:construction: EXPERIMENTAL :construction: Secure hidden service webserver

Overview

narnia

narnia is a fast static webserver specifically designed for Tor hidden services. It's also able to spawn a Tor thread and expose itself as a hidden service, simply by setting an additional commandline option.

narnia is hosting a mirror of its own source code on http://3wisi2bfpxplne5wlwz4l5ucvsbaozbteaqnm62oxzmgwhb2qqxvsuyd.onion/.

# Start the http server and serve files in www/
narnia -B '[::1]:1337' -w www/
# Serve www/ and enable directory listing
narnia -B '[::1]:1337' -Lw www/
# Serve www/ on a unix domain socket
# The path needs to start with either . or /
narnia -B ./narnia.sock -w www/
# Serve www/ on a hidden service
# The hidden service address is in `data/hs/hostname`
narnia -D data/ -w www/
# Serve www/ but chroot into it beforehand, verbose logs
narnia -vv -B '[::1]:1337' -w / -C www/

Comparison of http response headers

narnia

< HTTP/1.1 200 OK
< content-length: 1337
< accept-ranges: bytes
< date: Thu, 01 Jan 1970 00:00:00 GMT
< content-type: text/html; charset=utf-8
< x-content-type-options: nosniff
< referrer-policy: no-referrer

onionshare

< HTTP/1.0 200 OK
< Content-Type: text/html; charset=utf-8
< Content-Length: 1337
< X-Frame-Options: DENY
< X-Xss-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< Referrer-Policy: no-referrer
< Server: OnionShare
< Content-Security-Policy: default-src 'self'; style-src 'self'; script-src 'self'; img-src 'self' data:;
< Date: Mon, 05 Apr 2021 19:08:54 GMT

nginx

< HTTP/1.1 200 OK
< Server: nginx
< Date: Mon, 05 Apr 2021 19:04:42 GMT
< Content-Type: text/html
< Content-Length: 1337
< Last-Modified: Mon, 05 Apr 2021 19:04:33 GMT
< Connection: keep-alive
< ETag: "606b5f41-539"
< Accept-Ranges: bytes

Static binary

Linux

sudo pacman -S musl
rustup target add x86_64-unknown-linux-musl
cargo build --release --target x86_64-unknown-linux-musl --features=vendored
strip target/x86_64-unknown-linux-musl/release/narnia
ldd target/x86_64-unknown-linux-musl/release/narnia

Windows

pacman -S mingw-w64
rustup target add x86_64-pc-windows-gnu
cargo build --release --target x86_64-pc-windows-gnu --features=vendored
x86_64-w64-mingw32-strip target/x86_64-pc-windows-gnu/release/narnia.exe
file target/x86_64-pc-windows-gnu/release/narnia.exe

Building

OpenBSD

You need to install rust, autoconf and automake. You're getting asked for a version, select the latest one and take note of the first two numbers of the version. You can look this up with pkg_info if you forget them. This example output is from OpenBSD 6.8.

$ doas pkg_add autoconf automake
quirks-3.442 signed on 2021-04-08T13:45:25Z
Ambiguous: choose package for autoconf
a	0: <None>
	1: autoconf-2.13p4
	2: autoconf-2.52p6
	3: autoconf-2.54p6
	4: autoconf-2.56p5
	5: autoconf-2.57p5
	6: autoconf-2.58p5
	7: autoconf-2.59p5
	8: autoconf-2.60p5
	9: autoconf-2.61p5
	10: autoconf-2.62p2
	11: autoconf-2.63p1
	12: autoconf-2.64p1
	13: autoconf-2.65p1
	14: autoconf-2.67p1
	15: autoconf-2.68p1
	16: autoconf-2.69p3
Your choice: 16
autoconf-2.69p3:metaauto-1.0p4: ok
autoconf-2.69p3: ok
Ambiguous: choose package for automake
a	0: <None>
	1: automake-1.4.6p5
	2: automake-1.8.5p9
	3: automake-1.9.6p12
	4: automake-1.10.3p9
	5: automake-1.11.6p3
	6: automake-1.12.6p2
	7: automake-1.13.4p2
	8: automake-1.14.1p1
	9: automake-1.15.1
	10: automake-1.16.2
Your choice: 10
automake-1.16.2: ok

Next, pass the versions to cargo build:

AUTOCONF_VERSION=2.69 AUTOMAKE_VERSION=1.16 cargo build

License

GPLv3+

You might also like...
COCONUT Secure VM Service Module

This is the source code repository for the COCONUT Secure VM Service Module (SVSM), a software which aims to provide secure services and device emulations to guest operating systems in confidential virtual machines (CVMs). It requires AMD Secure Encrypted Virtualization with Secure Nested Paging (AMD SEV-SNP), especially the VM Privilege Level (VMPL) feature.

Wait Service is a pure rust program to test and wait on the availability of a service.

Wait Service Wait Service is a pure rust program to test and wait on the availability of a service.

Cuprate, an upcoming experimental, modern & secure monero node. Written in Rust

Cuprate an upcoming experimental, modern & secure monero node. Written in Rust (there is nothing working at the moment, stay tuned if you want to see

A secure JavaScript and TypeScript runtime
A secure JavaScript and TypeScript runtime

Deno Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Features Secure by default. No file,

Skybase is an extremely fast, secure and reliable real-time NoSQL database with automated snapshots and SSL
Skybase is an extremely fast, secure and reliable real-time NoSQL database with automated snapshots and SSL

Skybase The next-generation NoSQL database What is Skybase? Skybase (or SkybaseDB/SDB) is an effort to provide the best of key/value stores, document

A secure embedded operating system for microcontrollers

Tock is an embedded operating system designed for running multiple concurrent, mutually distrustful applications on Cortex-M and RISC-V based embedded

A secure embedded operating system for microcontrollers

Tock is an embedded operating system designed for running multiple concurrent, mutually distrustful applications on Cortex-M and RISC-V based embedded

Secure drive wipe

Lethe A secure, free, cross-platform and open-source drive wiping utility. Should work with any HDD, SSD (read limitations) and flash drives. The usua

Secure multithreaded packet sniffer
Secure multithreaded packet sniffer

sniffglue sniffglue is a network sniffer written in rust. Network packets are parsed concurrently using a thread pool to utilize all cpu cores. Projec

Secure and fast microVMs for serverless computing.
Secure and fast microVMs for serverless computing.

