09/28/12

Tor Command syntax

gAtO wAnT’s – just the simple command syntax -from the OG-OR Roger Dingledine -Nick Mathewson the Tor gods.

href=”http://manpages.ubuntu.com/manpages/hardy/man8/tor.8.html#contenttoc6″>

NAME

       tor - The second-generation onion router

SYNOPSIS

       tor [OPTION value]...

DESCRIPTION

       tor  is  a connection-oriented anonymizing communication service. Users
       choose a source-routed path through a set of  nodes,  and  negotiate  a
       "virtual  circuit"  through  the  network, in which each node knows its
       predecessor and successor, but no  others.  Traffic  flowing  down  the
       circuit is unwrapped by a symmetric key at each node, which reveals the
       downstream node.

       Basically  tor  provides  a  distributed  network  of  servers  ("onion
       routers"). Users bounce their TCP streams -- web traffic, ftp, ssh, etc
       -- around the routers, and recipients, observers, and even the  routers
       themselves have difficulty tracking the source of the stream.

OPTIONS

       -h, -help Display a short help message and exit.

       -f FILE
              FILE   contains   further   "option   value"   pairs.  (Default:
              /etc/tor/torrc)

       --hash-password
              Generates a hashed password for control port access.

       --list-fingerprint
              Generate your keys and output your nickname and fingerprint.

       --verify-config
              Verify the configuration file is valid.

       --nt-service
              --service [install|remove|start|stop]  Manage  the  Tor  Windows
              NT/2000/XP  service.   Current  instructions  can  be  found  at
              http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#WinNTService

       --list-torrc-options
              List all valid options.

       --version
              Display Tor version.

       Other options can be specified either on the command-line (--option
              value),  or  in  the configuration file (option value).  Options
              are case-insensitive.

       BandwidthRate N bytes|KB|MB|GB|TB
              A token bucket limits the average incoming  bandwidth  usage  on
              this  node  to the specified number of bytes per second, and the
              average outgoing bandwidth usage to that same value. (Default: 3
              MB)

       BandwidthBurst N bytes|KB|MB|GB|TB
              Limit the maximum token bucket size (also known as the burst) to
              the given number of bytes in each direction. This  value  should
              be at least twice your BandwidthRate. (Default: 6 MB)

       MaxAdvertisedBandwidth N bytes|KB|MB|GB|TB
              If set, we will not advertise more than this amount of bandwidth
              for our BandwidthRate. Server operators who want to  reduce  the
              number  of clients who ask to build circuits through them (since
              this is proportional to  advertised  bandwidth  rate)  can  thus
              reduce the CPU demands on their server without impacting network
              performance.

       ConnLimit NUM
              The minimum number of file descriptors that must be available to
              the Tor process before it will start. Tor will ask the OS for as
              many file descriptors as the OS will allow (you can find this by
              "ulimit -H -n"). If this number is less than ConnLimit, then Tor
              will refuse to start.

              You probably don’t need to adjust this.  It  has  no  effect  on
              Windows since that platform lacks getrlimit(). (Default: 1000)

       ControlPort Port
              If set, Tor will accept connections on this port and allow those
              connections to control the Tor process  using  the  Tor  Control
              Protocol (described in control-spec.txt).  Note: unless you also
              specify one of  HashedControlPassword  or  CookieAuthentication,
              setting  this  option will cause Tor to allow any process on the
              local host to control it. This option is required for  many  Tor
              controllers; most use the value of 9051.

       ControlListenAddress IP[:PORT]
              Bind  the  controller listener to this address. If you specify a
              port, bind to  this  port  rather  than  the  one  specified  in
              ControlPort.  We  strongly  recommend  that you leave this alone
              unless you know what you’re doing, since giving attackers access
              to   your   control  listener  is  really  dangerous.  (Default:
              127.0.0.1) This directive can be  specified  multiple  times  to
              bind to multiple addresses/ports.

       HashedControlPassword hashed_password
              Don’t  allow any connections on the control port except when the
              other  process  knows  the  password  whose  one-way   hash   is
              hashed_password.   You  can  compute  the  hash of a password by
              running "tor --hash-password password".

       CookieAuthentication 0|1
              If this option is set to 1, don’t allow any connections  on  the
              control  port  except  when  the  connecting  process  knows the
              contents of a file named "control_auth_cookie", which  Tor  will
              create  in  its  data  directory.   This  authentication methods
              should only be used on systems with  good  filesystem  security.
              (Default: 0)

       DataDirectory DIR
              Store working data in DIR (Default: /var/lib/tor)

       DirServer [nickname] [flags] address:port fingerprint
              Use a nonstandard authoritative directory server at the provided
              address and port, with  the  specified  key  fingerprint.   This
              option  can  be  repeated many times, for multiple authoritative
              directory servers.  Flags are separated by spaces, and determine
              what  kind of an authority this directory is.  By default, every
              authority is authoritative for current ("v2")-style directories,
              unless  the  "no-v2"  flag  is  given.   If  the  "v1"  flags is
              provided, Tor will use this server as an authority for old-style
              (v1)  directories  as  well.  (Only directory mirrors care about
              this.)  Tor will use this server  as  an  authority  for  hidden
              service information if the "hs" flag is set, or if the "v1" flag
              is set and the "no-hs" flag is not set.  If a flag "orport=port"
              is  given,  Tor  will  use the given port when opening encrypted
              tunnels to the dirserver.  If no dirserver line  is  given,  Tor
              will  use  the  default directory servers.  NOTE: this option is
              intended for setting up a  private  Tor  network  with  its  own
              directory   authorities.    If   you   use   it,   you  will  be
              distinguishable from other users, because you won’t believe  the
              same authorities they do.

       FetchHidServDescriptors 0|1
              If set to 0, Tor will never fetch any hidden service descriptors
              from the rendezvous directories. This option is only  useful  if
              you’re  using  a Tor controller that handles hidserv fetches for
              you.  (Default: 1)

       FetchServerDescriptors 0|1
              If set to 0, Tor will never fetch any network  status  summaries
              or server descriptors from the directory servers. This option is
              only useful if  you’re  using  a  Tor  controller  that  handles
              directory fetches for you.  (Default: 1)

       FetchUselessDescriptors 0|1
              If  set  to 1, Tor will fetch every non-obsolete descriptor from
              the authorities that it hears about. Otherwise,  it  will  avoid
              fetching  useless  descriptors, for example for routers that are
              not  running.   This  option  is  useful  if  you’re  using  the
              contributed  "exitlist"  script to enumerate Tor nodes that exit
              to certain addresses.  (Default: 0)

       Group GID
              On startup, setgid to this group.

       HttpProxy host[:port]
              Tor will make all its directory requests through this  host:port
              (or  host:80  if  port is not specified), rather than connecting
              directly to any directory servers.

       HttpProxyAuthenticator username:password
              If defined, Tor will use this username:password for  Basic  Http
              proxy authentication, as in RFC 2617. This is currently the only
              form of Http proxy authentication that Tor supports;  feel  free
              to submit a patch if you want it to support others.

       HttpsProxy host[:port]
              Tor  will  make  all  its  OR  (SSL)  connections  through  this
              host:port (or host:443 if  port  is  not  specified),  via  HTTP
              CONNECT  rather  than  connecting  directly to servers.  You may
              want to set FascistFirewall to restrict the  set  of  ports  you
              might  try  to  connect  to,  if  your  Https  proxy only allows
              connecting to certain ports.

       HttpsProxyAuthenticator username:password
              If defined, Tor will use this username:password for Basic  Https
              proxy authentication, as in RFC 2617. This is currently the only
              form of Https proxy authentication that Tor supports; feel  free
              to submit a patch if you want it to support others.

       KeepalivePeriod NUM
              To  keep  firewalls  from  expiring  connections, send a padding
              keepalive cell every NUM seconds on open connections that are in
              use.  If the connection has no open circuits, it will instead be
              closed after NUM seconds of idleness. (Default: 5 minutes)

       Log minSeverity[-maxSeverity] stderr|stdout|syslog
              Send all messages between minSeverity  and  maxSeverity  to  the
              standard  output  stream,  the  standard error stream, or to the
              system log. (The "syslog" value  is  only  supported  on  Unix.)
              Recognized  severity  levels  are debug, info, notice, warn, and
              err.  We advise using "notice" in  most  cases,  since  anything
              more  verbose  may  provide sensitive information to an attacker
              who obtains the logs.  If only one severity level is given,  all
              messages  of  that  level  or  higher will be sent to the listed
              destination.

       Log minSeverity[-maxSeverity] file FILENAME
              As above, but send log messages to  the  listed  filename.   The
              "Log"  option may appear more than once in a configuration file.
              Messages are sent to all the  logs  that  match  their  severity
              level.

       OutboundBindAddress IP
              Make  all  outbound  connections  originate  from the IP address
              specified.  This is only useful when you have  multiple  network
              interfaces,  and  you  want all of Tor’s outgoing connections to
              use a single one.

       PidFile FILE
              On startup, write our PID to FILE.  On  clean  shutdown,  remove
              FILE.

       ProtocolWarnings 0|1
              If  1,  Tor will log with severity ’warn’ various cases of other
              parties not following the Tor specification. Otherwise, they are
              logged with severity ’info’. (Default: 0)

       RunAsDaemon 0|1
              If  1,  Tor  forks and daemonizes to the background. This option
              has no effect on Windows; instead you should use  the  --service
              command-line option. (Default: 0)

       SafeLogging 0|1
              If  1,  Tor  replaces  potentially sensitive strings in the logs
              (e.g. addresses) with the string [scrubbed]. This way  logs  can
              still   be  useful,  but  they  don’t  leave  behind  personally
              identifying information about  what  sites  a  user  might  have
              visited. (Default: 1)

       User UID
              On startup, setuid to this user.

       HardwareAccel 0|1
              If  non-zero,  try  to  use  crypto  hardware  acceleration when
              available. This is untested and probably buggy. (Default: 0)

       AvoidDiskWrites 0|1
              If non-zero, try to write to disk less frequently than we  would
              otherwise.  This is useful when running on flash memory or other
              media that support only a limited number of  writes.   (Default:
              0)

       TunnelDirConns 0|1
              If  non-zero, when a directory server we contact supports it, we
              will build a one-hop circuit and make  an  encrypted  connection
              via its ORPort. (Default: 0)

       PreferTunneledDirConns 0|1
              If  non-zero, we will avoid directory servers that don’t support
              tunneled directory connections, when possible. (Default: 0)

CLIENT OPTIONS

       The following  options  are  useful  only  for  clients  (that  is,  if
       SocksPort is non-zero):

       AllowInvalidNodes entry|exit|middle|introduction|rendezvous|...
              If  some  Tor  servers  are  obviously  not  working  right, the
              directory authorities can manually mark them as invalid, meaning
              that  it’s  not  recommended  you  use  them  for  entry or exit
              positions in your circuits. You can opt  to  use  them  in  some
              circuit  positions,  though. The default is "middle,rendezvous",
              and other choices are not advised.

       CircuitBuildTimeout NUM
              Try for at most NUM  seconds  when  building  circuits.  If  the
              circuit  isn’t  open  in  that time, give up on it.  (Default: 1
              minute.)

       CircuitIdleTimeout NUM
              If we have keept a clean (never used)  circuit  around  for  NUM
              seconds, then close it. This way when the Tor client is entirely
              idle, it can expire all of its circuits, and then expire its TLS
              connections.  Also,  if  we  end up making a circuit that is not
              useful for exiting any of the requests we’re receiving, it won’t
              forever  take up a slot in the circuit list.  (Default: 1 hour.)

       ClientOnly 0|1
              If set to 1, Tor will under no circumstances run  as  a  server.
              The  default  is to run as a client unless ORPort is configured.
              (Usually, you don’t need to set this; Tor  is  pretty  smart  at
              figuring  out whether you are reliable and high-bandwidth enough
              to be a useful server.)  (Default: 0)

       ExcludeNodes nickname,nickname,...
              A list of nodes to never use when building a circuit.

       EntryNodes nickname,nickname,...
              A list of preferred nodes to  use  for  the  first  hop  in  the
              circuit.    These   are   treated  only  as  preferences  unless
              StrictEntryNodes (see below) is also set.

       ExitNodes nickname,nickname,...
              A list of preferred nodes  to  use  for  the  last  hop  in  the
              circuit.    These   are   treated  only  as  preferences  unless
              StrictExitNodes (see below) is also set.

       StrictEntryNodes 0|1
              If 1, Tor will never use  any  nodes  besides  those  listed  in
              "EntryNodes" for the first hop of a circuit.

       StrictExitNodes 0|1
              If  1,  Tor  will  never  use  any nodes besides those listed in
              "ExitNodes" for the last hop of a circuit.

       FascistFirewall 0|1
              If 1, Tor will only create outgoing connections to  ORs  running
              on  ports that your firewall allows (defaults to 80 and 443; see
              FirewallPorts).  This will allow you to  run  Tor  as  a  client
              behind  a firewall with restrictive policies, but will not allow
              you to run as a server behind such a firewall.  This  option  is
              deprecated; use ReachableAddresses instead.

       FirewallPorts PORTS
              A  list  of  ports  that your firewall allows you to connect to.
              Only  used  when  FascistFirewall  is  set.   This   option   is
              deprecated; use ReachableAddresses instead. (Default: 80, 443)

       ReachableAddresses ADDR[/MASK][:PORT]...
              A  comma-separated  list  of  IP  addresses  and ports that your
              firewall allows you to connect to. The  format  is  as  for  the
              addresses  in  ExitPolicy,  except  that  "accept" is understood
              unless  "reject"   is   explicitly   provided.    For   example,
              ’ReachableAddresses  99.0.0.0/8,  reject  18.0.0.0/8:80,  accept
              *:80’ means that your firewall allows connections to  everything
              inside  net  99,  rejects  port  80  connections  to net 18, and
              accepts connections to port  80  otherwise.   (Default:  ’accept
              *:*’.)

       ReachableDirAddresses ADDR[/MASK][:PORT]...
              Like  ReachableAddresses,  a  list  of addresses and ports.  Tor
              will   obey   these   restrictions   when   fetching   directory
              information,  using  standard  HTTP  GET  requests.  If  not set
              explicitly then the value of  ReachableAddresses  is  used.   If
              HttpProxy  is  set  then  these connections will go through that
              proxy.

       ReachableORAddresses ADDR[/MASK][:PORT]...
              Like ReachableAddresses, a list of  addresses  and  ports.   Tor
              will  obey  these restrictions when connecting to Onion Routers,
              using  TLS/SSL.   If  not  set  explicitly  then  the  value  of
              ReachableAddresses  is  used.  If  HttpsProxy  is set then these
              connections will go through that proxy.

              The     separation     between     ReachableORAddresses      and
              ReachableDirAddresses   is   only   interesting   when  you  are
              connecting through proxies (see HttpProxy and HttpsProxy).  Most
              proxies  limit  TLS  connections  (which  Tor uses to connect to
              Onion Routers) to port 443, and some  limit  HTTP  GET  requests
              (which  Tor uses for fetching directory information) to port 80.

       LongLivedPorts PORTS
              A list of ports for services  that  tend  to  have  long-running
              connections  (e.g.  chat  and  interactive shells). Circuits for
              streams that use  these  ports  will  contain  only  high-uptime
              nodes,  to reduce the chance that a node will go down before the
              stream is finished.  (Default: 21, 22, 706,  1863,  5050,  5190,
              5222, 5223, 6667, 6697, 8300)

       MapAddress address newaddress
              When a request for address arrives to Tor, it will rewrite it to
              newaddress before processing it. For example, if you always want
              connections  to  www.indymedia.org  to exit via torserver (where
              torserver is  the  nickname  of  the  server),  use  "MapAddress
              www.indymedia.org www.indymedia.org.torserver.exit".

       NewCircuitPeriod NUM
              Every  NUM  seconds  consider  whether  to  build a new circuit.
              (Default: 30 seconds)

       MaxCircuitDirtiness NUM
              Feel free to reuse a circuit that was first  used  at  most  NUM
              seconds  ago, but never attach a new stream to a circuit that is
              too old.  (Default: 10 minutes)

       EnforceDistinctSubnets 0|1
              If 1, Tor will not put two servers whose IP addresses  are  "too
              close"  on  the same circuit.  Currently, two addresses are "too
              close" if they lie in the same /16 range. (Default: 1)

       RendNodes nickname,nickname,...
              A list of preferred nodes to use for the  rendezvous  point,  if
              possible.

       RendExcludeNodes nickname,nickname,...
              A list of nodes to never use when choosing a rendezvous point.

       SocksPort PORT
              Advertise  this  port  to  listen  for  connections  from Socks-
              speaking applications.  Set this to 0 if you don’t want to allow
              application connections. (Default: 9050)

       SocksListenAddress IP[:PORT]
              Bind  to  this  address  to  listen  for connections from Socks-
              speaking applications. (Default: 127.0.0.1) You can also specify
              a port (e.g. 192.168.0.1:9100).  This directive can be specified
              multiple times to bind to multiple addresses/ports.

       SocksPolicy policy,policy,...
              Set an entrance policy for this server, to limit who can connect
              to  the  Socks  ports.   The policies have the same form as exit
              policies below.

       SocksTimeout NUM
              Let a socks connection wait NUM  seconds  handshaking,  and  NUM
              seconds unattached waiting for an appropriate circuit, before we
              fail it.  (Default: 2 minutes.)

