Ichidan, a Search Engine for the Dark Web

Ichidan is a type of Japanese verb which implies the first (“ichi”) time something is done. Now, Ichidan is also a search engine for looking up websites that are hosted through the Tor network, which may be the first time that's been done at this scale.

Websites on Tor usually have the .onion top level domain and you typically need a web browser with the Tor plugin or Tor's own configured web browser in order to access them. Simply using Tor is legal in most countries worldwide. While the general population may have the understanding that Tor networks are used for nefarious purposes, such as illicit activity like selling illegal drugs, or selling malware or data acquired by cyber attack, the reality is that that’s a small portion of content on the network. Many use Tor networks for good purposes, such as allowing journalists who live in totalitarian states to do their work.

Ichidan is currently hosted on “ichidanv34wrx7m7(dot)onion,” but its domain name may change often, as is typical for Tor-delivered websites. The search engine is less like Google and more like Shodan, in that it allows users to see technical information about .onion websites, including their connected network interfaces, such as TCP/IP ports.

Ichidan is a valuable resource for security researchers and law enforcement agencies who want to learn about what's happening on the Dark Web. Using Ichidan, BleepingComputer was able to confirm the result of an OnionScan report that the Dark Web has shrunk from about 30,000 websites down to about 4,400.

BleepingComputer was also able to use Ichidan to find a website which a lot of exposed ports, including OpenSSH, an email server, a Telnet implementation, vsftpd, and an exposed Fritzbox router. That sort of information is very attractive to cyber attackers. Using Ichidan is a lot easier than command line pentesting tools, which require more specific technical know how.

I fully expect Ichidan usage to grow, which means that the people who adminstrative .onion websites had better beef up their cybersecurity if they want to survive.