Feb 012020

I write this script originally in 2014, updated it in 2015, forgot about it and needed it recently again … so its updated current to 2020.  A few things about this script … I don’t recommend you just “block tor exit nodes” unless you have a good reason.  Why have I used this script in the past?  During DDOS attacks that seemed to be using tor addresses, to block hackers from using tor, etc.  When I have blocked tor, it was only for short periods of time maybe a few hours or a day or 2.  If you are under an attack via tor, the attacker can just pivot somewhere else or use some other proxied method so just keep in mind this isn’t a solve-all either.

Continue reading »

Mar 072014

I love irc.  I love tor.  I love freenode via tor.  But one thing I hate is that sometimes I can’t connect and I would have to open up my torrc file and change the MapAddress cname.  So, I created a script today which randomly cycles through the names and changes it for me…..it uses a bash array to accomplish this.

Continue reading »

May 152012
# By Ed Wiget
# This script sets up a proxy so that you can audit web servers anonymously over tor
# 20111113 - initial script (better method)
# enable next line for debugging
#set -x
echo "Please enter the ip address of the target host or a domain name"
read dom
# this checks to see if we set a domain name or ip address
# it sets the variable IP to the ip address of domain or ip entered
# if you are auditing more than .com, .net, .org, .edu addresses, you need to add them below
if [ "`echo ${dom} | egrep 'com|net|org|edu' | wc -l`" = "1" ]; then
		IP=`tor-resolve ${dom}`
# for debugging to make sure we are setting IP correctly
#echo ${IP}
# here we set up a socat proxy listening on localhost port 8080
# it forwards any tcp requests to ${IP} port 80
# via the socks tor listening on localhost 9050
sudo socat TCP4-LISTEN:8080,fork SOCKS4:${IP}:80,socksport=9050 &
# the sleep is required or the check for listening fails below
sleep 2
if [ "`sudo netstat -ptane | grep 8080 | wc -l`" = "1" ]; then
	echo "proxy started successfully"
	echo "proxy not running"
# here we are going to check port 80 for a web server which will likely tell us the
# operating system too via the results
sudo proxychains nmap -sT -PN -n -sV ${IP} -p80
# here we need to set up w3af_gui running as root in order to connect to our proxy
echo "when w3af opens, click on advanced target settings"
sleep 1
echo "set the target ip in w3af to"
sleep 1
echo "set the targetos and targetframework in w3af as returned by the nmap check above"
sleep 1
sudo /pentest/web/w3af/w3af_gui &


So now you can audit a web app using w3af.  If you wanted to use nessus or metasploit, just plug in the address as

Oct 042011

On backtrack 5, I had the hardest time getting chromium browser and tor working together.  I tried several pages with different topics on how to do it, but no matter what I tried, it never worked.  Even weirder was that firefox has always worked with tor and the tor button.  So here is a quick explanation of what I did….and weird thing is, I don’t really have an explanation…

First, I followed the lifehacker article like everybody else on the internet.

When it didn’t work, I tried several other pages.  I also validated firefox worked fine with tor, torsocks worked with lynx, and everything else I fed tor worked EXCEPT Chrome.  The fix was so simple, I am still laughing at it.

If you used the instructions above, go to Proxy Switchy Options.  Select your tor profile.  Then replace all of the with localhost.  See attached image.

What is even more odd, is that my /etc/hosts file has localhost local.domain entry so either should have worked, but only using localhost worked.