Submitted by TheRoman on Sept. 21, 2018, 1:49 a.m.

method to check you service for vulns

An easy method to check your hidden services for vulns is to a tool called socat and a tool called nitko. Both boss hogs of the great mountain men club in the digital world.
man pages are cool.

socat TCP4-LISTEN:<port connections="" for="" listen="" to="" want="" you="" your="">,reuseaddr,fork SOCKS4A:127.0.0.1:<onion address="">:<port of="" service="" the="">,socksport=<port (by="" 9050)="" default="" is="" listening="" tor="" where="">

nikto -h http://127.0.0.1:8000

test it against this site in the example below


socat TCP4-LISTEN:6666,reuseaddr,fork SOCKS4A:127.0.0.1:yxnoe4ycytrblq7q.onion:80,socksport=9050

then get nikto up on anther terminal and

nikto -h http://127.0.0.1:6666


no fat chicks</port></port></onion></port>

4 comments