danwin1210/onion-link-list
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Collection of the latest changes and improvements

Browse Source
This commit is contained in:
Daniel Winzen
2020-04-28 21:02:33 +02:00
parent 7610c40e8d
commit 0d7a32fbcf
24 changed files with 1521 additions and 310 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
cron/phishing_tests.php Normal file
View File

@ -0,0 +1,48 @@
<?php
// Executed every 25 hours via cron - checks for phishing clones on known phishing sites.
date_default_timezone_set('UTC');
include('../common_config.php');
try{
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME . ';charset=utf8mb4', DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
}catch(PDOException $e){
die($I['nodb']);
}
$ch=curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_PROXY, PROXY);
curl_setopt($ch, CURLOPT_PROXYTYPE, 7);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 25);
curl_setopt($ch, CURLOPT_TIMEOUT, 40);
check('http://tt3j2x4k5ycaa5zt.onion/onions.php?cat=15&pg=0', 'http://tt3j277rncfaqmj7.onion/onions.php?cat=15&pg=0');
check('http://skunksworkedp2cg.onion/sites.html', 'http://skunkrdunsylcfqd.onion/sites.html');
function check($link, $phishing_link){
global $ch, $db;
curl_setopt($ch, CURLOPT_URL, $link);
$links=curl_exec($ch);
curl_setopt($ch, CURLOPT_URL, $phishing_link);
$phishing_links=curl_exec($ch);
if(!empty($links) && !empty($phishing_links)){
$phishings=$db->prepare('INSERT IGNORE INTO ' . PREFIX . 'phishing (onion_id, original) VALUES ((SELECT id FROM onions WHERE md5sum=?), ?);');
$select=$db->prepare('SELECT id FROM ' . PREFIX . 'onions WHERE md5sum=?;');
$insert=$db->prepare('INSERT INTO ' . PREFIX . 'onions (address, md5sum, timeadded) VALUES (?, ?, ?);');
preg_match_all('~(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}).onion(/[^\s><"]*)?~i', $links, $addr);
preg_match_all('~(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}).onion(/[^\s><"]*)?~i', $phishing_links, $phishing_addr);
$count=count($addr[3]);
if($count===count($phishing_addr[3])){ //only run with same data set
for($i=0; $i<$count; ++$i){
if($addr[3][$i]!==$phishing_addr[3][$i]){
$address=strtolower($addr[3][$i]);
$phishing_address=strtolower($phishing_addr[3][$i]);
$md5=md5($phishing_address, true);
$select->execute([$md5]);
if(!$select->fetch(PDO::FETCH_NUM)){
$insert->execute([$phishing_address, $md5, time()]);
}
$phishings->execute([$md5, $address]);
}
}
}
}
}

52
cron/scam_tests.php Normal file
View File

@ -0,0 +1,52 @@
<?php
// Executed daily via cronjob - checks for phishing clones on known phishing sites.
date_default_timezone_set('UTC');
include('../common_config.php');
try{
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
}catch(PDOException $e){
die($I['nodb']);
}
$ch=curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_PROXY, PROXY);
curl_setopt($ch, CURLOPT_PROXYTYPE, 7);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 25);
curl_setopt($ch, CURLOPT_TIMEOUT, 40);
//check('http://onionsnjajzkhm5g.onion/onions.php?cat=15&pg=0', 'http://onionsbnvrzmxsoe.onion/onions.php?cat=15&pg=0');
//check('http://7cbqhjnlkivmigxf.onion', 'http://7cbqhjnpcgixggts.onion');
check('http://dhosting4xxoydyaivckq7tsmtgi4wfs3flpeyitekkmqwu4v4r46syd.onion/list.php', 'http://dhostingwwafxyuaxhs6bkhzo5e2mueztbmhqe6wsng547ucvzfuh2ad.onion/list.php');
function check($link, $phishing_link){
global $ch, $db;
curl_setopt($ch, CURLOPT_URL, $link);
$links=curl_exec($ch);
curl_setopt($ch, CURLOPT_URL, $phishing_link);
$phishing_links=curl_exec($ch);
if(!empty($links) && !empty($phishing_links)){
$phishings=$db->prepare('INSERT IGNORE INTO ' . PREFIX . 'phishing (onion_id, original) VALUES ((SELECT id FROM onions WHERE md5sum=?), ?);');
$select=$db->prepare('SELECT id FROM ' . PREFIX . 'onions WHERE md5sum=?;');
$insert=$db->prepare('INSERT INTO ' . PREFIX . 'onions (address, md5sum, timeadded) VALUES (?, ?, ?);');
$update=$db->prepare('UPDATE ' . PREFIX . 'onions SET locked=1 WHERE md5sum=?;');
preg_match_all('~(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}|[a-z2-7]{56}).onion(/[^\s><"]*)?~i', $links, $addr);
preg_match_all('~(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}|[a-z2-7]{56}).onion(/[^\s><"]*)?~i', $phishing_links, $phishing_addr);
$count=count($addr[3]);
if($count===count($phishing_addr[3])){ //only run with same data set
for($i=0; $i<$count; ++$i){
if($addr[3][$i]!==$phishing_addr[3][$i]){
$address=strtolower($addr[3][$i]);
$phishing_address=strtolower($phishing_addr[3][$i]);
$md5=md5($phishing_address, true);
$select->execute([$md5]);
if(!$select->fetch(PDO::FETCH_NUM)){
$insert->execute([$phishing_address, $md5, time()]);
}
$phishings->execute([$md5, $address]);
$update->execute([$md5]);
}
}
}
}
}