       TestVia nickname,nickname,...
              A list of nodes to prefer for  your  middle  hop  when  building
              testing   circuits.   This   option   is  mainly  for  debugging
              reachability problems.

       TrackHostExits host,.domain,...
              For each value in the  comma  separated  list,  Tor  will  track
              recent connections to hosts that match this value and attempt to
              reuse the same exit node for each. If  the  value  is  prepended
              with  a  ’.’, it is treated as matching an entire domain. If one
              of the values is just a ’.’, it  means  match  everything.  This
              option  is  useful  if you frequently connect to sites that will
              expire all your authentication cookies (ie log you out) if  your
              IP  address  changes.  Note  that  this  option  does  have  the
              disadvantage of making it more clear that  a  given  history  is
              associated  with  a  single user. However, most people who would
              wish to observe this will observe it through  cookies  or  other
              protocol-specific means anyhow.

       TrackHostExitsExpire NUM
              Since exit servers go up and down, it is desirable to expire the
              association between host and exit server after NUM seconds.  The
              default is 1800 seconds (30 minutes).

       UseEntryGuards 0|1
              If  this  option  is  set  to  1,  we pick a few long-term entry
              servers, and try to stick with them.  This is desirable  because
              constantly changing servers increases the odds that an adversary
              who owns some servers will observe a  fraction  of  your  paths.
              (Defaults to 1.)

       NumEntryGuards NUM
              If  UseEntryGuards  is  set to 1, we will try to pick a total of
              NUM routers as long-term entries for our circuits.  (Defaults to
              3.)

       SafeSocks 0|1
              When  this  option  is  enabled,  Tor  will  reject  application
              connections that use unsafe variants of the  socks  protocol  --
              ones that only provide an IP address, meaning the application is
              doing a DNS resolve first.  Specifically, these are  socks4  and
              socks5 when not doing remote DNS.  (Defaults to 0.)

       TestSocks 0|1
              When  this  option  is enabled, Tor will make a notice-level log
              entry for each connection to the Socks port  indicating  whether
              the  request  used  a  safe socks protocol or an unsafe one (see
              above entry on SafeSocks).  This helps to determine  whether  an
              application   using   Tor  is  possibly  leaking  DNS  requests.
              (Default: 0)

       VirtualAddrNetwork Address/bits
              When a controller asks for a virtual (unused) address  with  the
              MAPADDRESS  command,  Tor  picks an unassigned address from this
              range.  (Default: 127.192.0.0/10)

              When providing proxy server service to a  network  of  computers
              using   a  tool  like  dns-proxy-tor,  change  this  address  to
              "10.192.0.0/10"     or     "172.16.0.0/12".      The     default
              VirtualAddrNetwork   address  range  on  a  properly  configured
              machine will route to the loopback interface.  For local use, no
              change to the default VirtualAddrNetwork setting is needed.

       AllowNonRFC953Hostnames 0|1
              When  this  option  is disabled, Tor blocks hostnames containing
              illegal characters (like @ and   rather than sending them to an
              exit  node  to be resolved.  This helps trap accidental attempts
              to resolve URLs and so on.  (Default: 0)

       FastFirstHopPK 0|1
              When this option is enabled and we aren’t running as  a  server,
              Tor  skips  the  public  key  step for the first hop of creating
              circuits.  This is safe  since  we  have  already  used  TLS  to
              authenticate  the  server  and to establish forward-secure keys.
              Turning  this  option  off  makes   circuit   building   slower.
              (Default: 1)

       TransPort PORT
              If  non-zero,  enables  transparent  proxy  support  on PORT (by
              convention, 9040).  Requires OS support for transparent proxies,
              such as BSDs’ pf or Linux’s IPTables.  If you’re planning to use
              Tor as a transparent proxy for a network, you’ll want to examine
              and  change  VirtualAddrNetwork from the default setting. You’ll
              also want to set the TransListenAddress option for  the  network
              you’d like to proxy.  (Default: 0).

       TransListenAddress IP[:PORT]
              Bind   to   this   address   to  listen  for  transparent  proxy
              connections.   (Default:  127.0.0.1).   This   is   useful   for
              exporting a transparent proxy server to an entire network.

       NATDPort PORT
              Allow  old  versions  of  ipfw  (as  included in old versions of
              FreeBSD, etc.) to send connections through Tor  using  the  NATD
              protocol.   This  option  is  only  for  people  who  cannot use
              TransPort.

       NATDListenAddress IP[:PORT]
              Bind to this address to listen for NATD connections.   (Default:
              127.0.0.1).

       SERVER OPTIONS

       The  following  options are useful only for servers (that is, if ORPort
       is non-zero):

       Address address
              The IP or fqdn of this  server  (e.g.  moria.mit.edu).  You  can
              leave this unset, and Tor will guess your IP.

       AssumeReachable 0|1
              This option is used when bootstrapping a new Tor network. If set
              to 1, don’t  do  self-reachability  testing;  just  upload  your
              server descriptor immediately. If AuthoritativeDirectory is also
              set, this  option  instructs  the  dirserver  to  bypass  remote
              reachability  testing  too  and  list  all  connected servers as
              running.

       ContactInfo email_address
              Administrative contact information for server. This  line  might
              get picked up by spam harvesters, so you may want to obscure the
              fact that it’s an email address.

       ExitPolicy policy,policy,...
              Set an exit policy for this server. Each policy is of  the  form
              "accept|reject  ADDR[/MASK][:PORT]".   If  /MASK is omitted then
              this policy just applies to the host given.  Instead of giving a
              host  or  network  you  can  also use "*" to denote the universe
              (0.0.0.0/0).  PORT can be a single port number, an  interval  of
              ports  "FROM_PORT-TO_PORT",  or  "*".   If PORT is omitted, that
              means "*".

              For  example,  "accept  18.7.22.69:*,reject  18.0.0.0/8:*,accept
              *:*"  would  reject  any  traffic  destined  for  MIT except for
              web.mit.edu, and accept anything else.

              To specify  all  internal  and  link-local  networks  (including
              0.0.0.0/8,    169.254.0.0/16,    127.0.0.0/8,    192.168.0.0/16,
              10.0.0.0/8, and 172.16.0.0/12), you can use the "private"  alias
              instead  of an address.  These addresses are rejected by default
              (at the beginning of your exit policy), along with  your  public
              IP  address,  unless  you set the ExitPolicyRejectPrivate config
              option to 0. For example, once you’ve done that, you could allow
              HTTP  to  127.0.0.1  and block all other connections to internal
              networks with  "accept  127.0.0.1:80,reject  private:*",  though
              that  may  also  allow connections to your own computer that are
              addressed to its public (external) IP address. See RFC 1918  and
              RFC 3330 for more details about internal and reserved IP address
              space.

              This directive can be specified multiple times so you don’t have
              to put it all on one line.

              Policies are considered first to last, and the first match wins.
              If you want to _replace_ the default exit policy, end your  exit
              policy  with  either  a  reject *:* or an accept *:*. Otherwise,
              you’re _augmenting_ (prepending to) the default exit policy. The
              default exit policy is:
                   reject *:25
                   reject *:119
                   reject *:135-139
                   reject *:445
                   reject *:465
                   reject *:563
                   reject *:587
                   reject *:1214
                   reject *:4661-4666
                   reject *:6346-6429
                   reject *:6699
                   reject *:6881-6999
                   accept *:*

       ExitPolicyRejectPrivate 0|1
              Reject  all private (local) networks, along with your own public
              IP address, at the beginning of  your  exit  policy.  See  above
              entry on ExitPolicy. (Default: 1)

       MaxOnionsPending NUM
              If  you  have  more  than  this  number of onionskins queued for
              decrypt, reject new ones. (Default: 100)

       MyFamily nickname,nickname,...
              Declare that this Tor server is controlled or administered by  a
              group  or organization identical or similar to that of the other
              named servers.  When two servers both declare that they  are  in
              the  same  ’family’,  Tor  clients will not use them in the same
              circuit.  (Each server only needs to list the other  servers  in
              its  family; it doesn’t need to list itself, but it won’t hurt.)

       Nickname name
              Set the server’s nickname to ’name’. Nicknames must be between 1
              and   19   characters  inclusive,  and  must  contain  only  the
              characters [a-zA-Z0-9].

       NumCPUs num
              How many processes to use at  once  for  decrypting  onionskins.
              (Default: 1)

       ORPort PORT
              Advertise  this  port to listen for connections from Tor clients
              and servers.

       ORListenAddress IP[:PORT]
              Bind to this IP address  to  listen  for  connections  from  Tor
              clients  and  servers.  If you specify a port, bind to this port
              rather than the one specified in ORPort. (Default: 0.0.0.0) This
              directive  can  be  specified multiple times to bind to multiple
              addresses/ports.

       PublishServerDescriptor 0|1
              If set to 0, Tor will act as a server  if  you  have  an  ORPort
              defined,   but  it  will  not  publish  its  descriptor  to  the
              dirservers. This option is useful if  you’re  testing  out  your
              server,  or  if  you’re  using  a  Tor  controller  that handles
              directory publishing for you.  (Default: 1)

       RedirectExit pattern target
              Whenever an outgoing connection tries to connect  to  one  of  a
              given set of addresses, connect to target (an address:port pair)
              instead.  The address pattern is given in the same format as for
              an  exit  policy.   The  address  translation applies after exit
              policies are applied.   Multiple  RedirectExit  options  can  be
              used: once any one has matched successfully, no subsequent rules
              are considered.  You can specify that no redirection  is  to  be
              performed  on  a  given  set  of  addresses by using the special
              target string "pass", which prevents subsequent rules from being
              considered.

       ShutdownWaitLength NUM
              When we get a SIGINT and we’re a server, we begin shutting down:
              we close listeners and start refusing new  circuits.  After  NUM
              seconds,   we   exit.  If  we  get  a  second  SIGINT,  we  exit
              immediately.  (Default: 30 seconds)

       AccountingMax N bytes|KB|MB|GB|TB
              Never send more than the specified number of bytes  in  a  given
              accounting  period,  or  receive  more  than  that number in the
              period.  For example, with AccountingMax set to 1 GB,  a  server
              could  send  900  MB and receive 800 MB and continue running. It
              will only hibernate once one of the two reaches 1 GB.  When  the
              number of bytes is exhausted, Tor will hibernate until some time
              in the next accounting period.   To  prevent  all  servers  from
              waking at the same time, Tor will also wait until a random point
              in each period before waking up.  If  you  have  bandwidth  cost
              issues,  enabling  hibernation  is  preferable  to setting a low
              bandwidth, since it provides users with  a  collection  of  fast
              servers  that are up some of the time, which is more useful than
              a set of slow servers that are always "available".

       AccountingStart day|week|month [day] HH:MM
              Specify how long accounting periods last.  If  month  is  given,
              each accounting period runs from the time HH:MM on the dayth day
              of one month to the same day and time of  the  next.   (The  day
              must  be  between  1 and 28.)  If week is given, each accounting
              period runs from the time HH:MM of the dayth day of one week  to
              the same day and time of the next week, with Monday as day 1 and
              Sunday as day 7.  If day is given, each accounting  period  runs
              from  the  time HH:MM each day to the same time on the next day.
              All times are local, and given in 24-hour  time.   (Defaults  to
              "month 1 0:00".)

       ServerDNSResolvConfFile filename
              Overrides  the  default DNS configuration with the configuration
              in filename.  The file format is the same as the  standard  Unix
              "resolv.conf"  file  (7).  This option, like all other ServerDNS
              options, only affects name  lookup  that  your  server  does  on
              behalf  of clients.  Also, it only takes effect if Tor was built
              with  eventdns  support.   (Defaults  to  use  the  system   DNS
              configuration.)

       ServerDNSSearchDomains 0|1
              If  set  to  1,  then  we will search for addresses in the local
              search domain.  For example, if this  system  is  configured  to
              believe it is in "example.com", and a client tries to connect to
              "www", the client will be connected to "www.example.com".   This
              option  only affects name lookup that your server does on behalf
              of clients, and only takes effect if Tor was build with eventdns
              support.  (Defaults to "0".)

       ServerDNSDetectHijacking 0|1
              When  this  option  is  set  to  1, we will test periodically to
              determine whether our local nameservers have been configured  to
              hijack  failing  DNS  requests (usually to an advertising site).
              If they are, we will attempt to correct this.  This option  only
              affects  name lookup that your server does on behalf of clients,
              and only takes effect if Tor was build  with  eventdns  support.
              (Defaults to "1".)

       ServerDNSTestAddresses address,address,...
              When  we’re  detecting DNS hijacking, make sure that these valid
              addresses aren’t getting redirected.  If they are, then our  DNS
              is  completely  useless,  and  we’ll  reset  our  exit policy to
              "reject *:*".  This option only affects name  lookup  that  your
              server  does  on behalf of clients, and only takes effect if Tor
              was build with eventdns support.  (Defaults to  "www.google.com,
              www.mit.edu, www.yahoo.com, www.slashdot.org".)

       ServerDNSAllowNonRFC953Hostnames 0|1
              When  this  option  is  disabled,  Tor  does  not try to resolve
              hostnames containing illegal characters (like @  and     rather
              than  sending  them  to an exit node to be resolved.  This helps
              trap accidental attempts to resolve URLs and so on.  This option
              only  affects  name  lookup  that  your server does on behalf of
              clients, and only takes effect if Tor was  build  with  eventdns
              support.  (Default: 0)

DIRECTORY SERVER OPTIONS

       The  following  options are useful only for directory servers (that is,
       if DirPort is non-zero):

       AuthoritativeDirectory 0|1
              When this option is set to 1, Tor operates as  an  authoritative
              directory   server.    Instead  of  caching  the  directory,  it
              generates its own list of good servers, signs it, and sends that
              to the clients.  Unless the clients already have you listed as a
              trusted directory, you probably do not want to set this  option.
              Please coordinate with the other admins at tor-ops@freehaven.net
              if you think you should be a directory.

       V1AuthoritativeDirectory 0|1
              When this option is set in addition  to  AuthoritativeDirectory,
              Tor  also generates a version 1 directory (for Tor clients up to
              0.1.0.x).   (As  of  Tor  0.1.1.12  every   (v2)   authoritative
              directory still provides most of the v1 directory functionality,
              even without this option set to 1.  This however is expected  to
              change in the future.)

       VersioningAuthoritativeDirectory 0|1
              When  this  option  is  set  to 1, Tor adds information on which
              versions of Tor are still believed safe for use to the published
              directory.    Each   version  1  authority  is  automatically  a
              versioning authority; version 2 authorities provide this service
              optionally.  See RecommendedVersions, RecommendedClientVersions,
              and RecommendedServerVersions.

       NamingAuthoritativeDirectory 0|1
              When this option is set to 1, then the server advertises that it
              has  opinions  about  nickname-to-fingerprint bindings.  It will
              include these opinions in its published network-status pages, by
              listing  servers  with  the  flag  "Named"  if a correct binding
              between that nickname and fingerprint has been  registered  with
              the  dirserver.   Naming  dirservers  will  refuse  to accept or
              publish descriptors that contradict a registered  binding.   See
              approved-routers in the FILES section below.

       HSAuthoritativeDir 0|1
              When  this  option is set in addition to AuthoritativeDirectory,
              Tor  also  accepts  and  serves  hidden   service   descriptors.
              (Default: 0)

       DirPort PORT
              Advertise the directory service on this port.

       DirListenAddress IP[:PORT]
              Bind  the  directory  service  to this address. If you specify a
              port, bind to  this  port  rather  than  the  one  specified  in
              DirPort.  (Default:  0.0.0.0)  This  directive  can be specified
              multiple times to bind to multiple addresses/ports.

       DirPolicy policy,policy,...
              Set an entrance policy for this server, to limit who can connect
              to the directory ports.  The policies have the same form as exit
              policies above.

       RecommendedVersions STRING
              STRING is a  comma-separated  list  of  Tor  versions  currently
              believed to be safe. The list is included in each directory, and
              nodes which pull down the directory learn whether they  need  to
              upgrade.  This option can appear multiple times: the values from
              multiple lines are spliced together.   When  this  is  set  then
              VersioningAuthoritativeDirectory should be set too.

       RecommendedClientVersions STRING
              STRING  is  a  comma-separated  list  of  Tor versions currently
              believed to be safe for clients to  use.   This  information  is
              included  in version 2 directories.  If this is not set then the
              value of RecommendedVersions is used.  When  this  is  set  then
              VersioningAuthoritativeDirectory should be set too.

       RecommendedServerVersions STRING
              STRING  is  a  comma-separated  list  of  Tor versions currently
              believed to be safe for servers to  use.   This  information  is
              included  in version 2 directories.  If this is not set then the
              value of RecommendedVersions is used.  When  this  is  set  then
              VersioningAuthoritativeDirectory should be set too.

       DirAllowPrivateAddresses 0|1
              If  set  to 1, Tor will accept router descriptors with arbitrary
              "Address" elements. Otherwise, if the address is not an IP or is
              a  private IP, it will reject the router descriptor. Defaults to
              0.

       AuthDirBadExit AddressPattern...
              Authoritative directories only.  A set of address  patterns  for
              servers  that  will be listed as bad exits in any network status
              document this authority  publishes,  if  AuthDirListBadExits  is
              set.

