [.] onion. In the long run, it is likely to become a utility for any visitor to investigate the dark network service.

Researchers: a powerful dark web search engine

"The search engine is extremely powerful," said Victor Gevers, a foreign security expert. It contains a lot of. Onion addresses that I don't even know. I was shocked by what I found. "

Using ichidan, Victor gaffer can discover all kinds of security vulnerabilities through the dark network service in a few minutes.

The researchers also stressed that one of the onion sites also provides a lot of port information.

The dark web site searched in the figure above includes all kinds of exposed service connections, open the underlying server for violent cracking or dictionary (password guessing) attack.

The disclosure of the onion site, which is hosted on a mail server, includes Telnet, SSH and vsftpd services. In addition, one of the ports / services has attracted great attention of researchers.

Victor Gates said that the port is related to a web server that contains a fritzbox router, which means that anyone can use the router's web server to host the tor website, or hijack another's router to host the site. In fact, it is not new to host tor service on modem / router. Nowadays, people can even host tor relay on QNAP NAS.

Under normal circumstances, tor sites should not expose such information as it is likely to reveal the location and true identity of the site owner.

Although this kind of data can be an important basis for us to track cyber criminals and all kinds of fraudsters, it may not be good news for those who want to run secret news portals within the country.

And the details above are not secrets. You don't need to use services like ichidan to find such data. However, using web access service to run basic diagnosis to onion site quickly is far less difficult than using tedious command-line penetration testing tools.

Confirm: the scale of dark network is shrinking

Through the study of ichidan by security experts, a conclusion can be basically determined. According to the report of onionscan, the overall scale of the dark network has been reduced by 85%, from about 30000 websites to only 4400 currently.

E security (official account: E security) runs in Ichidan, and the total number of 5635 results is returned. This figure is basically consistent with the above research conclusions. A similar number was returned from a search of a popular onion tor live link directory, with a total of 6109 results.

Note: This article is compiled and reported by e security. For reprint, please indicate the original address


Related reading:

A small mistake led to the ban of alphabay and Hansa markets

Why are investors flocking to dark network intelligence companies?

Flashpoint, a dark network intelligence company, received 28 million USD round C financing

Analysis of the attack pattern of the dark network: it's nonsense for hackers to steal something

The disclosure of loopholes is always faster than that of the government. Is enterprise security just a patch?

Hundreds of millions of Youku account data or 2000 yuan stolen by foreign hackers can be bought on the dark net

How does the "dark network" threaten the personal safety of important people through the network?

▼ click "read the original" to see more highlights