141
cron/tests.php Normal file
View File

@ -0,0 +1,141 @@
<?php
// Cron job started every 15 minutes - up/down checks
include('../common_config.php');
try{
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
}
$stmt=$db->prepare('SELECT address, category, md5sum, description, id FROM ' . PREFIX . "onions WHERE address!='' AND lasttest<(?-86400) ORDER BY lasttest LIMIT 75;");
$stmt->execute([time()]);
$onions=$stmt->fetchAll(PDO::FETCH_ASSOC);
$stmt=$db->prepare('SELECT * FROM ' . PREFIX . 'phishing WHERE onion_id=?;');
$mh = curl_multi_init();
$curl_handles = [];
//do tests
foreach($onions as $onion){
$ch=curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_USERAGENT, USERAGENT);
// curl_setopt($ch, CURLOPT_PROXY, PROXY);
// curl_setopt($ch, CURLOPT_PROXYTYPE, 7);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 50);
curl_setopt($ch, CURLOPT_TIMEOUT, 50);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_MAXREDIRS, 2);
curl_setopt($ch, CURLOPT_ENCODING, '');
curl_setopt($ch, CURLOPT_HTTPHEADER, ["Host: $onion[address].onion", 'User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0', 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Accept-Language: en-US,en;q=0.5', 'Accept-Encoding: gzip, deflate', 'Connection: keep-alive', 'Upgrade-Insecure-Requests: 1']);
curl_setopt($ch, CURLOPT_URL, "http://$onion[address].onion/");
curl_multi_add_handle($mh, $ch);
$curl_handles []= ['handle' => $ch, 'onion' => $onion];
}
unset($onions);
do {
$status = curl_multi_exec($mh, $active);
if ($active) {
// Wait a short time for more activity
curl_multi_select($mh);
}
} while ($active && $status == CURLM_OK);
$online_stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET lasttest=?, lastup=lasttest, timediff=0 WHERE md5sum=?');
$offline_stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET lasttest=?, timediff=lasttest-lastup WHERE md5sum=? AND lasttest<?');
$desc_online_stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET description=?, category=0, locked=0 WHERE md5sum=?');
$desc_empty_stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET description=?, category=13, locked=1 WHERE md5sum=?');
$error_stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET category=13 WHERE md5sum=?'); //in case of error, move the address to an error category - edit the category id to fit yours!
$phishing_stmt=$db->prepare('INSERT INTO ' . PREFIX . 'phishing (onion_id, original) VALUES (?, ?);');
$db->beginTransaction();
foreach($curl_handles as $handle){
$content = curl_multi_getcontent($handle['handle']);
curl_multi_remove_handle($mh, $handle['handle']);
$header_size = curl_getinfo($handle['handle'], CURLINFO_HEADER_SIZE);
$http_code = curl_getinfo($handle['handle'], CURLINFO_HTTP_CODE);
curl_close($handle['handle']);
$onion = $handle['onion'];
if($content!==''){
$header = substr($content, 0, $header_size);
$content = substr($content, $header_size);
// update description to title, if not yet set
if(($onion['description']==='' || $onion['description']==='Site hosted by Daniel\'s hosting service') && preg_match('~<title>([^<]+)</title>~i', $content, $match)){
$desc=preg_replace("/(\r?\n|\r\n?)/", '<br>', htmlspecialchars(html_entity_decode(trim($match[1]))));
if($desc!=='Site hosted by Daniel\'s hosting service'){
$desc_online_stmt->execute([$desc, $onion['md5sum']]);
}else{
