Investigator Use
Onion Inspector (onioff) is an open-source Python tool available on GitHub that automates the inspection and basic analysis of Tor hidden service (.onion) addresses. It checks whether specific onion addresses are reachable, retrieves page titles and other metadata, and can process lists of addresses in bulk.
For OSINT investigators working on dark web cases, onioff addresses a practical problem: when you have a list of onion addresses gathered from a dark web forum, leaked document, or criminal communication, manually checking each one in a Tor browser is time-consuming and leaves a significant operational security footprint. Onioff allows batch processing of onion URLs while routing traffic through Tor, returning reachability status and basic metadata for each.
Key use cases include: determining which onion addresses in a suspect's communications are currently live, extracting page titles from onion services to identify their content without manual browsing, and performing initial triage on large lists of onion addresses to prioritize which sites warrant deeper investigation.
The tool returns HTTP response codes, page titles, and content hashes, which enables investigators to identify when multiple onion addresses resolve to the same content (suggesting the same operator runs multiple addresses) or when previously active addresses have gone offline.
Operational security considerations are critical when using any dark web inspection tool. Ensure all traffic from onioff is properly routed through Tor and that no direct connections to onion addresses occur outside the Tor network. Use a dedicated investigation environment, not a personal or agency network, when running these tools. Never access onion addresses associated with illegal content without proper legal authorization.
Installation requires Python and a working Tor installation. The tool is intended for security researchers and investigators with appropriate technical capability and legal authorization.
Document each onion address inspected, the timestamp, and the response received. Onion service availability is highly volatile — sites frequently go offline and addresses change — so timestamped evidence of active status is essential for case documentation.
Before You Pivot
Record Context
Capture the target, search terms, and why this source is relevant before you leave the page.
Preserve Evidence
Archive volatile pages, save screenshots, and keep timestamps for anything that may change.
Corroborate
Treat one tool as a lead source. Confirm important findings with independent sources.
Related Tools
Ahmia
Dark Web OSINT
Ahmia indexes Tor hidden services, enabling investigators to search .onion sites by keyword without the Tor browser.
BlackWeb
Dark Web OSINT
BlackWeb is a community-maintained blacklist of malicious and spam domains for network filtering and threat infrastructure identification.
Dark Web Tools
Dark Web OSINT
IACA Dark Web Tools is a law enforcement-oriented collection of resources for searching Tor hidden services and dark web content.
Onion Links
Dark Web OSINT
Find the best onion links list here. Working onion links for 2025 with the best dark web links to explore. All working and updated.
Onion Scan
Dark Web OSINT
OnionScan investigates dark web sites for misconfigurations, operator errors, and links to clearnet infrastructure revealing real identities.
Onion Scan Tool
Dark Web OSINT
OnionScan is a free and open source tool for investigating the Dark Web.