Submitted by TheRoman on Sept. 21, 2018, 1:49 a.m.

method to check you service for vulns

An easy method to check your hidden services for vulns is to a tool called socat and a tool called nitko. Both boss hogs of the great mountain men club in the digital world.
man pages are cool.

socat TCP4-LISTEN:<port connections="" for="" listen="" to="" want="" you="" your="">,reuseaddr,fork SOCKS4A:<onion address="">:<port of="" service="" the="">,socksport=<port (by="" 9050)="" default="" is="" listening="" tor="" where="">

nikto -h

test it against this site in the example below

socat TCP4-LISTEN:6666,reuseaddr,fork SOCKS4A:,socksport=9050

then get nikto up on anther terminal and

nikto -h

no fat chicks</port></port></onion></port>