       AuthDirInvalid AddressPattern...
              Authoritative  directories  only.  A set of address patterns for
              servers that will never be listed  as  "valid"  in  any  network
              status document that this authority publishes.

       AuthDirReject AddressPattern...
              Authoritative  directories  only.  A set of address patterns for
              servers that will never be listed at all in any  network  status
              document  that  this  authority  publishes, or accepted as an OR
              address in any descriptor  submitted  for  publication  by  this
              authority.

       AuthDirListBadExits 0|1
              Authoritative directories only.  If set to 1, this directory has
              some opinion about which nodes are  unsuitable  as  exit  nodes.
              (Do  not  set  this  to 1 unless you plan to list nonfunctioning
              exits as bad; otherwise, you are effectively voting in favor  of
              every declared exit as an exit.)

       AuthDirRejectUnlisted 0|1
              Authoritative  directories  only.   If  set  to 1, the directory
              server rejects  all  uploaded  server  descriptors  that  aren’t
              explicitly  listed  in  the  fingerprints  file.  This acts as a
              "panic button" if we get Sybiled. (Default: 0)

HIDDEN SERVICE OPTIONS

       The following options are used to configure a hidden service.

       HiddenServiceDir DIRECTORY
              Store data files for  a  hidden  service  in  DIRECTORY.   Every
              hidden service must have a separate directory.  You may use this
              option multiple times to specify multiple services.

       HiddenServicePort VIRTPORT [TARGET]
              Configure a virtual port VIRTPORT for a hidden service.  You may
              use this option multiple times; each time applies to the service
              using the most recent hiddenservicedir.  By default, this option
              maps  the  virtual  port to the same port on 127.0.0.1.  You may
              override the target port,  address,  or  both  by  specifying  a
              target of addr, port, or addr:port.

       HiddenServiceNodes nickname,nickname,...
              If  possible, use the specified nodes as introduction points for
              the hidden service. If this is left unset, Tor will be smart and
              pick some reasonable ones; most people can leave this unset.

       HiddenServiceExcludeNodes nickname,nickname,...
              Do  not  use  the specified nodes as introduction points for the
              hidden service. In normal use there is no reason to set this.

       PublishHidServDescriptors 0|1
              If set to 0, Tor will run any hidden services you configure, but
              it won’t advertise them to the rendezvous directory. This option
              is only useful if you’re using a  Tor  controller  that  handles
              hidserv publishing for you.  (Default: 1)

       RendPostPeriod N seconds|minutes|hours|days|weeks
              Every  time  the  specified  period  elapses,  Tor  uploads  any
              rendezvous service descriptors to the directory  servers.   This
              information  is also uploaded whenever it changes.  (Default: 20
              minutes)

SIGNALS

       Tor catches the following signals:

       SIGTERM
              Tor will catch this, clean up and sync to disk if necessary, and
              exit.

       SIGINT Tor  clients  behave  as with SIGTERM; but Tor servers will do a
              controlled slow  shutdown,  closing  listeners  and  waiting  30
              seconds  before  exiting.  (The delay can be configured with the
              ShutdownWaitLength config option.)

       SIGHUP The signal instructs Tor to reload its configuration  (including
              closing and reopening logs), fetch a new directory, and kill and
              restart its helper processes if applicable.

       SIGUSR1
              Log statistics about current connections, past connections,  and
              throughput.

       SIGUSR2
              Switch  all  logs  to loglevel debug. You can go back to the old
              loglevels by sending a SIGHUP.

       SIGCHLD
              Tor receives this signal when one of its  helper  processes  has
              exited, so it can clean up.

       SIGPIPE
              Tor catches this signal and ignores it.

       SIGXFSZ
              If  this signal exists on your platform, Tor catches and ignores
              it.

FILES

       /etc/tor/torrc
              The configuration file, which contains "option value" pairs.

       /var/lib/tor/
              The tor process stores keys and other data here.

       DataDirectory/cached-status/*
              The most recently downloaded network status  document  for  each
              authority.  Each file holds one such document; the filenames are
              the hexadecimal  identity  key  fingerprints  of  the  directory
              authorities.

       DataDirectory/cached-routers and cached-routers.new
              These  files  hold downloaded router statuses.  Some routers may
              appear more than  once;  if  so,  the  most  recently  published
              descriptor  is used.  The ".new" file is an append-only journal;
              when it gets too large,  all  entries  are  merged  into  a  new
              cached-routers file.

       DataDirectory/state
              A set of persistent key-value mappings.  These are documented in
              the file.  These include:
            - The current entry guards and their status.
            - The current bandwidth accounting  values  (unused  so  far;  see
            below).
            - When the file was last written
            - What version of Tor generated the state file
            - A short history of bandwidth usage, as produced  in  the  router
            descriptors.

       DataDirectory/bw_accounting
              Used to track bandwidth  accounting  values  (when  the  current
              period  starts  and  ends; how much has been read and written so
              far this period).  This file is obsolete, and the  data  is  now
              stored  in  the  ’state’ file as well.  Only used when bandwidth
              accounting is enabled.

       DataDirectory/control_auth_cookie
              Used for cookie authentication with the controller.  Regenerated
              on  startup.   See control-spec.txt for details.  Only used when
              cookie authentication is enabled.

       DataDirectory/keys/*
              Only used by servers.  Holds identity keys and onion keys.

       DataDirectory/fingerprint
              Only used by servers.  Holds the  fingerprint  of  the  server’s
              identity key.

       DataDirectory/approved-routers
              Only   for   naming   authoritative   directory   servers   (see
              NamingAuthoritativeDirectory).   This  file  lists  nickname  to
              identity bindings.  Each line lists a nickname and a fingerprint
              separated by whitespace.   See  your  fingerprint  file  in  the
              DataDirectory  for  an example line.  If the nickname is !reject
              then descriptors  from  the  given  identity  (fingerprint)  are
              rejected  by this server. If it is !invalid then descriptors are
              accepted but marked in the directory as not valid, that is,  not
              recommended.

       HiddenServiceDirectory/hostname
              The  <base32-encoded-fingerprint>.onion  domain  name  for  this
              hidden service.

       HiddenServiceDirectory/private_key
              The private key for this hidden service.

BUGS

       Plenty, probably. Tor is still in development. Please report them.

AUTHORS

       Roger Dingledine <arma@mit.edu>, Nick Mathewson <nickm@alum.mit.edu>.

http://uscyberlabs.com/blog/wp-content/uploads/2012/09/26_tor_rendezvous-copy-300x145.png

07/12/12

OSx -Tor Web Crawler Project

OSx Curl .onion sites -how 2 guide- Tor Web Crawler Project

gATO hAs - been looking into mapping the Tor -.onion network crawling it from aA to zZ , from 1-7 all 16 digits. I use OSx for most of my work and I wanted to curl an .onion site and check it out. As I dug around I found that if I just check my Vidalia.app it will show me were everything is located. Then the fun begins

find your /TorBrowser_en-US-6.app then click and look at the file Info then go to: TorBrowser_en-US-6.app/Contents/MacOS/

cd - TorBrowser_en-US-6.app/Contents/MacOS/

once here :

- this will show you the files

ls -fGo

total 5976

drwxr-xr-x 7 richardamores 238 Jun 8 07:11 .

drwxr-xr-x 7 richardamores 238 Feb 19 06:54 ..

drwxr-xr-x 3 richardamores 102 Feb 19 06:54 Firefox.app

-rwxr-xr-x 1 richardamores 3045488 Feb 19 06:54 tor

-rwxr-xr-x 1 richardamores 1362 Feb 19 06:54 TorBrowserBundle

drwxr-xr-x 4 richardamores 136 Feb 19 06:54 Vidalia.app

-rw-r–r– 1 richardamores 6435 Jun 8 07:11 VidaliaLog-06.08.2012.txt

Now I fire up the tor application ./tor

Next open up another Terminal box and check to see if Tor port is open and LISTENing on port 9050

netstat -ant | grep 9050 # verify Tor is running

Once you can see port 9050 LISTEN then your ready to use curl—

curl -ivr –socks4a 127.0.0.1:9050 http://utup22qsb6ebeejs.onion/

curl -ivr –socks4a 127.0.0.1:9050 http://nwycvryrozllb42g.onion

curl -ivr –socks4a 127.0.0.1:9050 http://2qd7fja6e772o7yc.onion/

curl -ivr –socks4a 127.0.0.1:9050 http://5onwnspjvuk7cwvk.onion/

curl -ivr –socks4a 127.0.0.1:9050 http://6sgjmi53igmg7fm7.onion/

curl -ivr –socks4a 127.0.0.1:9050 http://6vmgggba6rksjyim.onion/

Here are a few site that you can check out:../ curl is just one of those tools that keeps on giving and of course if I can get one APP to work thru Tor on OSx, then I can get other apps to use Tor as a proxy for all my line command –time to have some fun- gATO oUt

Lab -Notes

sudo apt-get install tor
sudo /etc/init.d/tor start
netstat -ant | grep 9050 # verify Tor is running

here is a good crawler to play with

<?php

$ch = curl_init(‘http://google.com’);

curl_setopt($ch, CURLOPT_HEADER, 1);

curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);

curl_setopt($ch, CURLOPT_PROXY, ‘https://127.0.01:9050/’);

curl_exec($ch);

curl_close($ch);

<?php

$ch = curl_init(‘http://google.com’);

curl_setopt($ch, CURLOPT_HEADER, 1);

curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);

// Socks5

curl_setopt($ch, CURLOPT_PROXY, “localhost:9050″);

curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);

curl_exec($ch);

curl_close($ch);

Tor Web Crawler

http://stackoverflow.com/questions/9237477/tor-web-crawler

did not work – netstat shows it on socks4 not socks5

curl -s –socks5-local 127.0.0.1:9050 –user-agent “Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US;rv:1.9.2.3) \ Gecko/20100401 Firefox/3.6.3″ -I http://utup22qsb6ebeejs.onion/

turn on ToR

Run /Users/gatomalo/Downloads/TorBrowser_en-US-6.app/Contents/MacOS/tor

cd /Users/gatomalo/Downloads/TorBrowser_en-US-6.app/Contents/MacOS

./tor

now check for 9050 running proxy

netstat -ant | grep 9050

Now run your network commands thru socks port 9050

./Users/gatomalo/Downloads/TorBrowser_en-US-6.app/Contents/MacOS/tor

ls -fGo

total 5976

drwxr-xr-x 7 richardamores 238 Jun 8 07:11 .

drwxr-xr-x 7 richardamores 238 Feb 19 06:54 ..

drwxr-xr-x 3 richardamores 102 Feb 19 06:54 Firefox.app

-rwxr-xr-x 1 richardamores 3045488 Feb 19 06:54 tor

-rwxr-xr-x 1 richardamores 1362 Feb 19 06:54 TorBrowserBundle

drwxr-xr-x 4 richardamores 136 Feb 19 06:54 Vidalia.app

-rw-r–r– 1 richardamores 6435 Jun 8 07:11 VidaliaLog-06.08.2012.txt

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

curl -S –socks5-hostname 127.0.0.1:9050 -I http://utup22qsb6ebeejs.onion/

HTTP/1.1 200 OK

Date: Thu, 12 Jul 2012 17:49:49 GMT

Server: Apache/2.2.22 (Ubuntu)

X-Powered-By: PHP/5.3.10-1ubuntu3.2

Set-Cookie: fpsess_fp-a350e65d=8hg0upuuhcpuf4pgvg45l9c2b2; path=/

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Vary: Accept-Encoding

Transfer-Encoding: chunked

Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Strict//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd”>

<head>

<title>My Hidden Blog</title>

<!– start of jsUtils –>

<!– end of jsUtils –>

<!– FP STD HEADER –>

<!– EOF FP STD HEADER –>

<!– FP STD STYLESHEET –>

<!– FP STD STYLESHEET –>

Some other curl switches =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

–connect-timeout <seconds>

Maximum time in seconds that you allow the connection to the server to take. This only limits the con-

nection phase, once curl has connected this option is of no more use. See also the -m/–max-time

option.

If this option is used several times, the last one will be used.

-D/–dump-header <file>

Write the protocol headers to the specified file.

This option is handy to use when you want to store the headers that a HTTP site sends to you. Cookies

from the headers could then be read in a second curl invocation by using the -b/–cookie option! The

-c/–cookie-jar option is however a better way to store cookies.

When used in FTP, the FTP server response lines are considered being “headers” and thus are saved

there.

If this option is used several times, the last one will be used.

-f/–fail

(HTTP) Fail silently (no output at all) on server errors. This is mostly done to better enable scripts

etc to better deal with failed attempts. In normal cases when a HTTP server fails to deliver a docu-

ment, it returns an HTML document stating so (which often also describes why and more). This flag will

prevent curl from outputting that and return error 22.

This method is not fail-safe and there are occasions where non-successful response codes will slip

through, especially when authentication is involved (response codes 401 and 407).

–ssl

(FTP, POP3, IMAP, SMTP) Try to use SSL/TLS for the connection. Reverts to a non-secure connection if

the server doesn’t support SSL/TLS. See also –ftp-ssl-control and –ssl-reqd for different levels of

encryption required. (Added in 7.20.0)

This option was formerly known as –ftp-ssl (Added in 7.11.0) and that can still be used but will be

removed in a future version.

-H/–header <header>

(HTTP) Extra header to use when getting a web page. You may specify any number of extra headers. Note

that if you should add a custom header that has the same name as one of the internal ones curl would

use, your externally set header will be used instead of the internal one. This allows you to make even

trickier stuff than curl would normally do. You should not replace internally set headers without know-

ing perfectly well what you’re doing. Remove an internal header by giving a replacement without content

on the right side of the colon, as in: -H “Host:”.

curl will make sure that each header you add/replace is sent with the proper end-of-line marker, you

should thus not add that as a part of the header content: do not add newlines or carriage returns, they

will only mess things up for you.

See also the -A/–user-agent and -e/–referer options.

This option can be used multiple times to add/replace/remove multiple headers.

-o/–output <file>

Write output to <file> instead of stdout. If you are using {} or [] to fetch multiple documents, you

can use ‘#’ followed by a number in the <file> specifier. That variable will be replaced with the cur-

rent string for the URL being fetched. Like in:

curl http://{one,two}.site.com -o “file_#1.txt”

or use several variables like:

curl http://{site,host}.host[1-5].com -o “#1_#2″

You may use this option as many times as the number of URLs you have.

See also the –create-dirs option to create the local directories dynamically. Specifying the output as

‘-’ (a single dash) will force the output to be done to stdout.

-r/–range <range>

(HTTP/FTP/SFTP/FILE) Retrieve a byte range (i.e a partial document) from a HTTP/1.1, FTP or SFTP server

or a local FILE. Ranges can be specified in a number of ways.

0-499 specifies the first 500 bytes

500-999 specifies the second 500 bytes

-500 specifies the last 500 bytes

9500- specifies the bytes from offset 9500 and forward

0-0,-1 specifies the first and last byte only(*)(H)

500-700,600-799

specifies 300 bytes from offset 500(H)

100-199,500-599

specifies two separate 100-byte ranges(*)(H)

-v/–verbose

Makes the fetching more verbose/talkative. Mostly useful for debugging. A line starting with ‘>’ means

“header data” sent by curl, ‘<’ means “header data” received by curl that is hidden in normal cases,

and a line starting with ‘*’ means additional info provided by curl.

Note that if you only want HTTP headers in the output, -i/–include might be the option you’re looking

for.

If you think this option still doesn’t give you enough details, consider using –trace or –trace-ascii

instead.

This option overrides previous uses of –trace-ascii or –trace.

Use -s/–silent to make curl quiet.

07/11/12

CyberPeace -not- CyberWar

gAtO sEe - In the last couple of days Gen. Keith Alexander has been pushing the Cyber War agenda. -The issues around warfare are very different in cyberspace than in the physical world, and the United States is looking into “alternative strategies,” said Alexander, while not offering further details. In another place he was telling us that the CIA will not use the new cyber laws to spy on our email. Ok so you gonna be a sheep and follow the word of the government. We won’t spy on you.

Alexander said “civil liberties and privacy can work harmoniously with cybersecurity”. Come on General your a nice guy, gAtO met you —/ you have a passion but every time you bring out —/ Oops there went the Power Grid, Oops.. there went the financial sector, scare me, scare me. I know it’s your job to secure our country to protect our nation cyber infrastructure. Don’t trample on our cyber right any more please.

Hay here is a solution for you use a Tor-.onion network-(any anonymized network) to tie your power grid, and/or your financial services. If you can’t close down Silk Road in onion-land your C&C for your power grid and financial services should be invisible to everyone except on a need to know. gAtO just save you 14 trillion in R&D…//

gAtO has not heard one word about Cyber Peace from any responsible government in the world. Everyone is looking for their own cyber posture, their own cyber weapons/ budget/ programs/ money// , but not one has said let’s work together to make it better for peace, guess there is no money in Cyber Peace. Espionage, spying is the job of governments why would they destroy their own tools, weapons and just tweak our cyber-rights a wee bit, for our cyber freedoms and safety, to protect our government and you -lol.

