README
¶
gichidan
gichidan - command line wrapper with enhanced pentest features for (onion link) Ichidan - deep-web search engine.
███ █████ ███ █████
░░░ ░░███ ░░░ ░░███
███████ ████ ██████ ░███████ ████ ███████ ██████ ████████
███░░███░░███ ███░░███ ░███░░███ ░░███ ███░░███ ░░░░░███ ░░███░░███
░███ ░███ ░███ ░███ ░░░ ░███ ░███ ░███ ░███ ░███ ███████ ░███ ░███
░███ ░███ ░███ ░███ ███ ░███ ░███ ░███ ░███ ░███ ███░░███ ░███ ░███
░░███████ █████░░██████ ████ █████ █████░░████████░░████████ ████ █████
░░░░░███░░░░░ ░░░░░░ ░░░░ ░░░░░ ░░░░░ ░░░░░░░░ ░░░░░░░░ ░░░░ ░░░░░
███ ░███ ___onion secrets for console cowboys___
░░██████
░░░░░░
Copyright 2017 hIMEI
TOC
About
21.04.2018 UPD Ichidan is dead last 3 month, so Gichidan is deprecated :(
Forget about Tor Browser. Parse onion hosts from your console with Gichidan now.
Apache-2.0 License
Gichidan is a CLI utility designed to collect information about deep-web hosts.
github.com/antchfx/htmlquery
github.com/antchfx/xpath
github.com/hIMEI29A/gotorsocks
golang.org/x/net/html
Short info about Ichidan search engine from here
Ichidan is a type of Japanese verb which implies the first (“ichi”) time something is done. Now, Ichidan is also a search engine for looking up websites that are hosted through the Tor network, which may be the first time that's been done at this scale.
The search engine is less like Google and more like Shodan, in that it allows users to see technical information about .onion websites, including their connected network interfaces, such as TCP/IP ports.
Ichidan is a valuable resource for security researchers and law enforcement agencies who want to learn about what's happening on the Dark Web.
Features
NEW! Since version 1.0.0 search with logical expressions supported. See Usage section of this paper for details.
Version
v1.1.1
Install
Requirements: Linux Debian/Ubuntu amd64
Download deb package and install it with dpkg or gdebi:
wget https://github.com/hIMEI29A/gichidan/releases/download/1.1.1/\
gichidan-1.1.1-amd64.deb && sudo dpkg -i gichidan-1.1.1-amd64.deb
wget https://github.com/hIMEI29A/gichidan/releases/download/1.1.1/\
gichidan-1.1.1-amd64.deb && sudo gdebi gichidan-1.1.1-amd64.deb
Using of apt-get install will be implemented soon. Check the release page!
If you are Golang programmer, you may want to get source code and build app from it manually. Do next steps.
Project uses glide to manage dependencies, so install it first
curl https://glide.sh/get | sh
Clone repo, install deps, then install Gichidan
mkdir -p $GOPATH/src/github.com/hIMEI29A/gichidan
cd $GOPATH/src/github.com/hIMEI29A/gichidan
git clone https://github.com/hIMEI29A/gichidan.git .
glide install
go install
Done.