$desc_empty_stmt->execute([$desc, $onion['md5sum']]);
}
}
$online_stmt->execute([time(), $onion['md5sum']]);
// checks for server errors, to move the address to a dedicated error category
if($onion['category']==0 && $http_code>=400){
$error_stmt->execute([$onion['md5sum']]);
}
$stmt->execute([$onion['id']]);
if(!$stmt->fetch(PDO::FETCH_NUM)){
if(preg_match('~^HTTP/1\.(1|0) 504 Connect to ([a-z2-7]{16}|[a-z2-7]{56})\.onion(:80)? failed: SOCKS error: host unreachable~', $content, $match)){
$phishing_stmt->execute([$onion['id'], $match[2]]);
}elseif(strpos($content, "<body>HttpReadDisconnect('Server disconnected',)</body>")!==false){
$phishing_stmt->execute([$onion['id'], '']);
}
}
if(preg_match('~window\.location\.replace\("http://'.$onion['address'].'.onion/(.*?)"\)~', $content, $matches)){
$ch=curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_USERAGENT, USERAGENT);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 50);
curl_setopt($ch, CURLOPT_TIMEOUT, 50);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_MAXREDIRS, 2);
curl_setopt($ch, CURLOPT_ENCODING, '');
curl_setopt($ch, CURLOPT_HTTPHEADER, ["Host: $onion[address].onion", 'User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0', 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Accept-Language: en-US,en;q=0.5', 'Accept-Encoding: gzip, deflate', 'Connection: keep-alive', 'Upgrade-Insecure-Requests: 1']);
curl_setopt($ch, CURLOPT_URL, "http://$onion[address].onion/".$matches[1]);
$content=curl_exec($ch);
}
if(preg_match('~^refresh:.*url=(https?://[^;\s]+).*?$~m', $header, $matches)){
$ch=curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_USERAGENT, USERAGENT);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 50);
curl_setopt($ch, CURLOPT_TIMEOUT, 50);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_MAXREDIRS, 2);
curl_setopt($ch, CURLOPT_ENCODING, '');
curl_setopt($ch, CURLOPT_HTTPHEADER, ["Host: $onion[address].onion", 'User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0', 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Accept-Language: en-US,en;q=0.5', 'Accept-Encoding: gzip, deflate', 'Connection: keep-alive', 'Upgrade-Insecure-Requests: 1']);
curl_setopt($ch, CURLOPT_URL, $matches[1]);
$content=curl_exec($ch);
}
if(preg_match_all('~<meta[^>]+http-equiv="refresh"[^>]+content="(\d+);[^>]*url=([^>"]+)">~', $content, $matches, PREG_SET_ORDER)){
$time = null;
$link_to_check = '';
foreach($matches as $match){
if($time === null || $time > $match[1]){
$time = $match[1];
$link_to_check = $match[2];
}
}
$ch=curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_USERAGENT, USERAGENT);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 50);
curl_setopt($ch, CURLOPT_TIMEOUT, 50);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_MAXREDIRS, 2);
curl_setopt($ch, CURLOPT_ENCODING, '');
curl_setopt($ch, CURLOPT_HTTPHEADER, ["Host: $onion[address].onion", 'User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0', 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Accept-Language: en-US,en;q=0.5', 'Accept-Encoding: gzip, deflate', 'Connection: keep-alive', 'Upgrade-Insecure-Requests: 1']);
curl_setopt($ch, CURLOPT_URL, $link_to_check);
$content=curl_exec($ch);
}
blacklist_scams($onion['address'], $content);
}else{
$offline_stmt->execute([time(), $onion['md5sum'], time()]);
}
}
$db->commit();
curl_multi_close($mh);