Here is a simple idea crowd-source our problems. The one major resource in cyber-space is number of people that can see the same message. In crowd-source we can give the facts and ask anyone to help solve city budgets, ways to harvest more vegetable/per vertical/ sq.ft. Ask people how would you protect our electric grid // you be surprised by the creative answers you get, OK some may be crazy but…//. It may not be the right solution, but the power of the minds of people collaborating is what this new technology is built for. FaceBook is about ME- Twitter is about the rest of the world- but the new winner is —/ Comments /— have become more important than the article-subject itself because the conversation within in the comments shows social communication and problem solving by the masses.

Let’s change the message to CyberPeace, everyone has a solution, but remember that all your comments are the new gold so watch what you say to that troll on huffpost— gAtO oUt

07/5/12

The Deep Dark Web -Book

gAtO sAy -mEoW you all- we have a new book coming out soon “The Deep Dark Web” and just wanted to write this as the foreword for the book, I thought it was interesting …//looking for peer review of book…write us

This book is to inform you about “The Deep Dark Web”. We hear that it’s a bad place full of crooks and hackers, but it is more a place were you have total anonymity as an online-user and yes there are ugly places in the dark web but it’s a small part of it. What it really is all about it’s freedom of expression, freedom of speech worldwide, supported by “us/we” the users of the network. It’s not controlled by any government, but blocked by a few like Syria, Iran, Ethiopia, China to name a few governments that want to deny their own people free access to information, to speak freely about their grievances and unite to tear down there walls of oppression.

Pierluigi and I (gAtO) share a passion for cyber security we write different blogs Pierluigi has http://securityaffairs.co/wordpress/ and my site is uscyberlabs.com . We also write at other blogs and print media. We did’nt know it at the time but, we were writing cyber history as the 2011- 2012 cyber explosion took off we were at ground zero writing about Stuxnet, HBGrays, the LulzPirates, Anonymous but the Arab Spring was an awaking :

The recent revolution in Egypt that ended the autocratic presidency of Hosni Mubarak was a modern example of successful nonviolent resistance. Social Media technologies provided a useful tool for the young activist to orchestrate this revolution. However the repressive Mubarak regime prosecuted many activists and censored a number of websites. This made their activities precarious, making it necessary for activists to hide their identity on the Internet. The anonymity software Tor was a tool used by some bloggers, journalists and online activists to protect their identity and to practice free speech.

Today we have lot’s of anonymity communication tools I2P, Freenet, Gnunet and Tor to name a few. Why did the TorProject.org Tor-.onion network become the facto application to get free, private, anonymized Internet access. My conclusion is it’s humble beginnings with “Naval Research Project & DARPA (Defense Advanced Research Project Agency) ” sponsored, maybe you heard of DARPA they kinda created the Internet a long time ago. The government wanted to have a communication secure media that would piggy-bak on the establish Internet. From my point of view when they saw how good this worked the government used it to allow it’s agents to quietly use the network for CIA covert operations (just to name a few alphabet soup government agencies that use it). For example a branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.

Journalist got a hold of this tool and they too were able to file reports before governments agents censored their interviews and film footage. The EFF (Electronic Frontier Foundation) got a hold of the Tor-networks and promoted it to maintaining civil liberties online. When the common business executive visited a foreign country (like China know to monitor foreigners Internet access) they now had a way to securely connect to their corporate HQ data-center without being monitored and giving away IP (Intellectual Properties). The Tor-Network became to good and the bad guy’s moved in to keep their illegal business safer from the law. The Internet Cyber-criminal has used the claer-web since the start so of course they went over to the Tor-.onion network because it works if you use it right and keeps you anonymous online.

With all this happening and the “Year of the Hack 2011” you can see why security geeks like Pierluigi and I became intrigued with this subject and we teamed up to write this manuscript hoping to answer some of the questions our friends, and peers were asking us about this mysterious hidden world call the deep dark web. We outlined a table of content and started to write about it in our blogs and the story unfolds from here to you. We hope to educate you on how this network works without too much geek talk (ok just a little). We cover the cyber criminals and their ecosystem we cover the financial currency (bitCoins) that is replacing fiat currencies all over the world during this unstable financial times. We tried to cover all the good , the bad and the ugly of the .onion network. We hope it will answer some of your questions but I am sure that more question will come up so feel free to come to our websites and give us a shout and ask your questions about the deep dark web…. - gAtO oUT

07/2/12

The future of the Deep Dark Web

gAtO tHiNk’S -In todays world we want a little freedoms a little privacy online and more people will use encrypted methods to browse the web.- Julian Assange said it best-I paraphrase-, in society we as a online-person have an expectation to certain rights of privacy and just want 3 basic things:

1.) Freedom of Communication

2.) Freedom of Movement

3.) Freedom of Economics

In todays world our technology-culture encourages people to give away every detail of our life away. On Facebook, Twitter, LinkedIn we tell people all kind of personal information. \\ everything you tell these website now belongs to them legally and they will do whatever they want with this data. They also want your shopping habits your reading habits and now they want to integrate it with other sites to extract more information. You don’t think so, how many cookies do you have on your computer??? -( I bet you don’t have a clue) what were you doing at 5:30pm last tuesday??? – Google knows, Facebook knows, Twitter knows —> they all know. They all know your friends and your enemies.

Today’s we are tied to cyberspace with almost ever aspect of our lives – Social – Economy – Culture – Political – Ethics – Money – Want’s – Desires – Greed – So me gAtO I want a secure -Freedom of Communication -Tor anonymized type networks for some of my personal questions.

As more people use encrypted methods to browse the Web, it will become trickier for law enforcement agencies to intercept private communications in real-time, causing them to focus instead on tapping data that is stored in the cloud, according to the draft of an academic paper by a former privacy advisor to the Clinton Administration.

So this means that the legal beagles want to scare you more and more. I was just reading a post were someone said I don’t like to cruise the dark web because I’m afraid of Identity Theft…// In Tor-.onion network your secure with your identity, but if you log in to Facebook and start to give away your information well you just defeated what a Tor-style network does for you your anonymity is now gone.

Some segment of cyber-world will never need secure communication but we must ask what are our human values online? Are we ready to let everyone know the truth about oneself. The technology for anonymized network is here to stay and it’s not good or bad, but it’s powerful and a bit complicated. ~~The watchers of the Watch need to keep our eye’s open for this one~~- gATo oUt

http://uscyberlabs.com/blog/wp-content/uploads/2012/07/gato_signal_02-300x217.png

06/11/12

ToR Black Market CyberCrime EcoSystem

gAtO tHiNkS - the Black Market in cyber space exist in both the surfaceWeb and the darkWeb. For some reason the general internet user thinks of the ToR-.onion network is for bad guys only and only because of the Black Market in the onion network which is a small part of the network… The general concession is the black market rules in ToR onionLand is a joke let me tell you why.

What is the Cyber Black Market:

A black market or underground economy is a market in goods or services which operates outside the formal one(s) supported by established state power.

From DHS CyberCrimes is a bigger threat than terrorism – From Symantec/Norton Cyber Crime Statistics in the SurfaceWeb:

Here are some quotes from their report.

1.Cybercrime cost $388 billion across 24 countries.

2. 69% of adults have been a victim of cybercrime.

3.10% of mobile phone users have experienced cybercrime, up 42% from last year.

4.Cybercrime costs the world significantly more than the global black market in marijuana, cocaine and heroin combined ($288B).

White Collar -Cyber Crime

In the Surface Web -CyberSpace- crime is well and dandy but we have become accustom to it – If your a Windows user how many security updates do you get a week, a month. That alone tell you that in the surface Internet we have lot’s of cyber-crime going on — and so pharmacy spam email are normal, offers from Africa millionaire that left you money come every other day. In these hard economic times offers to make big bucks $$ working from home -becoming a re-shipping mules for commercial criminals are normal offers from people looking for jobs. These are all organize cyber criminals groups. dealing in the surface web.

Blue Collar -Cyber Crime

Now take ToR-.onion Black Market: It’s a little more in your face drugs, guns, stolen goods, sex, hacked data- in the darkWeb you know that these merchants are crooks and criminals. In Silk Road or BlackMarket Reload they now verified sellers and now even buyers. To make it look more legit. What does verified mean in these .onion market-places. It usually mean that the admin of the site has somehow check that this is a real person w/real whatever. Or he has done business with someone and they write a nice review. Never thinking that the review could be the crook with another login name just like they do in the surfaceWeb.

gAtO would not do business with any black market in the surfaceWeb or the darkWeb -If my products are bad at least I can complain to Amazon, I can’t do anything but write a bad review in BlackMarket-Reload in the darkWeb.

-honest crooks? In the Tor-.onion Black Market you can assume everyone is a thief a crook or a criminal.

CyberCrime EcoSystem.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Let’s look at the black market in the surface web.:

WHITE COLLAR CYBER CRIMES – cybercrime ecosystem

ATM skimming: – ATM skimming is proliferating, next to the overall availability of bank plastic cards, holograms and pretty much everything a carder needs to cash out the fraudulently obtained credit card data.

pharmaceutical e-mail spam problem: -The general public is addictive to drugs- legal – illegal – copy-drugs – fake claim drugs – and they e-mail you the consumer you seen them “Viagra” cheap -Canada – Europe – nah it from Asia or Russia.

Eastern Europe is the epicenter of the cybercrime epidemic-financially-motivated cybercrime – without question hackers in Russia and Eastern Europe are the most active, if not also the most profitable. sophisticated groups tend to be regional and stick to attacking their own (Brazil is a good example).

active malware/crimeware campaigns:

sophisticated cybercriminals:

Risk-forwarding cybercrime ecosystem

the rise of money mule recruitment

Are reshipping mules more popular than money mules

advanced persistent threats (APT attacks)

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Let’s look at the black market in the dark web.:

BLUE/BROWN/BLACK-(low end) COLLAR CYBER CRIMES

Selling Drugs

Selling Guns and explosives

Selling Stolen goods

Selling Hacked Data

Selling Sex

Buy an Assassin

Rent a Hacker

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

So now we can see that in the Surface black market the legit merchants are watching everything you do and selling your information to the highest bidder. While the sophisticated crimes agains normal people backed by organized crimes is normal in the clearWeb. So in the Deep -Dark -Tor -.onion web the low end criminals haunt this area. The problem I have is that the same things that are in the deep dark web are the same things I can get at -EBAy- Guns – Stolen Goods, -CraigsList- Assassin, legal/illegal Drugs, Sex, Stolen Damage Goods, Drugs, so in the surface web you can get the same as the dark web what’s the difference. Inside the matrix you have more anonymity -

No matter the anonymity gATO would not do business with the black market in the deep web or out. Use your own common sense my friends. We are judging that those people that use the ToR protocol to communicate with more privacy are all bad when only a few sites sell (bad) stuff there is some good in the network – and – bottom line –it’s all about freedom of choice . The other thing is that the commercial cyber-criminals ecosystem in the clearWeb has not picked up on this newer technology (ToR-onion network) that is more secure and are harder to scam and gain your personal and their information while online.

The Black Market is the same or worse in the surface web than in the deep-dark web so- stay away from the black market period use the ToR network to be smarter, quiter without leaving digital bread-crums -

Below I have my notes and the ToR Cleaned Hidden Directory WiKi so you can see yourself some of the things that go into the black market Tor-.onion network- Remember that this is only a small part of the network their is millions of terabytes undiscovered in the ToR-.onion network it’s just hidden. They don’t want you too know.

Goerge Carlin said it best – Your not in the club- and they are not going to let you in – they are never going to let you in-

They are going to scare you away from the ToR-.onion network because “they” the powers that be –will hide their little business secrets in this network and they want to scare you away from it. I found a great article from “Kerb on Security Interview” outlining the cyber criminal ecosystem where I drew a lot of the surface web black market anyway - gAtO oUt

lab Notes: =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

lab Notes: =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

lab Notes: =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

ToR Cleaned Hidden Directory Wiki

http://3suaolltfj2xjksb.onion/hiddenwiki/index.php/Main_Page

Hidden services – HTTP/HTTPS

Volunteers last verified that all services in this section were up, or marked as DOWN, on: 2012-01-24

Introduction Points

OnionLand link indexes and search engines.

Hidden Wikis

Index pages in Wiki-based format.

HackBloc’s Hidden Wiki Mirror – An editable up-to-date Hidden Wiki. Generally free from vandalism.
The Hidden Wiki – The original Hidden Wiki, owned by ion. Created January 2009. Went down for a while but it’s back up now. A bit outdated.
Hidden Wiki Mirror – An old Hidden Wiki mirror. Outdated.

Other indexes

Other places/directories you may be able to find links.

OnionBookmark – Keep bookmarks private or share with public.
TORDIR – Categorized link list of Tor, user submitted. Also a PM service. (Provider: RA)
Sites Deep Web – A small list of onion links. (Host: FH)
Core.onion – Simple onion bootstrapping. (Provider: JA)

Search engines

Google for Tor. Search for links.

TORCH – Tor Search Engine. Claims to index around 1.1 Million pages.
Deepsearch – Another search engine.
Torgle – Torgle revived. Based on OnionWare’s server. Web crawler.
The Abyss – Administrator’s search engine. Supports submitted links.
Ahmia.fi – Clearnet search engine for Tor Hidden Services (allows you to add new sites to its database).
DuckDuckGo, clearnet – Clearnet metasearch engine with heavy filtering. Not like the aforementioned search engines to look up Hidden Services. Just searches the clearnet.

Other general stuff to see

Starting places.

Tor WebDesign Guidelines – Suggestions to start making your own Hidden Service.
InspecTor – List of bad Tor nodes with ExcludeNodes generator for torrc. (Host: FH)
TorJump – A one-click wrapper to make Tor more accessible to non tech-savvies. (Host: FH)
Welcome, We’ve been expecting you! – Links to basic encryption guides.
Gateway – Tor ?? I2p web proxy.

Marketplace

See also: Marketplace Reviews – Reviews of the marketplace experience (ALL reviews go in this article, NOT in the listings below).
See also: The separate Drugs and Erotica sections for those specific services.
Remember that “feedback” can be faked in the Marketplace Reviews. Try to use escrow as much as possible to ensure you won’t be scammed.

Financial Services

Currencies, banks, money markets, clearing houses, exchangers.

Anonymous Internet Banking Anonymous Debit Cards with EU bank account and VCCs by A HackBB trusted vendor
The Bitcoin Laundry Service- Bitcoin Laundry service.
InstaCard – Sell your bitcoins for a virtual VISA credit card, in $25, $50, or $100 denominations. $5 fee.
Paypal4free – Hacked Paypal accounts for cheap, with balances
PayPal Store – Purchase clean, verified USA PayPal accounts with Bitcoin. (Host: FH)
Bitcoin Fog – Laundry service.
anonXchange – Ecurrency exchanger, exchange LR, Bitcoin, PSC, Ukash, Pecunix, Cash. Also doing Bitcoin washing.
Acrimonious – A bitcoin escrow checkout. Free if there are no disputes. Works with tor2web. (UNABLE TO REGISTER)
Bitcoin2CC, clearnet – Converts your Bitcoins into a virtual VISA credit card instantly.
The Bitcoin Washing Machine – Can launder large amounts of coins without same-coin contamination. (Host: FH)
Little BTC Ebook – The new way of selling and buying Bitcoin is through Second Life, more information here.

Commercial Services

Mystery File a Day – Want to see something cool?
Brand New Microsoft Products – Brand new Microsoft Hardware/Software up to 80% off Retail price. Start your own eBay/Amazon Business.
Killer for Hire (Now Called C’thulhu) – Permanent Solutions to Common Problems! (Cash/BitCoin/LR accepted)
Creditcards for all CCs from EU/US – Bitcoin. (WARNING: http://xkhu7alqhs4ig3fu.onion/ is a Fake-Site!)
Megaupload.com Accounts for BTC – sells megaupload.com accounts in exchange for bitcoins.
Quick Kill – Remove That Problem From Your Life. (LR/Bitcoin)
Stolen Mac Store – We have many products, contact at apple@tormail.net
Skimmers for SALE and RENT – No more fake CC IDs, make your own!!
BitJack21, [clearnet - Bitcoin Blackjack.
Tor Poker - Tor Poker, gamble Bitcoins playing 5 card draw.
Two Glock 22 for sale Two Glock 22 for sale.
Help Guy - Work in your interests, business partner, friend or whatever else.
EU Weapons - Europe Weapons and Ammunition (Pecunix, Bitcoin). (Host: FH)
KordTusten Weapons and Firearms - Various guns for sale with pictures.( Fake board )
All Purpose Identities - Get your Fake ID in the form of US and Canada Drivers Licenses, passports and many more
Buttery Bootlegging - Get expensive items from major stores for a fraction of the price! (Host: FH)
Stat ID's - Selling fake ID's.
Gun Guys Den (Sell's Firearms to Canada and US)
Red Dog Gaming - The Biggest and Best Casino on Tor: Baccarat, BlackJack, Keno, Let It Ride, Three Card Poker, Sports Book, Deposit Bonuses! Play Now!
Terminal Velocity United States Identification Store.
Patricks Mail Forward Mail forwarding service. DOWN 2012-01-27
PPSEE - The PayPal-Shop extreme Experience! (Bitcoin) FH (under construction)
FreshTec - SCAM! A bounty is being put on you unless our money is returned by the fifth, you've been warned.
Tor University (#1st) -
Bidcoin - Like Ebay. We increase the gross national product. (Host: FH)
Fixed Match Service - Fixed Match Service. Lets you buy into fixed sporting events. (Host: FH)
Cheap SWATTING Service - Calls in raids as pranks. (Host: FH)
Data-Bay - Buy and sell files using digital currency.
Tor University (#2nd) - Research and Writing services for the college student. (Host: FH)
Pirax Web DDoS - Take out your enemies in seconds. (Host: FH)
Onion-ID Get your 2nd identity from Onion-ID, real passports and proffessional id card + drivers license replicas.
Hacking Services - Hacks IM and Social Nets, does DDoS, sells bank/credit/paypal accounts. Se Habla Espanol. (Host: FH)
Slash'EM online - Super Lots'A Stuff Hack-Extended Magic tournament server (Bitcoin).
Rent-a-Hacker - Professional hacker for hire, DDOS, hacking, ruining people, espionage etc.
Contract Killer - Kill your problem (snitch, paparazzo, rich husband, cop, judge, competition, etc). (Host: FH)
BacKopy - Sells game, software and movie discs (Bitcoin).
Flip the coin, get the money! - A simple coin tossing game with 50-50 chance.
Assassination Market - A market following the "Assassination Politics"
Underground Market Board - Underground Market Board is intended to be used as a market.
FancyPower Macbooks - "Acquired" Macbook Pros and Airs for sale. (404 Not Found) - Broken 2012-01-29
Underground Market Board
Downloaditforyou - File Download Service. We download files, burn them to DVD's and send them to you in the mail.

