Exitmap is a fast and modular Python-based scanner for Tor exit relays. Exitmap modules implement tasks that are run over (a subset of) all exit relays. If you have a background in functional programming, think of exitmap as a
map() interface for Tor exit relays: Modules can perform any TCP-based networking task like fetching a web page, uploading a file, connecting to an SSH server, or joining an IRC channel.
Exitmap uses the library Stem to communicate with Tor. There are plenty of ways to install Stem. The easiest might be to use pip in combination with the provided requirements.txt file:
$ pip install -r requirements.txt
The only argument exitmap requires is the name of a module. For example, you can run exitmap with the checktest module by running:
$ ./bin/exitmap checktest
The command line output will then show you how Tor bootstraps, the output of the checktest module, and a scan summary. If you don’t need three hops and prefer to use two hops with a static first hop, run:
$ ./bin/exitmap --first-hop 1234567890ABCDEF1234567890ABCDEF12345678 checktest
To run the same test over German exit relays only, execute:
$ ./bin/exitmap --country DE --first-hop 1234567890ABCDEF1234567890ABCDEF12345678 checktest
If you want to pause for five seconds in between circuit creations to reduce the load on the Tor network and the scanning destination, run:
$ ./bin/exitmap --build-delay 5 checktest
1234567890ABCDEF1234567890ABCDEF12345678 is a pseudo fingerprint that you should replace with an exit relay that you control.
To learn more about all of exitmap’s options, run:
$ ./bin/exitmap --help
Exitmap comes with batteries included, providing the following modules:
- testfds: Tests if an exit relay is able to fetch the content of a simple web page. If an exit relay is unable to do that, it might not have enough file descriptors available.
- checktest: Attempts to find false negatives in the Tor Project’s check service.
- dnspoison: Attempts to resolve several domains and compares the received DNS A records to the expected records.
- dnssec: Detects exit relays whose resolver does not validate DNSSEC.
- patchingCheck: Checks for file tampering.
- cloudflared: Checks if a web site returns a CloudFlare CAPTCHA.
- rtt: Measure round-trip times through an exit to various destinations.
By default, exitmap tries to read the file .exitmaprc in your home directory. The file accepts all command line options, but you have to replace minuses with underscores. Here is an example:
[Defaults] first_hop = 1234567890ABCDEF1234567890ABCDEF12345678 verbosity = debug build_delay = 1 analysis_dir = /path/to/exitmap_scans
Before submitting pull requests, please make sure that all unit tests pass by running:
$ pip install -r requirements-dev.txt $ py.test --cov-report term-missing --cov-config .coveragerc --cov=src test