Usage
Gichidan's CLI options are:
-b show ASCII banner
-f string
save results to file
-h help message
-j convert output to json
-m Don't print GET request's messages (non-verbose output)
-r string
your search request to Ichidan
-s print hosts urls only
-v print current version
Typical request to Ichidan looks like
gichidan -r ichidan
Output:
Hosts found: 1
Only one page
Full info:
http://ichidanv34wrx7m7.onion
2017-09-18 13:08:58 UTC
tcpwrapped
80
tcp
tcpwrapped
unknown VERSION
http-headers:
Server: nginx/1.10.3 (Ubuntu)
Date: Mon, 18 Sep 2017 13:08:55 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
ETag: W/"7e087af022204d46cb9b655936aa2915"
Cache-Control: max-age=0, private, must-revalidate
Set-Cookie: _ichidan_session=NXQ5NWc4ZmJiSHRnVVM2TDFmblVzcmo4NnY1aUdtUFZFY0VmcVpCTzJHUUx2T25XOUhKa0hMT2F4QS9LanVEMGNYeXlKaEwyNGFITjA1bjdsSE1PRnR3TTIrNEJuc3dtMS9JczM1c3haL0xsa0U5K3E4RytSbHNWakxYVTdhYmZ3dFdhRGhzTWR4SXdlT2VhMlhFRzNRPT0tLWpiOU9SMFJnbTFXeTJFamN6Q3FmU3c9PQ%3D%3D--6281f0c900799f334e5f8eb76589c89c38212d37; path=/; HttpOnly
X-Request-Id: 1e002391-0137-41e1-83cd-acc6b69b5019
X-Runtime: 0.005388
(Request type: HEAD)
http-server-header:
nginx/1.10.3 (Ubuntu)
http-title:
Ichidan
You may search by keywords (only to know what bad guys do):
gichidan -r hacking
gichidan -r paypal
As well as by protocol, application name or service detail:
gichidan -r ssh
gichidan -r irc
gichidan -r apache
gichidan -r tcpwrapped
gichidan -r prosody
gichidan -r raspbian
To save results in file use flag -f with full file path followed:
gichidan -r telnet -f ~/my_folder/telnet_search.txt
If you don't want to see all details info about collected servers, use -s ("short") option. In case of short info and output to file mode, your file will contains all details anymore:
gichidan -r apache -s -f ~/my_folder/apache_search.txt
To run program in non-verbose ("mute") mode, use -m flag. GET requests messages will not be printed in this case:
gichidan -r accounts -m
To print oldschool ASCII banner before crawling start, use -b flag:
gichidan -r ejabberd -b
Use -j flag to convert output to JSON format. This feature cannot use with -s flag. In case -j and -s provided both there will be error. You may also save JSON to output file with -f option.
gichidan -r CentOS -j -f
If Ichidan can not find anything by your request, application will display error:
gichidan -r jdfhchgbverugbvcevcegrfvcew
Output:
2013/01/20 16:12:12 Nothing found there!
Logical expressions
NEW! Since version v1.0.0 search with logical expressions supported. Here is a simple rules for its usage:
Expression MUST contain no more than two words (yet) with an operator between them and MUST NOT contain spaces between words and operator. Operators are:
AND "+"
NOT "-"
OR "="
Examples:
It will show only results which satisfy "prosody" and "ejabberd" requests both:
gichidan -r prosody+ejabberd
It will show only results of "paypal" request wich not satisfy "crime" request:
gichidan -r paypal-crime
It will show results of "bbs" and "telnet" requests separately:
gichidan -r bbs=telnet
If search engine cannot find anything by one of words, application will display error:
gichidan -r ssh+jdfhchgbverugbvcevcegrfvcew
Request MUST NOT contain spaces. In case of request such as gichidan -r prosody client, only first word will be processed. Also search by host url is not supported (in most case) by app (and Ichidan too).
NOTE: Tor Network it is not your vanilla Internet. It may be unstable or slow and there may be unexpected delays and errors. In this case you may try to simply restart tor service on your mashine:
sudo service tor restart
NOTE: Ichidan it is not your vanilla Google, Yandex or Baidu. On its page you wont even find contact info or credits. In first january days of new 2018 it was absolutely unavailable! So there is no guarantee to recieve any response!
Contributing
Feel free to contribute!
Report a bug
Documentation
¶
Overview ¶
Description
Package gichidan is a console utility that is a wrapper for the Ichidan deep-web search engine. The purpose of the application is to collect information about hosts in Tor Network, e.g. in .onion zone.
A little information about Ichidan. The search engine is less like Google and more like Shodan, in that it allows users to see technical information about .onion websites, including softwares names, services details, used protocols, connected network interfaces, such as TCP/IP ports.
Details ¶
As Ichidan is located in .onion zone too, Gichidan uses package github.com/hIMEI29A/gotorsocks for making requests through Tor proxy.
When app receives response from search engine, it asynchronously parses all results with Golang concurrency model, even if result's pagination contains a lot of web pages.
Since v1.0.0 search with logical expressions is implemented. See details below.