Hosting / Web / File / Image

The Onion Cloud - Tor/ownCloud based cloud. Login/Pass: public/public. (Host: FH)
Megaupload.com Accounts for BTC - sells megaupload.com accounts in exchange for bitcoins
TOR host - Host your site anonymously in deep web for free. - DOWN 2011-12-24
bittit, clearnet - Host and sell your original pictures for Bitcoins.
Mystery File a Day - Want to see something cool?
Blolylo - Simple file uploads. Won't accept plain text files. 2 MiB upload limit. (Host: FH) (Blank page) - Broken 2011-06-09
CircleServices - Mixie's place. Provides: Circle-Talk, TorPM, ImgZapr, SnapBBS, qPasteBin, AnonyShares, Circle-IRC. (Provider: CS)
Anonyshares - File upload up to 10MB. (Provider: CS)
qPasteBin - A pastebin. (Provider: CS)
5am - File dump and Image Board. 5MB Limit. DOWN 2012-01-05
Potaoto - Image hosting. Generates large thumbnails. DOWN 2012-01-05
Onion Fileshare - 2GB Upload file size limit. Upload any files you want.
ES Simple Uploader - Upload images, docs and other files. 2 MiB upload limit. (Host: FH)
IMGuru (More info) - Fast GIF/JPEG host. No images removed. If you get the error Invalid File, retry the upload. (Host: FH)
TorIB - Create and run your own imageboard. (Host: FH) (Neglected status note) - Broken 2010-06-16
SquareBoard - Upload and share high quality images. (Moderated)
sTORage - Upload files. Has WebDAV support.
Onion Image Uploader - Image Hosting. 2 MiB upload limit. Generates medium thumbnails. (Host: FH)
Freedom Hosting (More info) - Hosting Service with PHP/MySQL. As of 2011-06-04, it hosts about 50% of the live OnionWeb by onion. UPDATE 2011-06-05, probably owns a lot more than that now. Invite-only.
PasteOnion - Paste and share text, sources, whatever. You can make your paste public or set a password. (Host: FH)
QicPic - Upload any type of file. Caches and compresses uploaded files to decrease loading time. (Host: FH)

Blogs / Essays

Nekro's Onion Shanty #Revived# - A personal page by Nekro.
My Hidden Blog - Security politics, security, tor, tools, personal.
The Most Dangerous Man in Cyberspace - Scans of a Rolling Stone article about Jacob Appelbaum (ioerror).
RespiraTOR - If something is infuriating you, it's better to get it off your chest (Host: FH) (not updated since November 2011)
Americans for Disparity - Exploring disparody.
Tor and blosxom - A Tor hidden service running on the blosxom blogging platform.
Coding Horror - Programming and human factors. DOWN 2012-01-24
The Croat's Blog - It's all about the intel and knowledge! Whistleblowing FTW! (Host: FH) (Absolutely no content. But up.)
10 Step Guide to Bail Jumping - More about Jumping bail and fleeing the country (Host: FH)
Gionn.net, clearnet - Technology blog and news aggregator.
My Hidden Blog - Security politics, security, tor, tools, personal.
Tornado - Forum, blogs, polls, registered or anon posting. User List. (Host: FH)
Radio Free KENK - Music, media, anarchy. By: qfkenk. (Host: FH) (404 Not Found) - Broken 2012-01-16
Shew's Blog #1st - Redirects Meta to: Shew's Blog #2nd. (Host: FH) - Redir 2011-08-01
Shew's Blog #2nd - Blog and Shewstring, an anonymized FreeBSD distro, open commenting. (Host: FH) (not updated since 2011-09-04)
Cone's lair #2nd - Yeesha. Back with Cone's journal and some other stuff.
True Anonymous Confessions - A confession service based on a bash clone. (Host: FH)
Beat Charges - Beat Criminal Charges, pass your sex offender polygraph, flee the country. beatcharges@tormail.net for special consultation / Bitcoin payment options.
How to Get Away with Insider Trading - You always wondered why these guys were getting caught, now pull it off and make millions.
Beat the Sex Offender Polygraph & Abel Assessment - Sex Offender? Here's how to stay out and prevent re-convictions or get a better plea offer.
TORus.net - A micro-blogging service based on the Free Software StatusNet tool. DOWN 2012-01-16
Beneath VT - Information on the steam tunnels at Virginia Tech.
Keep Bitcoin Real, flickr, imgur - Fuck the day traders, take Bitcoin back to its roots. (Host: FH)
The Human Experiment - Human medical experiments. We go, where few dare. (Host: FH)(Direct FH URL). (Host: FH)
- Steal This Wiki mirror - Steal this wiki mirror, no editing, hosted at NoReason.

Forums / Boards / Chans

SnapBBS

A relatively simplistic messaging board owned by Mixie. Various discussion boards. There's lots of these, but here are a couple.

TheHiddenHand - SnapBBS, TheHiddenHand collective communication based on conspiracy, philosophy and uncensored information
Circle-Talk - A board on the front page of CircleService. (Provider: CS)
SnapBBS - The SnapBBS service. A temporary dump of the public board index is here. (Provider: CS)
Onion Site Reviews - A site started 2011/11/19 made for the reviews of onion sites. (Host: CS)
TorTSE - A continuation of the infamous TOTSE forum which has existed since the late 80s covering almost every topic. (Host: CS)
TOR Free For All - Unmoderated area for political and other topics. Anything goes. Private board. (Host: CS)
Democrat Watch - Right-wing board dedicated to criticizing Democrats (registration required). (Host: CS)
The Intel Exchange - Know or need to know something? Ask and share at this underground intelligence gathering network. (Host: CS)
LE+TOR Interchat - Law enforcement and Tor users can interact and share their opinions as humans. (Host: CS)
TOR Answers - Like Yahoo answers, but with a Tor twist. (Host: CS)
Paranomal Aliens n' Shit - Discussion of the Paranormal, Aliens and Shit. (Host: CS)
Cafe at the End of the Internet - Feeling off-topic? Tech-oriented chill zone/meeting grounds for general talk. (Host: CS)
Esoteric and Occult - Dedicated to all forms of occultism. (Host: CS)
Crime Network - A place to network and get better at your craft. (Host: CS)
Demosthenes' Board - Demosthenes' Board. (Host: CS)
SnapBBS public board - The public SnapBBS board. (Provider: CS)
What is your current Bitch? Post your current gripe and/or bitch! Blow some steam off and you will feel better.
Alternative Energy Forum - Talk about energy projects with other people.

Other forums

Other forum types. Usually phpBB.

Circle-Talk - A board on the front page of CircleService. (Provider: CS)
Torduckin0 #1st - Citadel BBS with chat and IM to support Torduckin. (Provider: JF)
Onionforum 2.0 - A restart of the popular Onionforum. No login required. (Host: FH)
OnionTalk - 2ch-inspired messaging board. No registration required! DOWN 2012-01-22
Talk.Masked, clearnet contact form - Talks and Notes. 2nd generation. Famous messaging board. (Provider: JA)
Torduckin0 #2nd - Citadel BBS with chat and IM to support Torduckin. (Provider: JF)
Anonymous BBS, gopher interface, telnet interface - Another variation of the talks style of board.
OnionMe - Forum for personal ads. All ages welcome.
Torduckin0 #3rd - Citadel BBS with chat and IM to support Torduckin. (Provider: JF)
Torduckin0 #4th - Citadel BBS with chat and IM to support Torduckin. (Provider: JF)
Leaf's underground horticulture - Minimalist, multipurpose text boards. No login required. (Host: FH)
EpicIB - Private IB/Chan hosting by Onionymous. Boards: /tib (A TinyIB) (needs to be configured) - Broken 2012-01-23
Torsquare - Anonymous board, shares posts and discussions with Torbook's public square.
HackBB - Forums for hacking, carding, cracking, programming, anti-forensics, and other tech topics. Also a marketplace with escrow. Should be H/P/A/W/V/C but it can go under here as well.
Freeside - WHY WAIT? Leave the crazy at the door.
RedditTor - Anonymous Reddit. Broken until further notice.

Imageboards

Non-CP or generally safe imageboards on Tor.

Torchan - /b/, /i/, programming, revolution, tons of other boards
Anonchan - Boards: /b/ - Random, /a/ - Anime/Manga/NSFW.
Hidden Image Site - HIS
TriChan - Revived, now only has /p/ Pokemon, /mlp/ My Little Pony, and /b/ Random
Lukochan - A Russian/English text discussion board in imageboard style.

Deaths (R.I.P):

RundaChan - Share ideas and ask or answer questions
Bobby's board Channel with currently only 2 boards but growing - about 75% LOL 0% uptime

Forums Scripts Besides SnapBBS

PunBB 1.3.6 Forum script - During installation, you need not give your email address to create your forum! When registering you do not need feeding your e-mail! You can register without e-mail. The script does not register in the forum database your IP! nor the Administrator / Moderator cannot see your IP address gives you a much safer use of the forum because your IP is not logged anywhere in the database! Two mirrors download.

If anyone knows of anything else that provides this, send an e-mail.

Email / Messaging

See also: The compendium of clearnet Email providers.

Startbook - online management of your bookmarks/favorites
TorPM - Tor Private Messaging. (Provider: CS)
SimplePM - A PM service by CWKU. No registration needed. (Host: FH)
GPF AnonymousWebservices, clearnet - Proxies for I2P, mail, news, tor, web. By: GermanPrivacyFoundation
Anonymoose Chat - An HTML-only chatroom. (Host: FH) (doesn't work) - Broken 2012-01-23
GPF PrivacyBox, clearnet - Private messaging service. Proxies for I2P, tor, web. By: GermanPrivacyFoundation
Tor Mail - Webmail/SMTP/IMAP/POP3. Can send/receive mail from outside Tor with a you@tormail.net address.
Remailer Reliability Stats, clearnet, clearnet - Mixmaster/Cypherpunk remailer stats.
mul.tiver.se, clearnet - Censorship-free distributed social network hosted by the Chinese Pirate Party DOWN 2012-01-05
Newzbin, clearnet - Crowdsourced Usenet index based in the UK
ChatRoom - BlaB! Lite AJAX based chat system, use any browser. No registration. (Host: FH)
EFG Chat - HTTP refresh chatrooms. (Host: FH)
Torbook - A way to make friends in onionland.
ELIZA - Free pyschotherapy!
n0id - n0id's crypto identity and contact page.
Narcan's GPG key - Narcan's GPG key. (Host: FH)
TorStatusNet - Twitter clone on tor.

Political Advocacy

Heidenwut - Politics, Occultism, Spy vs Spy, Revolution!! clearnet
BuggedPlanet.Info - Information on Telecommunication Interception Companies & Installations
PURE EUROPE - Cleanse Europe of the dirt! (Host: FH)
Keep Internet Open! - Small unofficial AnonOps site, currently instructing how to DDoS MasterCard and other WikiLeaks opponents.
A website - Free speech advocacy. (About 50% uptime.)
paraZite #2nd, clearnet 301 redirector - paraZite: Illicit activities advocacy and censored information archive.
Neutering NOT Org, clearnet - Why Non-Human Beings Should NOT Be Castrated. Has WolfHowl.Org mirror. (Host: FH)
House of Anonymous - Satirical manifesto regarding anonymous. (Host: FH)
paraZite #1st, clearnet 301 redirector - paraZite: Illicit activities advocacy and censored information archive.
FREEFOR - USA-based FREEdom FORces developing a turnkey distributed Temporary Autonomous Zone. FAQ
The Movement of torism - New activist group organized in OnionSpace. (Host: FH)
Wake up Europe! - This is a call to arms!
Revolution Bunker - h3x's blog on censorship, hacking, privacy, crypto, capitalism, war, corruption, etc. (Host: FH) (not updated since August 2011)
LoM's Revolutionary Codex - Revolution/Subversive texts, forum soon, blog. (Host: FH) (not updated since November 2010)
Heidenwut - Politics, Occultism, Spy vs Spy, Revolution!! (Host: FH)

Whistleblowing

WikiLeaks

A Cat's Mirror of Wikileaks Cablegate site, clearnet - Includes cables currently redacted or offline.
WikiLeaks mirror #B - updates follow wikileaks.ch with up to 3 days delay.
WikiLeaks mirror #A - WikiLeaks last push update to this mirror occurred 2011-03-06.

Operation AntiSec

Operation Satiagraha, clearnet - Evidence exposing high-level corruption in Brazil.DOWN 2012-01-21
Fuck FBI Friday IV: Vanguard Defense Industries - Private documents from a military contractor. DOWN 2012-01-23
Texas Takedown Thursday: Chinga La Migra IV - AntiSec messes with Texas, attacks dozens of police systems and chief emails.
Fuck FBI Friday: IACIS Cybercrime Investigator Communications - email dump including IACIS internal email list archives

Other

Freedom of Information Network - Leak document safely. Anonymous registration required. No logs. Get a spot in our bunker. DOWN 2012-01-10
A website - Advocates free speech and accepts new leaks. DOWN 2012-01-10
HBGary Federal Attachment Dump - The HBGary email archive leaked by Anonymous. (Host: FH)
Zyprexa Kills, mirror - The Zyprexa Memos. Internal documents that Eli Lilly tried to censor. (HTML contains a syntax error) - Broken 2012-01-24
Taz.de, clearnet - Mockup of another leak project, known as OpenLeaks. DO NOT USE FOR SERIOUS LEAKS.

H/P/A/W/V/C

Hack, Phreak, Anarchy (internet), Warez, Virus, Crack.

DOXBIN - DOX go here. A pastebin for personally identifiable information.
HackBB - Forums for hacking, carding, cracking, programming, anti-forensics, and other tech topics. Includes a marketplace with escrow.
VIAGRA - Read-only site with archives of files/texts related to hacking/security. DOWN 2012-01-09
Carders Forums - Ministry of Fraudulently Affairs.
hashparty - Password hash cracking site.
Kaspersky Key Share - Get KAV and KIS keys here. DB ERROR (Provider: RA)
OnionWarez - Warez forum
Polyfront #2nd (mirror) - Tradecraft and security tutorials
OpenSource Intelligence - LEA ops capability docs with an emphasis on cyber crime DOWN 2012-01-17
OnionUserX Censor Page - Seriously, the fuck? Anyone mind reposting the original links?
The KMs Bird (WhiteHex) - School hacker. (Host: FH)
DeepSec, clearnet - An annual European two-day in-depth conference on computer, network, and application security.
BRAMA - Linux/Wireless/Mobile tech consortium in Poland.
TM Comm - For a Chaotic Tomorrow. (Host: FH)
The KMs Bird (GreenBin) - School hacker. (Host: FH)
Shell In A Box - Shell In A Box.
Requiem - Software for removing iTunes DRM
keys open doors - Mirror of geohot's PS3 hacking tools (censored on the clearnet by a Sony lawsuit)
Speakeasy #2nd - Paper describing a highly-secured forum system (current version). (Host: FH)
Crackwar - Pirates are the good guys! (Host: FH)
Cycekkk - A browser exploit page using 302 mailto method. Tries to send bad words/links to Mr. Brejza. (Host: FH)
Weird and Wonderful Old Stuff - A collection of old DOS and Windows software. (Host: FH)
PayPal Store (no contact info) - Broken 2012-01-29
New Diceware Lists - Randomization for file names. Multiple lists, more to come. (Host: FH)
Speakeasy #1st - Paper describing a highly-secured forum system (old flawed version). (Host: FH)
Onion Desktop - eyeOS web desktop. (Host: FH)
Dear PayPal, (clearnet) - AntiSec's message.
thE LisT oF SQL data bases! - MySQL credentials archive. Hosted on this page.
bugmenot@tor - A user supplied database of account credentials for various websites.

Audio - Music / Streams

Lossless Audio Files - Mostly WavPack, some FLAC, Ape, ogg, etc. Has index generating links.

Video - Movies / TV

FileshareZ Filesharing forum, movies, music and tv-shows. (Host: FH)
Movies, Music, TV & Ebooks user: webuser password: L0L******

Books

See also: Category:Novel - List of books on this wiki.

