Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/veeeetzzzz/tor-deanonymizing-attacks

Archiving all the ways you can/could have deanonymized TOR users.
https://github.com/veeeetzzzz/tor-deanonymizing-attacks

Last synced: about 2 months ago
JSON representation

Archiving all the ways you can/could have deanonymized TOR users.

Host: GitHub
URL: https://github.com/veeeetzzzz/tor-deanonymizing-attacks
Owner: Veeeetzzzz
Created: 2022-07-24T13:29:41.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2022-07-26T18:24:55.000Z (over 2 years ago)
Last Synced: 2023-04-27T13:24:27.771Z (over 1 year ago)
Size: 6.84 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Deanonymizing Tor Users
A repositry of all the ways TOR has been / can be attacked.
# Purpose
Archiving all the ways you can/could have deanonymized TOR users. No zero days will be posted here and entries will only be added once they have been patched. All methods/tools/scripts are posted with public security in mind. If your infastructure is vulernable to any of these attacks, I promise you that's the least of your worries and you probably have bigger fish to worry about.
# Tools & Resources
PortSwigger - https://portswigger.net/

NMAP Web Scanner - https://nmap.org/

TOR Source / Expert Bundle - https://www.torproject.org/download/tor/

13 years of TOR attacks - https://github.com/Attacks-on-Tor/Attacks-on-Tor
# Real life examples
Versus Market closes after directory traversal attack - https://darknetlive.com/post/versus-market-is-retiring/

Silk Road 2 taken down with CERT research on TOR nodes - https://www.theverge.com/2015/1/21/7867471/fbi-found-silk-road-2-tor-anonymity-hack
# 2022 - Present
TLS Certificate Matching - https://blog.talosintelligence.com/2022/06/de-anonymizing-ransomware-domains-on.html

Favicon Matching - https://blog.talosintelligence.com/2022/06/de-anonymizing-ransomware-domains-on.html

Directory Traversal - https://blog.talosintelligence.com/2022/06/de-anonymizing-ransomware-domains-on.html
# 2020 - 2021
Deanonymizing Tor Circuts - https://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html

Bait file attack - https://book.cyberyozh.com/deanonymization-tor-users-through-bait-files/
# 2019 - 2018

NoScript Bypass by @x0rz - https://gist.github.com/x0rz/8198e8e22b1f70fddb9c815c1232b795

# 2017 - 2016
# 2015 - 2014
Node attack - https://arstechnica.com/information-technology/2015/07/new-attack-on-tor-can-deanonymize-hidden-services-with-surprising-accuracy/

The Sniper Attack - https://apps.dtic.mil/sti/citations/ADA599695