Our mission is to enable secure, multi-tenant, minimal-overhead execution of container and function workloads. Read more about the Firecracker Charter

Build smaller, faster, and more secure desktop applications with a web frontend.
Build smaller, faster, and more secure desktop applications with a web frontend.

TAURI Tauri Apps footprint: minuscule performance: ludicrous flexibility: gymnastic security: hardened Current Releases Component Descrip

A secure container runtime with OCI interface
A secure container runtime with OCI interface

Quark Container Welcome to Quark Container. This repository is the home of Quark Containers code. What's Quark Container Quark Container is high perfo

Secure transport for running MPC protocols backed by Signal

MPC over Signal Overview This library provides a high-level interface for connecting to Signal Server and using it to exchange messages with other con

A fast and small Rust library to make Electron apps more secure.

electron-hardener A Rust library and command line tool to harden Electron binaries against runtime behavior modifications. This provides a way to hard

Secure sandboxing system for untrusted code execution

Godbox Secure sandboxing system for untrusted code execution. It uses isolate which uses specific functionnalities of the Linux kernel, thus godbox no

A safe implementation of the secure remote password authentication and key-exchange protocol (SRP), SRP6a and legacy are as features available.

Secure Remote Password (SRP 6 / 6a) A safe implementation of the secure remote password authentication and key-exchange protocol (SRP version 6a). Ver

MesaTEE GBDT-RS : a fast and secure GBDT library, supporting TEEs such as Intel SGX and ARM TrustZone

MesaTEE GBDT-RS : a fast and secure GBDT library, supporting TEEs such as Intel SGX and ARM TrustZone MesaTEE GBDT-RS is a gradient boost decision tre

Binary Field Encodings (BFE) for Secure Scuttlebutt (SSB)

ssb-bfe-rs Binary Field Encodings (BFE) for Secure Scuttlebutt (SSB). Based on the JavaScript reference implementation: ssb-bfe (written according to

Secure storage for cryptographic secrets in Rust

secrets secrets is a library to help Rust programmers safely held cryptographic secrets in memory. It is mostly an ergonomic wrapper around the memory

Comments
  • Dependency Vulnerabilities

    Dependency Vulnerabilities

    cargo-audit shows 8 vulnerabilities in the dependencies of this project, including several important vulnerabilities in openssl-src that have high CVE severity scores.

    opened by iamwacko 2
Releases(v0.4.0)
Owner
Independent security research. Works on backdoor-resistant software distribution. Maintains packages in Arch Linux and Debian. Steals food at conferences.
null
Lunatic based webserver embedding WASM. Supports scaling down to zero and up to infinity.

Frenezulo A WASM-embedding webserver build on top of submillisecond and lunatic. Build to serve as an entry point for microservices compiled to WASM.

Kai Jellinghaus 13 Oct 23, 2022
Hidden parameters discovery suite

x8 Hidden parameters discovery suite written in Rust. How does it work Features Examples Send parameters via query Send parameters via body Custom tem

null 943 Jan 4, 2023
Shows how to implement USB device on RP2040 in Rust, in a single file, with no hidden parts.

Rust RP2040 USB Device Example This is a worked example of implementing a USB device on the RP2040 microcontroller, in Rust. It is designed to be easy

Cliff L. Biffle 9 Dec 7, 2022
Scriptable tool to read and write UEFI variables from EFI shell. View, save, edit and restore hidden UEFI (BIOS) Setup settings faster than with the OEM menu forms.

UEFI Variable Tool (UVT) UEFI Variable Tool (UVT) is a command-line application that runs from the UEFI shell. It can be launched in seconds from any

null 4 Dec 11, 2023
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.6k Dec 30, 2022
ARM TrustZone-M example application in Rust, both secure world side and non-secure world side

ARM TrustZone-M example application in Rust, both secure world side and non-secure world side; projects are modified from generated result of cortex-m-quickstart.

null 44 Dec 4, 2022
User-friendly secure computation engine based on secure multi-party computation

CipherCore If you have any questions, or, more generally, would like to discuss CipherCore, please join the Slack community. See a vastly extended ver

CipherMode Labs 356 Jan 5, 2023
An implemenetation of (part of) the suffix array construction algorithm developed by Zhize Li (2016)

suffix-array-li2016 An implemenetation of (part of) the suffix array construction algorithm developed by Zhize Li et al. (2016). This algorithm is cla

Tianyi Shi 3 Jul 30, 2022
Implementation of algorithms for Domain Name System (DNS) Cookies construction

DNS Cookie RFC7873 left the construction of Server Cookies to the discretion of the DNS Server (implementer) which has resulted in a gallimaufry of di

Rushmore Mushambi 2 Feb 4, 2022
RustRedOps is a repository dedicated to gathering and sharing advanced techniques and malware for Red Team, with a specific focus on the Rust programming language. (In Construction)

RustRedOps In Construction.... The project is still under development Overview RustRedOps is a repository that houses various tools and projects relat

João Victor 17 Dec 14, 2023