The Tor Library - 47 GB. pdf, chm, djvu. Design by Russebertene
Example rendezvous points page - Thomas Paine's Common Sense and The Federalist papers
Destination Unknown - Small selection. Searchlores, Cryptonomicon, Thelema...
LiberaTor - Making weapons, military training, and related subjects. (Host: FH)
Free Bibliotheca Alexandrina - English, Spanish and German book fileserver and wiki. Mostly sf/fantasy. (Host: FH)
The Laughing Nihilist - Drugs + writing. (Host: FH)
Mister's Library - Mostly philosophical. (Host: FH) (403 Forbidden) - Broken 2012-01-23
Mister - Collection of writings, art, selected texts and deeply personal views on philosophy of existence. (Host: FH)
ParaZite - Collection of forbidden files and howto's (pdf, txt, etc.).

Drugs

Noncommercial (D)

These sites have only drug-related information/talk. No sales or venues.

Silk Road Forums - Silk Road Forums
Be Here Now - The North American Laughing Buddha (Folk medical advice from a pothead). (Host: FH)
TorDrugResource - Drug Chemistry and Pharmacology including limited Rhodium/Hive/Synthetikal mirrors. (Host: FH)
Serenity Files - Community-maintained library on growing illicit substances.

Commercial (D)

See also: Marketplace Reviews and Onion Reviews - Reviews of the marketplace experience (ALL reviews go in these articles, NOT in the listings below).

oxiD Shop - Marijuana, Cocaine (Bitcoin)
Silk Road - Marketplace with escrow (Bitcoin)
Pot2Peer - Marijuana and cannabis products delivered safely and discreetly to your door. Always anonymous. (Bitcoin)
Paradoxum - Cannabis, MDMA, LSD, Mushrooms, Coke, DMT (BTC, Dwolla, Pecunix, LR, Paxum)
DrugSpace - Dispensary Grade Sour Diesel Marijuana and Cambodian strain Psilocybin Mushrooms. Get the URL from the Onion Reviews, people keep changing it here
Trees by Mail Beta - Cannabis from Northern California (Bitcoin)
and - Yummy edibles and other cannabis related stuff. Nothing but the best. (Paypal and Bitcoin)

Erotica

Adult

Noncommercial (E)

(Y)APE - Yet Another Porn Exchange.
LustAdultery - Hardcore hot truth ladies and lust
Bug Tales - Site rip of Bugtales.net from the Internet Archive. Homosexual bugchasing stories. (Host: FH)
Porn-Free - Free porn advice
Hard p0rn - forum - The harder the better
Penis Panic! - Dedicated to genital mutilation. The discussion board. (Host: CS)
Penis Panic! - Dedicated to genital mutilation. The pictures and videos. (Host: FH)

Commercial (E)

See also: Marketplace Reviews - Reviews of the marketplace experience (ALL reviews go in this article, NOT in the listings below).

Fap BTC - Buy accounts for porn sites.
bittit NSFW, clearnet - Buy or sell original NSFW pictures for Bitcoins.
CambodiaSite - rent-a-friend for sex-tourists in Cambodia
XXX Passes and stuff - Passes to various sites (BTC). (Host: FH)
Passwords and other things - Passwords to most XXX sites and other things (Bitcoin). (Host: FH)
XXX Passwords - Popular XXX site passwords (Bitcoin). (Host: FH)
XXX Passwords - Popular XXX site passwords (Bitcoin). (Host: FH) (Has no contact info) - Broken 2011-07-06
Tor Sex Workers Review Board - For escorts, exotics, massage, etc. (Host: FH)

Paraphilias

VOR-COM Archive - Archive of the VOR-COM. Contains vore!
Watersports and piss - Watersports and piss. (Host: CS)
The Secret Story Archive #1st - Big cat zoophile stories, artwork, links and forum.
The Secret Story Archive #2nd - Mirror of #1st.9
Anessadu's file dump, tor2web redirect - Furry Blender images.

Uncategorized

Services that defy categorization, or that have not yet been sorted.

Kenny - You killed Kenny! You're a bastard! DOWN
Carson - Nature Boy poem. Previously The Ultimate Guide for Anonymous and Secure Internet Usage v1.0.1.
The LG enV2 - Very basic information and photo gallery about a wireless digital messaging phone. (Host: FH)
Questions and Answers - A little truth game. Ask questions and give answers anonymously. Answers also support image uploading.
noreason - Info and pdf files on weapons, locks, survival, poisons, protesters, how to kill. Hidden Wiki, TorDir, Steal this wiki, Telecomix Crypto Munitions Bureau mirrors. Guro, dofantasy / Fansadox Collection. DOWN D:
The Outlaw Project - "Free for all" - links to various files and known .onion sites. Onion address hosted an FTP service.
Fenergy file-server - File collection that includes books and other resources energy related.

Non-English

Czech / ?eština

http://n4k727nqnwkvb4g6.onion/d/ - Free speech advocates, news and articles about Big Brother, 1984 etc. DOWN 2012-01-24
PirateLeaks.cz #2nd, clearnet - ?eská obdoba WikiLeaks / Czech website based on Wikileaks.

Danish / Dansk

DanishChan - Scandinavian focused imageboard. Boards include drugs and IT security as well as a Random board. Fast and clean layout, little downtime.
drugs.dk - Danish Drug Trade. (Host: CS)

Dutch / Nederlands

Voetbalfan - Voetbalfan. (Host: FH)

Estonian / Eesti

Vileveeb - Anonüümsete raportite esitamine. DOWN 2012-01-24

Finnish / Suomi

Sipulilauta - A chan. (Direct FH URL) (Host: FH)
Sipulilauta - A chan. (Host: FH)
Thorlauta - Successor to Torlauta.
Blue Quarters - Advice regarding to BitCoins, Silk Road Online, ordering anonymously, staying anonymous in deepweb etc.
Blue Quarters Forum - Discussion forum.
TorBook - Discussion forum, marketplace. DOWN 2012-01-24
Suojeluskunta - White Power Forum

French / Français

Noel Board - A French board.
Je suis Kalila - Weird website.
Forum Hacking-Security

German / Deutsch

Das ist DEUTSCHLAND hier - discussion forum with no specific topic. (Host: FH)
TAZ Archiv - A daily updated archive of the TAZ (German newspaper) starting from 2009-05 maybe with some days missing
Warez Forum - Forum for warez and uncensored talk. (Host: FH)
Archiv der Aktiven-Mailingliste der Piratenpartei Deutschland,
beaglesnoop - Website and blog. (Host: FH)
Zwiebelpad v1.1 - An EtherPad. (Provider: TS) DOWN 2012-01-24
Pyrowiki - Pyrotechnics and drug wiki. (Host: FH)
Dissoziation - Wiki about dissociation, multiplicity, trauma, etc. (site is blank) - Broken 2012-01-24
Geheimkanal - Imageboard. (Partially 18+). (Host: FH)
Safety101 - Computer saftey board. Some English. (Host: FH)

Hebrew / ?????

Samim.onion - Selling and shipping of drugs and medicine in Israel (Bitcoin). (Host: FH)

Italian / Italiano

Cipolla ( se offline andate qui ) - Forum italiano: Mercatino, Hacking, Bitcoin, Droghe ...
Deepwiki ITA Eciclopedia libera italiana
TutankEmule, clearnet - Emule/ed2k link index DOWN 2012-01-24
Il blog di leandro
ITALY: Mercato nero

Japanese / ???

Tor Links - ???????????????????????????????????
Vacatin City - ??????????????????????
201Q - 201Q 1
201Q - 201Q 2
201Q 2ch - 201Q 2ch type
room 201Q - Room 201Q
After Dark - we are all alone
rococo city #2nd - ??han?BBS. ??????????
????????? - ?????????????
Erotica Romance #2nd - ????? ????
Erotica Romance #1st - Erotica, Romance
Onion????? - Onion Channel, a system similar to 2channel.
Tor Land in Japan - Tor BBS. ??????????????Finally Free????. (Host: FH)
Tor ??? - Tor????Finally Free??????. (Host: FH)
201Q Y - ??????. (Host: FH)
phpFreeChat - ???????????????????????? ???????????????????????????? ??????????????. (Host: FH)
???BBS? - ???????. (hentai image board) (Host: FH)

Korean / ???

?? - ??? ?? ??? (??????)

Polish / Polski

Torowisko - Forum Polskiej Spo?eczno?ci Tor. Nowe ogólnotematyczne forum bez rejestracji i cenzury. Godny Nast?pca Onionforum, ju? z ponad 8000 postami (codziennie przybywaj? nowe!). (Host: FH)
Fundacja Panoptykon, clearnet - Strona fundacji przeciwstawiaj?cej si? coraz powszechniejszej inwigilacji oraz tendencjom nasilania nadzoru i kontroli nad spo?ecze?stwem.
George Orwell "Rok 1984" - polskie t?umaczenie znanej powie?ci
Polska Ukryta Wiki - PUW, wiki polskiej spo?eczno?ci Tor. (Host: FH)
FAQ – Freely Answered Questions - Portal typu Q&A, gdzie mo?esz zadawa? pytania zwi?zane z undergroundem (czyt. pytania niewygodne). (Host: FH)

Strony porzucone, nieaktywne lub ?mieciowe:

Backup NWO - wybór najciekawszych stron i artyku?ów dot. nowego porz?dku ?wiata i tematów pokrewnych. (Host: FH)
Ksi?ga Urantii - czyli kolejna, jedynie s?uszna prawda, komu? tam objawiona. (Host: FH)
Krzysztof Brejza - ma?o zabawna imitacja strony jednego z pos?ów PO. (Host: FH)
Polska Cebulka - blog i zbiór linków dot. polskich zasobów sieci Tor. (Host: FH)
Polska ukryta strona w sieci Tor - przyk?adowa strona. (Host: FH)
Torkazywarka i Forum Przekr?ty, praktycznie martwe forum, w za?o?eniu o przekr?tach, broni i hackingu. (Host: FH)
TorKnight - wielotematyczne forum wymagaj?ce rejestracji. (Host: FH)
56 Dog Days - Ramblings. (Host: FH)
Onioon Search - Polska wyszukiwarka stron .onion - ka?dy mo?e doda? swój stron? do katalogu wyszukiwarki. (Host: FH)

Portuguese / Portugues

Caravana Brasil

Russian / ???????

R2D2 - ????????? ?????, ??????? ????????????, ???????? ????????
Runion - ????????? ?????: Bitcoin, Tor, ????????? ?????
Runion Wiki - ??????? ?????? ? ????????? ? Runion ?? ???????
??????? - ??????? ??????? ?????. (Host: FH)
???? - ??????????? ???????? ???????? ?????????????. (Host: FH)
??? - ????????? ????????????? ?????.
????????, clearnet - ?????? ???????? ????????????? ????????? ????????.
?????-?????? - ????? ??????? ?????? ? ???? ?? ??????? ?????. (Host: FH)
Russian Road - ??????? Silk Road(?????????, ??????, ?????????, ?????????)

Slovak / Slovenský

Detská pornografia: Je to len zámienka - Pre?o je boj proti detskej pornografii zámienkou pre nie?o iné. (Host: FH)

Spanish / Español

Abusos - Abusos judiciales en España.
Quema tu móvil!, clearnet - Interceptación de comunicaciones móviles. Cell phone eavesdropping techniques used by Intel agencies. DOWN 2012-01-24
HoneyNet, clearnet - Hacking ético, técnicas especiales de seguridad empleadas en los test de intrusión para evitar ser detectados. DOWN 2012-01-24
T0rtilla - Shoutox webchat. (Host: FH)
CebollaChan - CebollaChan, el tor-chan en Castellano.
T0rtilla - Shoutbox webchat. (Direct FH URL). (Host: FH)
Forocoches 2.0 - Torocoches - Forocoches 2.0 (Host: FH)

Swedish / Svenska

Moral.Nu, clearnet - Vad är moral? (Provider: RE)
KognitionsKyrkan, clearnet - Spiritual stuff. (Provider: RE)
ZG Projektet, clearnet - ZG Projektet. (Provider: RE)

Hidden Services - Other Protocols

Volunteers last verified that all services in this section were up, or marked as DOWN, on: 2011-06-08
For configuration and service/uptime testing, all services in this section MUST list the active port in their address. Exception: HTTP on 80, HTTPS on 443.
For help with configuration, see the TorifyHOWTO and End-to-end connectivity issues.

P2P FileSharing

Running P2P protocols within Tor requires OnionCat. Therefore, see the OnionCat section for those P2P services.
IMPORTANT: It is possible to use Tor for P2P. However, if you do, the right thing must also be done by giving back the bandwidth used. Otherwise, if this is not done, Tor will be crushed taking everyone along with it.

The Pirate Bay - Download music, movies, games, software! The Pirate Bay - The galaxy's most resilient BitTorrent site - Official(?)
GNUnet files sharing - GNUnet URI index site with forum. (Host: FH)
Sea Kitten Palace - Torrent site and tracker for extreme content (real gore, animal torture, shockumentaries/mondo cinema, and Disney movies)
AshANitY - Anonymous sharing of Humanity, torrents. (Host: FH)

Chat centric services

Some people and their usual server hangouts may be found in the Contact Directory.

IRC

See also: IRC Anonymity Guide

AnoNet - Each server is on its own network and connects to a chat cloud

irc1.srn.ano, clearnet
elef7kcrczguvamt.onion:15783 - Direct access to the AnoNet chat cloud. Use an IRC server to connect.
irc3.srn.ano
irc2.srn.ano, clearnet - Still connects to the old AnoNet chat cloud; that will soon change.
irc4.srn.ano
irc.cananon.ano Web Chat Version join #Anonet

OFTC IRC - OFTC IRC server

running on: (various).oftc.net, ports:: plaintext: 6667 ssl: 6697

Federation: OnionNet - IRC network comprised of:

Circle IRC - Circle IRC server. (Provider: CS)
FTW IRC - FTW IRC server.
Nissehult IRC - Nissehult IRC server.
Renko IRC - Renko IRC Server.

OpenSource, info - Drug chat
Dark Tunnel Irc2p gateway - Gateway to the Irc2p IRC network on I2P.

running on: unknown, ports:: plaintext: 6668, ssl: none

Chi's Tunnel to Irc2p - New Gateway to the Irc2p IRC network (old one was down)

freenode IRC - freenode IRC server

running on: (various).freenode.net, ports:: plaintext: 6667 ssl: 6697/7070

NeoturbineNET IRC - NeoturbineNET IRC server

running on: kropotkin.computersforpeace.net, ports:: plaintext: none ssl: 6697

FREEFOR - FREEdom FORces - see "Political Advocacy"

running on: unknown, ports:: plaintext: 6667 ssl: 9999

hackint - hackint is a communication network for the hacker community.

running on: lechuck.darmstadt.ccc.de, ports:: plaintext: none ssl: 6697

Agora Anonymous - Agorist IRC server
HeavyCrypto - HeavyCrypto IRC

running on: unknown, ports:: ssl: 6697

SILC

fxb4654tpptq255w.onion:706 - SILCroad, public server. [discuss/support]

XMPP (formerly Jabber)

xmpp:ch4an3siqc436soc.onion:5222 – public server. No SSL. Chatrooms. No S2S. – DOWN 2011-08-01
xmpp:okj7xc6j2szr2y75.onion:5222 – xmpp:jabber.ccc.de:5222 as a hidden service

TorChat Addresses

Humans are listed in the above contact directory. Bots are listed below.

7oj5u53estwg2pvu.onion:11009 – TorChat InfoServ #2nd, by ACS.
gfxvz7ff3bzrtmu4.onion:11009 – TorChat InfoServ #1st, by ACS.

OnionCat Addresses

List of only the Tor-backed fd87:d87e:eb43::/48 address space, sorted by onion. There are instructions for using OnionCat, Gnutella, BitTorrent Client, and BitTorrent Tracker.

62bwjldt7fq2zgqa.onion:8060

fd87:d87e:eb43:f683:64ac:73f9:61ac:9a00 – ICMPv6 Echo Reply

a5ccbdkubbr2jlcp.onion:8060 – mail.onion.aio

fd87:d87e:eb43:0744:208d:5408:63a4:ac4f – ICMPv6 Echo Reply

ce2irrcozpei33e6.onion:8060 – bank-killah

fd87:d87e:eb43:1134:88c4:4ecb:c88d:ec9e – ICMPv6 Echo Reply
[fd87:d87e:eb43:1134:88c4:4ecb:c88d:ec9e]:8333 – Bitcoin Seed Node

taswebqlseworuhc.onion:8060 – TasWeb – DOWN 2011-09-08

fd87:d87e:eb43:9825:6206:0b91:2ce8:d0e2 – ICMPv6 Echo Reply
http://[fd87:d87e:eb43:9825:6206:0b91:2ce8:d0e2]/
gopher://[fd87:d87e:eb43:9825:6206:0b91:2ce8:d0e2]:70/

vso3r6cmjoomhhgg.onion:8060 – echelon

fd87:d87e:eb43:ac9d:b8f8:4c4b:9cc3:9cc6 – ICMPv6 Echo Reply

Bitcoin Seeding

Instructions

bitcoinbudtoeks7.onion:8333 – DOWN 2011-08-20
nlnsivjku4x4lu5n.onion:8333 – DOWN 2011-08-20
xqzfakpeuvrobvpj.onion:8333
z6ouhybzcv4zg7q3.onion:8333

Dead Hidden Services

Main article: List of dead hidden services

Do not simply remove services that appear to be offline from the above list! Services can go down temporarily, so we keep track of when they do and maintain a list of dead hidden services.

In addition to an onion simply being gone (Tor cannot resolve the onion), sites that display 404 (and use a known onion/URL based hosting service) are the only other thing that is considered truly DOWN. Presumably the account is gone.

If a service has been down for a while, tag it with ‘ – DOWN YYYY-MM-DD’ (your guess as to when it went down).
If a tagged service on the above list of live hidden services has come back up, remove the DOWN tag.
If a tagged service is still down after a month, please move it (along with the DOWN tag) to the list of dead hidden services.

The general idea of the remaining four service states below is that, if the Hidden Service Descriptor is available, and something is responding behind it… the service is considered up, and we track that fact on the Main Page. If any of these subsequently go offline, append the DOWN tag and handle as above.

Hello world’s / statements, minimal sites, services with low user activity, etc (while boring)… are listed as usual.
Broken services are those that display 404 (and do not use a known hosting service), PHP or other errors (or they fail silently)… any of which prevent the use of the service as intended. They also include blank pages, empty dirs and neglected status notes. Presumably the operator is in limbo. Broken services are tagged with ‘ (reason) – Broken YYYY-MM-DD’ (your guess as to when it went broken)
Services that automatically redirect to another service (such as by HTTP protocol or script), have their redirection destinations noted in their descriptions. These are tagged with ‘ – Redir YYYY-MM-DD’ (your guess as to when it went redir)
Sites that are formally closed via announcement are tagged with ‘ – Closed YYYY-MM-DD’ (your guess as to when it went closed)

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Kerb on Security Interview:

Black Market : Tales from the underground

http://www.zdnet.com/blog/security/q-a-of-the-week-tales-from-the-underground-featuring-brian-krebs/12414

ATM skimming

ATM skimming is proliferating, next to the overall availability of bank plastic cards, holograms and pretty much everything a carder needs to cash out the fraudulently obtained credit card data. From ATM skimmers with bluetooth notification, to ATM skimmers with SMS notification, what are some of the latest innovations in this field that you’re observing?

Brian: One innovation in skimming that I wrote about recently is that crooks are starting to turn to 3D Printers to make these devices. An investigator in California shared with me some photos of was was believed to be a 3D printed skimming device, which was the news hook for that story. But as I was researching the topic, I discovered that a skimmer gang had recently been convicted of creating skimming devices made with a 3D printer they had purchased with the proceeds of their previous skimming crimes.

pharmaceutical affiliate networks

Brian: I think there are a few trends emerging, and they all have to do with the fact that it’s getting harder for rogue pharmacies to make money. One is a shift toward more generic and herbal medications. The affiliate programs seem to be looking for drugs to sell that don’t incur intellectual property violation cases, which can get them shut down in a hurry. But I think it is becoming much harder for the larger volume spam and scareware affiliate programs out there to retain reliable processing, and that’s a long overdue but welcome development.

Eastern Europe is the epicenter of the cybercrime epidemic

Brian: If you mean financially-motivated cybercrime that affects the rest of the world, I would say without question hackers in Russia and Eastern Europe are the most active, if not also the most profitable. I think there are cases where (dis)organized crime groups have and are conducting a lot of cybercrimes, but many of these sophisticated groups tend to be regional and stick to attacking their own (Brazil is a good example).

But generally speaking I think it is a mistake to try to measure cybercrime by actual losses, which almost never comes close to the real losses and damage done by cybercrime, costs incurred by software and hardware and personnel defenses, etc. Don’t get me wrong: I strongly believe that all nations should be working harder to quantify and publish data about cybercrime losses, particularly in the financial sectors. But the reality is that even some of the most active criminal groups — such as the rogue pharmacy “partnerka” programs like SpamIt and GlavMed and Rx-Promotion — employed some of the biggest botmasters with the biggest botnets, and while some of them made a lot of money, most did not. And the spam partnerkas are excellent examples of cases where there are huge asymmetries between their earnings for these activities and the tens of billions of dollars companies and individuals need to spend each year to try to block all of its attendant ills.

active malware/crimeware campaigns:

I think we can continue to expect to see Microsoft doing whatever it can to disrupt cyber criminal activity, because 95 percent of it or more is aimed squarely at their customer base. Whether the gains from those take downs and targeted actions have long or short-term consequences may not be so important to Microsoft. From my lengthy interviews with Microsoft’s chief legal strategist on this subject, it was clear that their first order of business with these actions is raising the costs of doing business for the bad guys, and I think on that front they probably will succeed in the long run if they keep going after them as they are.

cybercrime ecosystem – sophisticated cybercriminals

I consider it a badge of honor that these guys bother to thumb their noses at me. The most recent one I’m aware of was whoever was in charge of coding the Citadel Trojan added some strings in the malware that said, “”Coded by BRIAN KREBS for personal use only. I love my job & wife”. Sort of a friendly jab and a vague, nonspecific threat rolled into one. Sometimes it is just kids looking for attention, but by and large I think most of these guys truly resent having any outside light — especially from “amers” or Americans — shed on their operations. They also don’t like it when you distill their operations, norms or processes into bite sized chunks that demystify their ecosystem or forums.

I can’t speak for law enforcement activity, but as a journalist and investigative reporter, I’m always sad to see these communities go away. I think it’s safe to say that most of them are already infiltrated by several national law enforcement organizations. I’d be very surprised if they were not. Some operating right now probably were even set up by law enforcement. We’ve seen them do that a few times before. I think most of the fraudsters who’ve been doing this long enough probably understand that and act accordingly. Others do not, and that is why you tend to see lots of people come and go, but the same core group of a few hundred guys are the top dogs on most important forums.

Communities and crime forums are great places to learn intelligence about upcoming and ongoing attacks, breaches, 0days, etc. Shutting them down seems to me to be counterproductive, since you almost always force the forums to go more underground and use more security features to keep untrusted people out, and known sources of intelligence go away, or worse yet change their nicks and contact info and all of a sudden a source you have developed you may never see or hear from again.

Risk-forwarding cybercrime ecosystem

the rise of money mule recruitment

Brian: I’ve identified quite a few distinct money mule recruitment networks. I don’t know about templates, but many of them tend to recycle the same HMTL content and change the names of the fake companies. That’s handy I guess for keeping track of which group recruited which mules, but beyond that I’m not sure it tells you much. What I have noticed is that money mules are the bottleneck for this type of fraud, and often
times the cyber crooks will leave money in the victim’s account because they simply didn’t have enough mules to help them haul all of the loot. So with any one victim, it’s typical to find mules recruited through 4-6 different mule recruitment gangs, because the fraudsters who outsource this recruitment will simply go from one to the other purchasing the services of these recruitment gangs until they’ve got enough to help them haul the loot, or they’ve exhausted the available mule supply. But usually, the mule gangs don’t have any problem finding new recruits.

Are reshipping mules more popular than money mules

Brian: I think reshipping mules tend to be more useful. Most regular money mules are one-and-done. They’re used for a single task and then discarded (although one group I am following re-uses money mules as many times as they can before the mule starts to ask for their monthly salary). Typically, a reshipping gang will get 3-5 packages reshipped per weekday per mule, and the average reshipping mule works for 30 days before figuring out they’ve been working for free and great personal risk and they’re never going to get paid, or the check they got from their employer just bounced. But several mule gangs I’m aware of do both reshipping and money mules interchangeably.

Online gambling

advanced persistent threats (APT attacks)

Brian: I think if there has been a net positive about the shift in focus (at least from the mainstream security industry) away from traditional threats to APT attacks it is in the increased attention paid to social engineering attacks, which form the basis of most successful attacks today. 0day threats get a lot of press and are frequently associated with APT attacks, but it is far more common for these attacks to leverage known vulnerabilities for which there are patches, much like exploit packs that are used in many Zeus attacks and other more traditional cyber crimes. Unfortunately, educating users about what not to click on or trust or open is always an uphill battle. There are some things that companies could be doing more on this front, and I’d like to see more firms randomly test their employees to help speed the process of learning how not to fall for phishing and social engineering scams.

scareware industry, scareware remains one of the most profitable monetization strategies within the cybercrime ecosystem

Brian: I don’t think scareware is the same scourge it used to be, although it’s clearly still a problem. I would say this problem — like the pharma spam problem — must be attacked at the payment processing point; that is where it makes the most sense. There are some things afoot in the payment processing space that I think will probably start to show major results in the coming months on this front, but the proof will be when the scareware partnerka programs start dying off completely because the business model has dried up. I think we can expect to see the costs of acquiring banks taking on this business continue to rise, and that will help make the scareware industry less profitable and less attractive for scammers.

like the pharma spam problem

http://uscyberlabs.com/blog/wp-content/uploads/2012/06/deepweb_map2-341x1024.jpg

06/6/12

Tor Passive- Active -Directory Attacks on onion network

Passive attacks

Observing user traffic patterns. Observing a user’s connection will not reveal her destination or data, but it will reveal traffic patterns (both sent and received). Profiling via user connection patterns requires further processing, because multiple application streams may be operating simultaneously or in series over a single circuit.

Observing user content. While content at the user end is encrypted, connections to responders may not be (indeed, the responding website itself may be hostile). While filtering content is not a primary goal of Onion Routing, Tor can directly use Privoxy and related filtering services to anonymize application data streams.

Option distinguishability. We allow clients to choose configuration options. For example, clients concerned about request linkability should rotate circuits more often than those concerned about traceability. Allowing choice may attract users with different needs; but clients who are in the minority may lose more anonymity by appearing distinct than they gain by optimizing their behavior [1].

End-to-end timing correlation. Tor only minimally hides such correlations. An attacker watching patterns of traffic at the initiator and the responder will be able to confirm the correspondence with high probability. The greatest protection currently available against such confirmation is to hide the connection between the onion proxy and the first Tor node, by running the OP on the Tor node or behind a firewall. This approach requires an observer to separate traffic originating at the onion router from traffic passing through it: a global observer can do this, but it might be beyond a limited observer’s capabilities.

End-to-end size correlation. Simple packet counting will also be effective in confirming endpoints of a stream. However, even without padding, we may have some limited protection: the leaky pipe topology means different numbers of packets may enter one end of a circuit than exit at the other.

Website fingerprinting. All the effective passive attacks above are traffic confirmation attacks, which puts them outside our design goals. There is also a passive traffic analysis attack that is potentially effective. Rather than searching exit connections for timing and volume correlations, the adversary may build up a database of “fingerprints” containing file sizes and access patterns for targeted websites. He can later confirm a user’s connection to a given site simply by consulting the database. This attack has been shown to be effective against SafeWeb [29]. It may be less effective against Tor, since streams are multiplexed within the same circuit, and fingerprinting will be limited to the granularity of cells (currently 512 bytes). Additional defenses could include larger cell sizes, padding schemes to group websites into large sets, and link padding or long-range dummies.4

Active attacks

Compromise keys. An attacker who learns the TLS session key can see control cells and encrypted relay cells on every circuit on that connection; learning a circuit session key lets him unwrap one layer of the encryption. An attacker who learns an OR’s TLS private key can impersonate that OR for the TLS key’s lifetime, but he must also learn the onion key to decrypt create cells (and because of perfect forward secrecy, he cannot hijack already established circuits without also compromising their session keys). Periodic key rotation limits the window of opportunity for these attacks. On the other hand, an attacker who learns a node’s identity key can replace that node indefinitely by sending new forged descriptors to the directory servers.

Iterated compromise. A roving adversary who can compromise ORs (by system intrusion, legal coercion, or extralegal coercion) could march down the circuit compromising the nodes until he reaches the end. Unless the adversary can complete this attack within the lifetime of the circuit, however, the ORs will have discarded the necessary information before the attack can be completed. (Thanks to the perfect forward secrecy of session keys, the attacker cannot force nodes to decrypt recorded traffic once the circuits have been closed.) Additionally, building circuits that cross jurisdictions can make legal coercion harder—this phenomenon is commonly called “jurisdictional arbitrage.” The Java Anon Proxy project recently experienced the need for this approach, when a German court forced them to add a backdoor to their nodes [51].

Run a recipient. An adversary running a webserver trivially learns the timing patterns of users connecting to it, and can introduce arbitrary patterns in its responses. End-to-end attacks become easier: if the adversary can induce users to connect to his webserver (perhaps by advertising content targeted to those users), he now holds one end of their connection. There is also a danger that application protocols and associated programs can be induced to reveal information about the initiator. Tor depends on Privoxy and similar protocol cleaners to solve this latter problem.

Run an onion proxy. It is expected that end users will nearly always run their own local onion proxy. However, in some settings, it may be necessary for the proxy to run remotely— typically, in institutions that want to monitor the activity of those connecting to the proxy. Compromising an onion proxy compromises all future connections through it.

DoS non-observed nodes. An observer who can only watch some of the Tor network can increase the value of this traffic by attacking non-observed nodes to shut them down, reduce their reliability, or persuade users that they are not trustworthy. The best defense here is robustness.

Run a hostile OR. In addition to being a local observer, an isolated hostile node can create circuits through itself, or alter traffic patterns to affect traffic at other nodes. Nonetheless, a hostile node must be immediately adjacent to both endpoints to compromise the anonymity of a circuit. If an adversary can run multiple ORs, and can persuade the directory servers that those ORs are trustworthy and independent, then occasionally some user will choose one of those ORs for the start and another as the end of a circuit. If an adversary controls m > 1 of N nodes, he can correlate at most ????m N 2 of the traffic— although an adversary could still attract a disproportionately large amount of traffic by running an OR with a permissive exit policy, or by degrading the reliability of other routers.

Introduce timing into messages. This is simply a stronger version of passive timing attacks already discussed earlier.

Tagging attacks. A hostile node could “tag” a cell by altering it. If the stream were, for example, an unencrypted request to a Web site, the garbled content coming out at the appropriate time would confirm the association. However, integrity checks on cells prevent this attack. Replace contents of unauthenticated protocols. When relaying an unauthenticated protocol like HTTP, a hostile exit node can impersonate the target server. Clients should prefer protocols with end-to-end authentication.

Replay attacks. Some anonymity protocols are vulnerable to replay attacks. Tor is not; replaying one side of a handshake will result in a different negotiated session key, and so the rest of the recorded session can’t be used. Smear attacks. An attacker could use the Tor network for socially disapproved acts, to bring the network into disrepute and get its operators to shut it down. Exit policies reduce the possibilities for abuse, but ultimately the network requires volunteers who can tolerate some political heat.

Distribute hostile code. An attacker could trick users into running subverted Tor software that did not, in fact, anonymize their connections—or worse, could trick ORs into running weakened software that provided users with less anonymity. We address this problem (but do not solve it completely) by signing all Tor releases with an official public key, and including an entry in the directory that lists which versions are currently believed to be secure. To prevent an attacker from subverting the official release itself (through threats, bribery, or insider attacks), we provide all releases in source code form, encourage source audits, and frequently warn our users never to trust any software (even from us) that comes without source.

Directory attacks

Destroy directory servers. If a few directory servers disappear, the others still decide on a valid directory. So long as any directory servers remain in operation, they will still broadcast their views of the network and generate a consensus directory. (If more than half are destroyed, this directory will not, however, have enough signatures for clients to use it automatically; human intervention will be necessary for clients to decide whether to trust the resulting directory.)

Subvert a directory server. By taking over a directory server, an attacker can partially influence the final directory. Since ORs are included or excluded by majority vote, the corrupt directory can at worst cast a tie-breaking vote to decide whether to include marginal ORs. It remains to be seen how often such marginal cases occur in practice. Subvert a majority of directory servers. An adversary who controls more than half the directory servers can include as many compromised ORs in the final directory as he wishes. We must ensure that directory server operators are independent and attack-resistant.

Encourage directory server dissent. The directory agreement protocol assumes that directory server operators agree on the set of directory servers. An adversary who can persuade some of the directory server operators to distrust one another could split the quorum into mutually hostile camps, thus partitioning users based on which directory they use. Tor does not address this attack.

Trick the directory servers into listing a hostile OR. Our threat model explicitly assumes directory server operators will be able to filter out most hostile ORs.

Convince the directories that a malfunctioning OR is working. In the current Tor implementation, directory servers assume that an OR is running correctly if they can start a TLS connection to it. A hostile OR could easily subvert this test by accepting TLS connections from ORs but ignoring all cells. Directory servers must actively test ORs by building circuits and streams as appropriate. The tradeoffs of a similar approach are discussed in deny Bob service by flooding his introduction points with requests. Because the introduction points can block requests that lack authorization tokens, however, Bob can restrict the volume of requests he receives, or require a certain amount of computation for every request he receives.

Attack an introduction point. An attacker could disrupt a location-hidden service by disabling its introduction points. But because a service’s identity is attached to its public key, the service can simply re-advertise itself at a different introduction point. Advertisements can also be done secretly so that only high-priority clients know the address of Bob’s introduction points or so that different clients know of different introduction points. This forces the attacker to disable all possible introduction points.

Compromise an introduction point. An attacker who controls Bob’s introduction point can flood Bob with introduction requests, or prevent valid introduction requests from reaching him. Bob can notice a flood, and close the circuit. To notice blocking of valid requests, however, he should periodically test the introduction point by sending rendezvous requests and making sure he receives them.

