ComputerNerds
Hacking
Submitted by TheRoman on Sept. 21, 2018, 1:49 a.m.
method to check you service for vulns
An easy method to check your hidden services for vulns is to a tool called socat and a tool called nitko. Both boss hogs of the great mountain men club in the digital world.
man pages are cool.
socat TCP4-LISTEN:<port connections="" for="" listen="" to="" want="" you="" your="">,reuseaddr,fork SOCKS4A:127.0.0.1:<onion address="">:<port of="" service="" the="">,socksport=<port (by="" 9050)="" default="" is="" listening="" tor="" where="">
nikto -h http://127.0.0.1:8000
test it against this site in the example below
socat TCP4-LISTEN:6666,reuseaddr,fork SOCKS4A:127.0.0.1:yxnoe4ycytrblq7q.onion:80,socksport=9050
then get nikto up on anther terminal and
nikto -h http://127.0.0.1:6666
no fat chicks</port></port></onion></port>
man pages are cool.
socat TCP4-LISTEN:<port connections="" for="" listen="" to="" want="" you="" your="">,reuseaddr,fork SOCKS4A:127.0.0.1:<onion address="">:<port of="" service="" the="">,socksport=<port (by="" 9050)="" default="" is="" listening="" tor="" where="">
nikto -h http://127.0.0.1:8000
test it against this site in the example below
socat TCP4-LISTEN:6666,reuseaddr,fork SOCKS4A:127.0.0.1:yxnoe4ycytrblq7q.onion:80,socksport=9050
then get nikto up on anther terminal and
nikto -h http://127.0.0.1:6666
no fat chicks</port></port></onion></port>
4 comments
SHILL Oct. 23, 2018
Did you test against GP servers?
Heisenberg Sept. 22, 2018
wth is this
SHILL Sept. 23, 2018
Common method to scan hidden site for vulns with nikto.
TheRoman (OP) Sept. 21, 2018
come in here for it. The fbi page is a joke