Generating a vanity .onion address

Note: This documentation only applies to the older V2 Onions, for newer, please see Generating a vanity .onion address for Version 3 .onions.

Tor Hidden Services are accessed through a web address ending in .onion. Generally speaking these appear to be random strings of letters and numbers, though they're actually a representation of the public key generated when the operator created their hidden service.

It is possible, however, to attempt to generate a keypair which will allow you to generate a desired vanity URL, though the process is essentially a brute-force of key combinations, so may take some time.

 

 

Install Dependencies

First we start by installing a couple of dependencies

 

Debian

apt-get install libssl-dev
apt-get install build-essential

 

CentOS

yum install openssl-dev
yum groupinstall "Development Tools"

 

Install Shallot

Shallot is the workhorse that'll be doing the backbreaking work of generating key combinations, so we need to grab and install it (check the GitHub page for the latest version)

wget https://github.com/katmagic/Shallot/releases/tag/shallot-0.0.3
tar xvzf shallot-0.0.3.tar.gz
cd Shallot-shallot-0.0.3

# Configure and compile
./configure && make

Once that's completed, we should be ready to try and generate our first URL

./shallot fooba 
------------------------------------------------------------------
Found matching domain after 1119963 tries: ofoobafmf5ghy46wy.onion
------------------------------------------------------------------

The output will include an RSA Private Key, make careful note of it and then cd into your hidden service's directory (in the tutorial I posted earlier, this was /var/lib/tor/myonion/).

cd /var/lib/tor/myonion/
[ -f private_key ] && > private_key
nano private_key

# Insert the private key provided by Shallot, then Save and exit

[ -f hostname ] && rm -f hostname
service tor restart

Once TOR restarts, the hostname file should be regenerated and should contain the hostname output by Shallot

Things to note

  • It gets progressively harder to bruteforce the keys, the more characters you specify (god only knows what resources Facebook's facebookcorewwwi.onion took to generate!)
  • If you've any config that relies on a specific hostname (such as an NGinx server block, remember to change it if you change the URL!)
  • It might take multiple attempts with Shallot to find a vanity URL that you actually like

 

Share this post on Twitter Share this post on Reddit Share this post on LinkedIN Share this post via Whatsapp Share this post via Telegram Share this post via QQ Share this post via Email