Compromise a rendezvous point. A rendezvous point is no more sensitive than any other OR on a circuit, since all data passing through the rendezvous is encrypted with a session key shared by Alice and Bob.

http://uscyberlabs.com/blog/wp-content/uploads/2012/06/ToR-Relay_04.tiff

06/5/12

Iran Cyber Problems -bad antivirus software

Iran Cyber Problems

gAtO mOnItOrEd – Iran Tor-Relays last night they had blocked all public relays so nobody could use the ToR network. Of course as long as you have private unlisted ToR relay people from Iran could still use the ToR network on the Internet. On the other side of Iran’s Cyber Warfare the Flame cyber worm – is still kicking ass and taking names in Iran. U.S and Israel have accepted the role of chief cyber warrior of the Stuxnet, DuQu and Flame. Some of the first cyber weapons ever made and deployed on a covert mission’s. Do you think that this cyber weapons did not use ToR networks to hide their C&C server never to be found??? So here we have a country suppressing ToR communication (and suppressing Flame, DuQu and StuxNet C&C ToR Communication) and being attacked by 2 of the largest countries in the world. gAtO would call this cyber warfare.

cyber war profiteers –> Who stands to make the most business ($$$) in this cyber warfare. We in the west have Norton, McAfee and other’s to protect our computers and business and government computer enterprise systems – but they cannot do business with Iran- We just had Symantec pull out of a deal with China’s Huawei because of a U.S-DOD contracts-/ a friend pointed to eset.com as the number one anti-virus software distributor to Iran./ When the Iranian government want’s to protect their computers they turn to Eset corporation for their enterprise cyber security support and service. So who are they?

Alexa the number one SEO company – http://www.alexa.com/siteinfo/eset.com – shows Iran is their number one customer—. Why? Eset is based out of the Slovak Republic , Bratislava the capital of Slovakia. It’s not silicone valley – I never heard of a high tech center and educated cyber security experts from that side of the world— We know this area more for cyber criminals but now this little company out in the middle of know-where has some interesting customer. Those countries that nobody wants are becoming their cyber customers, and it looks like Eset is a growing business.

Eset – Contact info: – http://www.eset.com/us/about/contact/ – They have offices in Czech Republic, Singapore, Argentina and the U.S.A – —/$#@! – So the company that is providing the anti-virus software for Iran has offices in America, with American business as customers- gAtO don’t like that much that is why I mentioned it.

Anti-virus software controls every aspect of the safety and security of your computer, your anti-virus software has deep ties to your computers. So this little anti-virus company is now a world player. It could also be our allied and work with us.

From a business point of view – First of all I would fire them. If I was the Iranian government, Stuxnet, DuQu and Flame the same MO and my anti-virus software does not catch it -new business but, oh well if Iran fires them who else would step into this position. This show to gAtO that the old weapon dealers have turn to legit, cyber counter weapons dealers/

customers metric’s: Imagine the statistics from Eset on Iranian government sites?

As a security researcher I just don’t like that Eset is in the U.S.A if they get American customers they can maybe sell their stats to Iran. Security companies like anti-virus have a lot of power. Just a simple update and the new spy-ware can get in and turn on your camera or just record your speech in your house or office. I would stay away from Eset anti-virus software solution – just for me gAtO oUt…

Reference:

Iran Top Sites : http://www.alexa.com/topsites/countries;0/IR

Bratislava: http://en.wikipedia.org/wiki/Bratislava

Alexa-Eset – http://www.alexa.com/siteinfo/eset.com

Eset about page - http://www.eset.com/us/about/contact/ .

WhoIs - http://whois.domaintools.com/eset.com

Registrant:

ESET, spol. s r.o.

Peter Pasko

Einsteinova 24 Aupark Tower, 16th Floor

Bratislava, 85101

Phone: +421.232244111

Email: sysadmin@eset.com

Registrar Name….: Register.com

Registrar Whois…: whois.register.com

Registrar Homepage: www.register.com

Domain Name: eset.com

Created on…………..: 2001-04-18

Expires on…………..: 2013-04-18

Administrative Contact:

ESET, spol. s r.o.

Anton Zajac

610 W Ash St, Ste 1900 Suite 1900

San Diego, CA 92101

Phone: +1.6198765404

Email: sysadmin@eset.com

Technical Contact:

ESET, spol. s r.o.

Anton Zajac

610 W Ash St Suite 1900

San Diego, CA 92101

Phone: +1.6198765404

Email: sysadmin@eset.com

DNS Servers:

e.ns.lanechange.info

ns4.lanechange.net

ns2.lanechange.net

ns3.lanechange.net

ns1.lanechange.net

http://uscyberlabs.com/blog/wp-content/uploads/2012/06/eset_traffic.tiff

06/3/12

Difference between Tor -network -.onion network -deepWeb -darkWeb -invisibleWeb

gAtO wAs aSkeD – what is the difference between the /ToR network- /.onion network- /Deep Web /Dark Web /Invisible Web – simple question not so fast. First we have the surfaceWeb the Internet were Google, Yahoo, Facebook, Twitter take your information and sell it to the highest bidder to marketing people so they can sell you things you don’t want or need but they make you buy the junk anyway. Yes the surface web is were we live and do our banking – (that’s monitored too) research our medical problems well for gAtO it’s Twitter- as i tweet my dispatches from security crazy, twitter looks at my pattern and sells my information because when I go to Huffington Post to read stupid shit twitter follows me and monitors every article I read. /cRaZy -sI -nO/.

Difference between Tor -network -.onion network -deepWeb -darkWeb -invisibleWeb

The ToR network: It’s software that you get and install on your computer that allows freedom and privacy, confidential business activities and relationships without anyone knowing what your doing-

Install and you login too the .onion network but you can also use it to surf the surfaceWeb too. When your in the surfaceWeb you have -.com -.edu -.org in the .onion network you have sites that end with .onion the site names are kind of hard to read: http://4eiruntyxxbgfv7o.onion/snapbbs/19cc6d6e this is the USCyberLabs web site in the Tor-.onion network it is part of the deepWeb and the darkWeb too.

How so — it’s on a need to know basis -and your not in the 1% club- you don’t need to know my friend -mEoW that hurts—

The Deep Web (also called the Deepnet, the Invisible Web, the Undernet or the hidden Web) refers to World Wide Web content that is not part of the Surface Web, which is indexable by standard search engines. The deepWeb is the part of the web that Google, Yahoo and other cannot index so nobody knows were they are – except a few people. NASA has over 200 teraBytes un-indexed databases and all kinds of reports that are part of the deep web. Any un-index websites or web-services are part of the deep web, not the dark web that is only accessible by using the ToR-software.

USCyberLabs is in the .onion now it is part of the deepWeb/ but also part of the un-index deepWeb/ because it is not indexed nobody knows about it – it is hidden- unless I tell you about it. The USCyberLabs in the .onion is also part of the darkWeb because part of the dark web has a .onion after the website name. But it’s not part of the blackMarket in the .onion network.

SO now we have a ToR-network that can access the darkWeb and be invisible, untraceable so this is why crooks, and criminals use this network. Don’t get me wrong the good guy’s use the ToR network too. Why do you think that the PhycOps is the deepWeb is for criminals the governments and business that want secure private communication are doing business on ToR while we stay away outside.

The fact of the matter is the more people use ToR-network to be safer the better it is for everyone, just go surf your normal sites, Facebook, Twitter it’s ok your just safer. When there is normal ToR-traffic it becomes harder to see the dissidents that need ToR- network to save lives. Look at who donates to the ToR- project come on the -National Christian Foundation (2010-2012) https://www.torproject.org/about/sponsors.html.en this is not a criminal network - gAtO oUt

http://uscyberlabs.com/blog/wp-content/uploads/2012/06/deepWeb_02-300x157.png

05/30/12

Hide SCADA in the ToR network – ..-hiding in plain site..

Hide SCADA in the ToR network – ..FREE-hiding in plain site..

any internet connection 2-ToR

gAtO cAn -now provide your company a FREE .onion network – reliable 24/7 secure / encrypted / untraceable communication between your SCADA systems talking to each other and the main office giving you real-time data from any remote SCADA site. As an example from Scheider Electric white paper on – Video Surveillance Integrated with SCADA – White Paper – we can now take that physical video security of all your remote video assets and transmit them securely, encrypted and untraceable to anyplace in the world to your datacenter. When going in and out of the invisible .onion network, you can control the entry and exit relays so picking safe verified relays to use is easy, or you can use your own relays, the more relays the better the system becomes at making you more invisible. The more people that use it the more untraceable and unmonitored it becomes. This kind of SCADA communication in the ToR- onion network redefines geo-political digital boundaries. Since it rides on any Internet connection it can be used anywhere.

in the ToR-.onion network merchants can’t spy on you and they can’t steal your information

Not if but when —business take over the ToR- .onion network it will change the landscape and give it more order but it will still give the user anonymity thats the key to this network your signal, your voice cannot be found but you can still communicate. The ToR- .onion network rides not on top or the bottom of the digital super-highway but thru it.

Let’s keep in mind that access to the ToR-.onion network is FREE to anyone and your company’s use of the network makes it safer for everyone since the more people use it the more unreachable-undetectable you become. But in business you also have to deal with hostile governments and protecting your people and assets thru a ToR .onion network becomes even more critical. You can still operate but be safe and secure in your business communications.

The ToRProject.org is something that is making an impact on the very lives of people that want to have a free safe secure voice. Just look at Mr Chen a dissident from China he was jailed because he spoke up about the disable in China. The ToRProject.com helps people like Mr. Chen speak and to remain in anonymity. But by adding real business -reays into the ToR- .onion network we will give these people and the business more transparency, it makes you more invisible on the internet. You can donate to the ToR project and it’s a 501(c), so it’s deductible. Look at the donors list and see who support this invisible network. U.S Naval Research, National Science Foundation- DARPA – National Christian Foundation are some of the people supporting the ToR Project, it’s not so bad if they use it— see lab Notes below -

How you gonna hack what you can’t find, can’t see and can’t trace to you?

Just think mr. bankers a free secret untraceable encrypted-communication place were you can do your banking deals -in secret- and nobody but you and your closes friends know it even exist, not the government, not your spouse and harder for criminals to find your valuable data. It hides you in an Internet bubble of packets were nobody knows who you are or how to find you. Try can’t even tell it’s a ToR- .onion network it hides it’s signal to blend into the bit’s and bytes of the landscape in the digital noise.

Technically it pretty cheap get the free software as many copies as you need FREE!!! No volume pricing no updates FREE!!! Once your computer that talks to the internet hooks up to a ToR- Relays it’s in the matrix. If you add your own ToR-Relays you can use trusted Relays as entry and exit nodes into the ToR-.onion network so you can let the program use it randomness or choose a path into a FREE invisible communication media accessible from any Internet connection. -

The ToRProject.org is currently still fighting censorship and monitoring in China, Iran, Syria and others were people are being killed and sent home in small boxes to their relatives. Because that person could not use a ToR-network access to his gmail account that was monitored they showed him his emails and his guilt and killed him. That’s how brutal it can become if you cannot have a safe secure access to a basic email to communicate with the world. Government will kill you for what you say. Donate to the ToRProject.org

It’s easy -if all else fails call the gAtO I can help your business become invisible in/on the Internet- gATO oUt.

We use the ToR network for all communication in SCADA systems. Here are a few SCADA White papers try them with ToR- .onion Networks.

lab Notes— gAtO 5/29/12

Tor: Sponsors

The Tor Project’s diversity of users means we have a diversity of funding sources too — and we’re eager to diversify even further! Our sponsorships are divided into levels based on total funding received:

Magnoliophyta (over $1 million)

An anonymous North American NGO (2008-2012)
Broadcasting Board of Governors (2006-2011)

Liliopsida (up to $750k)

Sida – Swedish International Development Cooperation Agency (2010-2012)

Asparagales (up to $500k)

Internews Europe (2006-2008)
National Science Foundation via Drexel University (2009-2011)

Alliaceae (up to $200k)

You or your organization?

Allium (up to $100k)

NLnet Foundation (2008-2009)
Naval Research Laboratory (2006-2010)
An anonymous North American ISP (2009-2012)

Allium cepa (up to $50k)

More than 2700 personal donations from individuals like you (2006-2012)
Google (2008-2009)
Google Summer of Code (2007-2011)
Human Rights Watch (2007)
Torfox (2009)
Shinjiru Technology (2009-2011)
National Christian Foundation (2010-2012)

Past sponsors

We greatly appreciate the support provided by our past sponsors in keeping the pre-501(c)(3) Tor Project progressing through our ambitious goals:

Electronic Frontier Foundation (2004-2005)
DARPA and ONR via Naval Research Laboratory (2001-2006)
Cyber-TA project (2006-2008)
Bell Security Solutions Inc (2006)
Omidyar Network Enzyme Grant (2006)
NSF via Rice University (2006-2007)

WiKi-Pedia

http://en.wikipedia.org/wiki/SCADA

SCADA (supervisory control and data acquisition) generally refers to industrial control systems (ICS): computer systems that monitor and control industrial, infrastructure, or facility-based processes, as described below:

Industrial processes include those of manufacturing, production, power generation, fabrication, and refining, and may run in continuous, batch, repetitive, or discrete modes.
Infrastructure processes may be public or private, and include water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power transmission and distribution, wind farms, civil defense siren systems, and large communication systems.
Facility processes occur both in public facilities and private ones, including buildings, airports, ships, and space stations. They monitor and control HVAC, access, and energy consumption.

A SCADA system usually consists of the following subsystems:

A human–machine interface or HMI is the apparatus or device which presents process data to a human operator, and through this, the human operator monitors and controls the process.
A supervisory (computer) system, gathering (acquiring) data on the process and sending commands (control) to the process.
Remote terminal units (RTUs) connecting to sensors in the process, converting sensor signals to digital data and sending digital data to the supervisory system.
Programmable logic controller (PLCs) used as field devices because they are more economical, versatile, flexible, and configurable than special-purpose RTUs.
Communication infrastructure connecting the supervisory system to the remote terminal units.
Various process and analytical instrumentation

http://uscyberlabs.com/blog/wp-content/uploads/2012/05/Scada_Comm_01-300x258.png

contraseña vIeJa

Mapping Tor Relays

Cyber Illuminate – Prism

Government use of Cyber Weaponized Exploits

Stopping Pedophile websites in Tor

Tor friendly ISP

Tor Websites over 1/3 TANGO DOWN

Do You Want To Play a Cyber War Game China?

Tor OR-relay map of Italy

Finding Tor Websites –geo-location

Tor – Unix Commands

Tor Tells It’s Secrets

Tor is NOT the ONLY Anonymous Network

China Hackers found in Tor

Finding the Bad Guy’s in Tor -triangulated irregular network

Tor Website 36% are Criminals Sites

Mapping Tor Websites

Currency of the Cyber Economy

Cyber Women and Hollywood

China Cyber Attack -AGAIN

Offensive Cyber Capabilities

@gAtOmAlO2 tweets
Loading tweets ...
Follow @gatomalo2 on twitter.

-0-1-0-1-0-1-0-1-0-1-0-1-
.onion network Anonymous Banks BitCoins Black Hats China Attacks china cyber china espionage China Hack China security Chinese Goverment cyber-spies cyber-thieves Cyber Criminals Cyber Dissident Cyber Espionage Cyber Financial Cyber Intelligence Cyber Monitoring Cyber Notebook Cyber Policies Cyber Politics Cyber Reputation Cyber Revenue Cyber Strategy Cyber Study Cyber Threats Cyber Tools Cyber War Cyber Warfare Cyber Weapon Dark Web Deep Web Goverment Hackers Hacks Hacktivist human rights Information Warefare Infrastructure Notes to Myself Onion Web Social Media ToR Tor Network

mUsIcA by gAtO

Celtic Salsa

d-beat of my heart

classical Maggie

alissa's song

gAtO_jam 01

gravity down

mandy's soundsbox

gAtO_jam 02

1-cry-4-d-night

Copyright Notice 2012

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of USCyberLabs.com and the USCyberLabs member that posted this content--this includes using our RSS feed for any purpose other than personal use. ©Copyright ™uscyberlabs.com 2012

USCyberLabs

Cyber Security Notebook

Category Archives: Infrastructure

Tor Command syntax

NAME

SYNOPSIS

DESCRIPTION

OPTIONS

CLIENT OPTIONS

DIRECTORY SERVER OPTIONS

HIDDEN SERVICE OPTIONS

SIGNALS

FILES

SEE ALSO

BUGS

AUTHORS

OSx -Tor Web Crawler Project

CyberPeace -not- CyberWar

The future of the Deep Dark Web

ToR Black Market CyberCrime EcoSystem

lab Notes: =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

ToR Cleaned Hidden Directory Wiki

Tor Passive- Active -Directory Attacks on onion network

Passive attacks

Active attacks

Directory attacks

Iran Cyber Problems -bad antivirus software

Difference between Tor -network -.onion network -deepWeb -darkWeb -invisibleWeb

Hide SCADA in the ToR network – ..-hiding in plain site..

Tor: Sponsors

Magnoliophyta (over $1 million)

Liliopsida (up to $750k)

Asparagales (up to $500k)

Alliaceae (up to $200k)

Allium (up to $100k)

Allium cepa (up to $50k)

Past sponsors

June 2013
M	T	W	T	F	S	S
« May
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30