How to hack onion websites on deep web: Attacking cybercriminals

Onion websites provide a high degree of privacy to their users, although this does not mean that they are invulnerable to some variants of cyberattack. This time, ethical hacking specialists from the International Cyber Security Institute (IICS) will show you a method to hack onion websites efficiently.

The easiest way to find a critical vulnerability on a website is to use scanning software, but configuring it for onion websites is another matter. To do this, we will use the popular sqlmap scanner by running the command shown below:

python -u «.onion/qwertyqwerty.php» --data=«id=1» --tor --tor-port=9050 --tor-type=SOCKS5

In tools like nmap, ethical hacking experts mention that first we will need to perform the following steps: 

  • Download and install a special version of nmap-nseportscan-socks4a.
  • Add an “ .onion” entry to the hosts file, this prevents the .onion name resolution error
  • Download and run Tor
  • Run nmap as root using the following parameters:
sudo ./nmap -sK --script connectscan, <script list> --proxy socks4a: // 9050 cx7b2vy6foxjlzsh.onion -F.

What if none of the scanners fail? There are two options:

  • Analyze vulnerabilities manually
  • Deploy a denial of service (DoS) attack

The process of vulnerability analysis does not differ from analysis on conventional websites, mentioned by ethical hacking experts.

However, things change when it come to DoS attacks. If you launch a successful attack, you can merge the databases, demonize the target website, analyze your code, and collapse your IT infrastructure. Ethical hacking experts say it’s easier to take down an onion site than a conventional one.

To do this, we’ll need two tools available on GitHub:


To get the most effect from an attack, you need:

  • Send an attack to the search form
  • Send an attack to the registration form (this is a delicate point from many sites, especially Runion)

These two attacks can be performed with the first tool, called DefWolf. Now let’s take a look at Torshammer, a tool that allows us to show large sites with a low-power attack.

La imagen tiene un atributo ALT vacío; su nombre de archivo es torshammer04022021.jpg

Next, let’s configure it for the attack:

  • In the file itself, use “find and replace” to change the three values “9050” to “9150” and save
  • Open CMD or Terminal and, without quotation marks, enter: cd Desktop, and then :cd torshammer
  • Open the TOR browser and wait for the new values to be assigned. To check if it worked, try at least two different sites
  • In CMD, enter the following command without quotation marks: ./ -t -r 300 –T

Remember that this material was developed for educational purposes only, so IICS ethical hacking experts are not responsible for any misuse that may be given to these tools.