111
cron/update.php Normal file
View File

@ -0,0 +1,111 @@
<?php
// Executed daily via cronjob - checks for new sites.
include('../common_config.php');
try{
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
}catch(PDOException $e){
die($I['nodb']);
}
$ch=curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, USERAGENT);
curl_setopt($ch, CURLOPT_PROXY, PROXY);
curl_setopt($ch, CURLOPT_PROXYTYPE, 7);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 25);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_ENCODING, '');
$onions=[];
$scanned_onions=[];
//sources to get links from
check_links($onions, $ch, 'http://q3lgwxinynjxkor6wghr6hrhlix7fquja3t25phbagqizkpju36fwdyd.onion/list.php');
check_links($onions, $ch, 'https://tt3j2x4k5ycaa5zt.onion.to/antanistaticmap/stats/yesterday');
check_links($onions, $ch, 'https://tt3j2x4k5ycaa5zt.tor2web.org/antanistaticmap/stats/yesterday');
check_links($onions, $ch, 'https://tt3j2x4k5ycaa5zt.onion.link/antanistaticmap/stats/yesterday');
check_links($onions, $ch, 'https://tt3j2x4k5ycaa5zt.onion.rip/antanistaticmap/stats/yesterday');
check_links($onions, $ch, 'https://tt3j2x4k5ycaa5zt.onion.sh/antanistaticmap/stats/yesterday');
check_links($onions, $ch, 'https://tt3j2x4k5ycaa5zt.tor2web.io/antanistaticmap/stats/yesterday');
check_links($onions, $ch, 'http://visitorfi5kl7q7i.onion/address/');
check_links($onions, $ch, 'https://onion.cab/list.php?a=list');
check_links($onions, $ch, 'http://dhosting4xxoydyaivckq7tsmtgi4wfs3flpeyitekkmqwu4v4r46syd.onion/list.php');
check_links($onions, $ch, 'http://3bbaaaccczcbdddz.onion/discover');
check_links($onions, $ch, 'http://tor66sezptuu2nta.onion/fresh');
check_links($onions, $ch, 'https://crt.sh/?q=%25.onion');
//add them to the database
add_onions($onions, $db);
//delete links that were not seen within a month
$db->exec('DELETE FROM ' . PREFIX . "onions WHERE address!='' AND timediff>2419200 AND lasttest-timeadded>2419200;");
function check_links(&$onions, &$ch, $link_to_check, $scan_children = false, &$scanned_onoins = []){
curl_setopt($ch, CURLOPT_URL, $link_to_check);
$links=curl_exec($ch);
if(preg_match_all('~(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}|[a-z2-7]{56}).onion(/[^\s><"]*)?~i', $links, $addr)){
if($scan_children){
$mh = curl_multi_init();
$curl_handles = [];
}
foreach($addr[3] as $link){
$link=strtolower($link);
$md5=md5($link, true);
$onions[$md5]=$link;
if($scan_children && empty($scanned_onions[$md5])){
$scanned_onions[$md5]=$link;
$ch_child=curl_init();
curl_setopt($ch_child, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch_child, CURLOPT_USERAGENT, USERAGENT);
curl_setopt($ch_child, CURLOPT_PROXY, PROXY);
curl_setopt($ch_child, CURLOPT_PROXYTYPE, 7);
curl_setopt($ch_child, CURLOPT_CONNECTTIMEOUT, 25);
curl_setopt($ch_child, CURLOPT_TIMEOUT, 30);
curl_setopt($ch_child, CURLOPT_ENCODING, '');
curl_setopt($ch_child, CURLOPT_URL, "http://$link.onion");
curl_multi_add_handle($mh, $ch_child);
$curl_handles []= $ch_child;
// check_links($onions, $ch, "http://$link.onion", $scan_children, $scanned_onions);
}
}
if($scan_children){
//execute the multi handle
do {
$status = curl_multi_exec($mh, $active);
if ($active) {
// Wait a short time for more activity
curl_multi_select($mh);
}
} while ($active && $status == CURLM_OK);
foreach($curl_handles as $handle){
$content = curl_multi_getcontent($handle);
if(preg_match_all('~(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}|[a-z2-7]{56}).onion(/[^\s><"]*)?~i', $content, $addr)){
foreach($addr[3] as $link){
$link=strtolower($link);
$md5=md5($link, true);
if(empty($onions[$md5])){
$onions[$md5]=$link;
}
}
}
curl_multi_remove_handle($mh, $handle);
}
curl_multi_close($mh);
}
}
}
function add_onions(&$onions, $db){
// $update=$db->prepare('UPDATE ' . PREFIX . "onions SET address = '', locked=1, description=CONCAT(description, ' - SCAM'), category=15 WHERE md5sum=? AND address!='';");
$stmt=$db->query('SELECT md5sum FROM ' . PREFIX . 'onions;');
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
if(isSet($onions[$tmp[0]])){
unset($onions[$tmp[0]]);
// $update->execute($tmp);
}
}
$time=time();
$insert=$db->prepare('INSERT INTO ' . PREFIX . 'onions (address, md5sum, timeadded) VALUES (?, ?, ?);');
$db->beginTransaction();
foreach($onions as $md5=>$addr){
$insert->execute([$addr, $md5, $time]);
}
$db->commit();
}