Dependencies
github.com/antchfx/htmlquery github.com/antchfx/xpath github.com/hIMEI29A/gotorsocks golang.org/x/net/html
Usage ¶
Gichidan's CLI options are:
gichidan
-b show ASCII banner
-f string
save results to file
-h help message
-j convert output to json
-m Don't print GET request's messages (non-verbose output)
-r string
your search request to Ichidan
-s print hosts urls only
-v print current version
You may search with app by keyword, by software name, by network protocol and by many others things. In most cases, Gichidan cannot search by url as main search engine cannot too. But you may try it.
Examples ¶
To get usage help, type in console:
gichidan -h
To get current app's version number (1.1.1), try
gichidan -v
To get info about same Ichidan server, type
gichidan -r ichidan
Output:
Hosts found: 1
Only one page
Full info:
http://ichidanv34wrx7m7.onion
2017-09-18 13:08:58 UTC
tcpwrapped
80
tcp
tcpwrapped
unknown VERSION
http-headers:
Server: nginx/1.10.3 (Ubuntu)
Date: Mon, 18 Sep 2017 13:08:55 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
ETag: W/"7e087af022204d46cb9b655936aa2915"
Cache-Control: max-age=0, private, must-revalidate
Set-Cookie: _ichidan_session=NXQ5NWc4ZmJiSHRnVVM2TDFmblVzcmo4NnY1aUdtUFZFY0VmcVpCTz
JHUUx2T25XOUhKa0hMT2F4QS9LanVEMGNYeXlKaEwyNGFITjA1bjdsSE1PRnR3TTIrNEJuc3dtMS9JczM1c3haL0
xsa0U5K3E4RytSbHNWakxYVTdhYmZ3dFdhRGhzTWR4SXdlT2VhMlhFRzNRPT0tLWpiOU9SMFJnbTFXeTJFamN6Q3
FmU3c9PQ%3D%3D--6281f0c900799f334e5f8eb76589c89c38212d37; path=/; HttpOnly
X-Request-Id: 1e002391-0137-41e1-83cd-acc6b69b5019
X-Runtime: 0.005388
(Request type: HEAD)
http-server-header:
nginx/1.10.3 (Ubuntu)
http-title:
Ichidan
To collect info about .onion sites which have "paypal" keyword in metatags, and save it to file, try:
gichidan -r paypal -f ~/my_folder/paypal_search.txt
You may want to know about .onion Raspberry Pi hosts with Raspbian OS?
gichidan -r raspbian
There is many private XMPP(Jabber) servers in Tor network. To know about it, type in console:
gichidan -r xmpp
Or to collect info about Prosody XMPP servers only:
gichidan -r prosody
To run program in non-verbose ("mute") mode, use `-m` flag. GET requests messages will not be printed in this case:
gichidan -r accounts -m
To print oldschool ASCII banner before crawling start, use `-b` flag:
gichidan -r ejabberd -b
If you don't want to see all details info about collected servers, use -s ("short") option:
gichidan -r ssh -s
In case of short info and output to file mode, your file will contains all details anymore
gichidan -r apache -s -f ~/my_folder/paypal_search.txt
Use `-j` flag to convert output to JSON format. This feature cannot use with `-s` flag. In case `-j` and `-s` provided both there will be error. You may also save JSON to file with `-f` option.
gichidan -r CentOS -j -f
Try to search by URL:
gichidan -r facebookcorewwwi.onion
If Ichidan can not find anything by your request, application will display error:
gichidan -r jdfhchgbverugbvcevcegrfvcew
Output:
2013/01/20 16:12:12 Nothing found there!
Logical operators (NEW)
Here is a simple rules for its usage:
Expression MUST contain no more than two words (_yet_) with an operator between them and MUST NOT contain spaces between words and operator. Operators are:
AND "+" NOT "-" OR "="
Examples:
It will show only results which satisfy "prosody" and "ejabberd" requests both:
gichidan -r prosody+ejabberd
It will show only results of "paypal" request wich not satisfy "crime" request:
gichidan -r paypal-crime
It will show results of "bbs" and "telnet" requests separately:
gichidan -r bbs=telnet
If search engine cannot find anything by one of words, application will display error:
gichidan -r ssh+jdfhchgbverugbvcevcegrfvcew
Notes ¶
Tor network may be slow. In case of long delay, restart Tor:
sudo service tor restart
Source Files