SentinelOnion is a modular framework for discovery, crawling, and analysis of Deep/Dark Web content, with multi-network support and native integration with YARA, Regex, and keyword-based search.
- Tor (.onion)
- I2P (.i2p)
- Freenet
- GNUnet (.zkey)
- Lokinet (.loki)
- ZeroNet
sentinelonion/
├── core/ # main engine
├── rules/ # YARA + Regex
├── networks/
│ ├── tor.py # Tor driver
│ ├── i2p.py # I2P driver
│ ├── freenet.py # Freenet driver
│ ├── gnunet.py # GNUnet driver
│ ├── lokinet.py # Lokinet driver
│ ├── zeronet.py # ZeroNet driver
└── outputs/ # results export (JSON, Prometheus, ELK)- Python 3.10+
- Docker
git clone https://github.com/lucasbazan/SentinelOnion.git
cd SentinelOnion
pip install -r requirements.txt- Discover websites in search engines
Query directories and search engines from the selected networks and store results in a file:
python3 main.py discover --network tor,i2p --keywords "drugs,market" --output websites.txtThis will generate websites.txt with the discovered URLs.
- Crawl and analyze websites
Load websites from a list and apply YARA/Regex detection:
python3 main.py crawl --input websites.txtOr crawl a single URL:
python3 main.py crawl --url http://example.onionOr via pipe (stdin):
echo "http://example.onion" | python3 main.py crawl- Export results to JSON or CSV
python3 main.py crawl --input websites.txt --output results[.json|.csv]🧾 YARA & Regex Rules
Custom detection rules are stored in the rules/ folder. You can add your own rules to detect:
- Cryptocurrency wallets
- Emails
- Usernames
- Credentials
- Any custom pattern
Example (Bitcoin wallet detection):
rule Bitcoin_Wallet {
strings:
$btc = /[13][a-km-zA-HJ-NP-Z1-9]{25,34}/
condition:
$btc
}📊 Integrations
- Export results to JSON and CSV
- Expose metrics to Prometheus
- Integrate with ELK (Elasticsearch + Kibana)
🛣️ Roadmap
- ☐ Tor support
- ☐ Discovery mode (discover)
- ☐ Crawling mode (crawl)
- ☐ I2P support
- ☐ Freenet support
- ☐ GNUnet support
- ☐ Lokinet support
- ☐ ZeroNet support
- ☐ Dashboard for visualization
SentinelOnion is a tool created for academic research, security studies, and digital forensics. It must not be used for illegal activities. The author is not responsible for misuse.