Investigator Use
OnionScan Tool (github.com/s-rah/onionscan) is the primary GitHub repository for the OnionScan project — the open-source Tor hidden service analysis framework developed by security researcher Sarah Jamie Lewis. This is the definitive source for the OnionScan codebase, documentation, issue tracker, and release history.
For OSINT investigators and technical security researchers, this repository is the starting point for deploying OnionScan in an investigation environment. It contains the complete Go source code, installation instructions, configuration options, and usage examples for scanning Tor hidden services for de-anonymization vulnerabilities.
The tool works by connecting to a target onion address through the Tor network and systematically querying it for technical information that may reveal operational security failures. Findings include SSH host key correlations (the same key appearing on surface web servers identifies the hosting infrastructure), Apache/nginx server fingerprints, PHP session IDs, Bitcoin addresses embedded in pages, email addresses in page metadata, and misconfigured directory listings.
OnionScan's correlation database is particularly powerful — the tool can cross-reference discovered artifacts (SSH keys, SSL certificates, Bitcoin addresses) against its database to identify matches with surface web services, effectively providing automatic de-anonymization leads without manual research.
The GitHub repository also contains an extensive report on dark web operational security failures derived from scanning thousands of hidden services, which serves as a reference for the types of mistakes investigators should look for when manually analyzing a dark web target.
Operational and legal considerations: OnionScan must be run through Tor. Scanning systems without authorization may violate computer fraud laws in your jurisdiction. The tool is appropriate for authorized security research, law enforcement investigations with proper legal authority, and CTF/training environments.
Setup requires Go 1.x and Tor. Clone the repository, follow the build instructions in the README, and configure your Tor proxy settings before running scans. Log all scan outputs with timestamps for case documentation.
Before You Pivot
Record Context
Capture the target, search terms, and why this source is relevant before you leave the page.
Preserve Evidence
Archive volatile pages, save screenshots, and keep timestamps for anything that may change.
Corroborate
Treat one tool as a lead source. Confirm important findings with independent sources.
Related Tools
Ahmia
Dark Web OSINT
Ahmia indexes Tor hidden services, enabling investigators to search .onion sites by keyword without the Tor browser.
BlackWeb
Dark Web OSINT
BlackWeb is a community-maintained blacklist of malicious and spam domains for network filtering and threat infrastructure identification.
Dark Web Tools
Dark Web OSINT
IACA Dark Web Tools is a law enforcement-oriented collection of resources for searching Tor hidden services and dark web content.
Onion Inspector
Dark Web OSINT
Onioff inspects .onion URLs to verify availability, extract page metadata, and map Tor hidden service content for dark web OSINT.
Onion Links
Dark Web OSINT
Find the best onion links list here. Working onion links for 2025 with the best dark web links to explore. All working and updated.
Onion Scan
Dark Web OSINT
OnionScan investigates dark web sites for misconfigurations, operator errors, and links to clearnet infrastructure revealing real identities.