Ichidan, a Search Engine for the Dark Web
« Back to Blog

Ichidan, a Search Engine for the Dark Web

By Kim Crawley

Ichidan is a type of Japanese verb which implies the first (“ichi”) time something is done. Now, Ichidan is also a search engine for looking up websites that are hosted through the Tor network, which may be the first time that's been done at this scale.

Websites on Tor usually have the .onion top level domain and you typically need a web browser with the Tor plugin or Tor's own configured web browser in order to access them. Simply using Tor is legal in most countries worldwide. While the general population may have the understanding that Tor networks are used for nefarious purposes, such as illicit activity like selling illegal drugs, or selling malware or data acquired by cyber attack, the reality is that that’s a small portion of content on the network. Many use Tor networks for good purposes, such as allowing journalists who live in totalitarian states to do their work.

Ichidan is currently hosted on “ichidanv34wrx7m7(dot)onion,” but its domain name may change often, as is typical for Tor-delivered websites. The search engine is less like Google and more like Shodan, in that it allows users to see technical information about .onion websites, including their connected network interfaces, such as TCP/IP ports.

Ichidan is a valuable resource for security researchers and law enforcement agencies who want to learn about what's happening on the Dark Web. Using Ichidan, BleepingComputer was able to confirm the result of an OnionScan report that the Dark Web has shrunk from about 30,000 websites down to about 4,400.

BleepingComputer was also able to use Ichidan to find a website which a lot of exposed ports, including OpenSSH, an email server,  a Telnet implementation, vsftpd, and an exposed Fritzbox router. That sort of information is very attractive to cyber attackers. Using Ichidan is a lot easier than command line pentesting tools, which require more specific technical know how.

I fully expect Ichidan usage to grow, which means that the people who adminstrative .onion websites had better beef up their cybersecurity if they want to survive.

About Kim Crawley

Kimberly Crawley spent years working in consumer tech support. Malware-related tickets intrigued her, and her knowledge grew from fixing malware problems on thousands of client PCs. By 2011, she was writing study material for the InfoSec Institute’s CISSP and CEH certification exam preparation programs. She’s since contributed articles on information security topics to CIO, CSO, Computerworld, SC Magazine, and 2600 Magazine. Her first solo-developed PC game, Hackers Versus Banksters, and was featured at the Toronto Comic Arts Festival in May 2016. She now writes for Tripwire, Alienvault, Cylance, and CCSI’s corporate blogs.

The opinions expressed in guest author articles are solely those of the contributor, and do not necessarily reflect those of Cylance.

Tags: