The purpose of this script is to identify if an IP that you find in your logs is/was used as TOR proxy.
The TOR project freely provides the list of current and passed relays composing the TOR network.
To use this script, you just have to modify [ARCHIVE] & [PROXY] sections in setup.ini if needed.
Then you must set the list you will provide to the script.
The list should be set like this:
<IP>: searchIPin today's list of relays.[<IP>,<YYYY-MM-DD>]: searchIPin consensus list during dayYYYY-MM-DD.
i.e:
'10.10.10.10','125.25.32.1',['10.25.36.45','2023-02-02'],['2001:1600:10:100::201','2023-12-15']
Then you can import the script & launch it using search() function:
>>> import ip_tor_check
>>> ipList=['10.10.10.10','125.25.32.1',['10.25.36.45','2023-02-02'],['2001:1600:10:100::201','2023-12-15']]
>>> jsonFile = ip_tor_check.search('-j', ipList)
>>> ip_tor_check.search('-p', ipList)
>>> ip_tor_check.search(ipList)
- -j option will return the result in json format
- -p option will print the result in the console (by default)
- providing only the list is equivalent to -p option
If an IP was found as TOR relay, flags are important to understand how you are concerned.
- Guard: means someone from your network tries to connect to TOR network.
- Exit: means someone tries to reach your network from TOR network.
- none: means, somehow, someone from your network uses his asset as TOR relay.
To circumvent censorship, TOR project also provides what is called BRIDGE relays.
The bridge addresses are not public.
In this case, this script can't help, sorry... 😕
/*
* ----------------------------------------------------------------------------
* "THE BEER-WARE LICENSE" (Revision 42):
* I wrote this file. As long as you retain this notice you
* can do whatever you want with this stuff. If we meet some day, and you think
* this stuff is worth it, you can buy me a beer in return. Olivier FONT
* ----------------------------------------------------------------------------
*/