OnionScan –help – Usage, Flags and Command Examples

Command Examples:

Having trouble? You can also run the web-version of onionscan at onionscan.io
Run without OnionScan Correlations Lab

./onionscan --timeout 60 --fingerprint  --depth 2 --verbose --webport 0 examplesite.onion

Basic Scan with Correlations Lab Running on http://localhost:8080/

./onionscan examplesite.onion

Help Printout:

$ ./onionscan
Usage of ./onionscan:
    onionscan [flags] hiddenservice | onionscan [flags] --list list | onionscan --mode analysis
  -batch int
        number of onions to scan concurrently (default 10)
  -cookie string
        if provided, onionscan will use this cookie
  -crawlconfigdir string
        A directory where crawl configurations are stored
  -dbdir string
        The directory where the crawl database will be 
        stored (default "./onionscandb")
  -depth int
        depth of directory scan recursion (default: 100) (default 100)
        true disables some deeper scans e.g. directory probing with the 
        aim of just getting a fingerprint of the service. (default true)
        print out a json report providing a detailed report of the scan.
        print out a simple report as json, false by default
  -list string
        If provided OnionScan will attempt to read from the given list, 
        rather than the provided hidden service
  -mode string
        one of scan or analysis. In analysis mode, webport must be set. 
        (default "scan")
  -reportFile string
        the file destination path for report file - if given, the prefix 
        of the file will be the scanned onion service. If not given, the report will be written to stdout
  -scans string
        a comma-separated list of scans to run e.g. web,tls,... 
        (default: run all)
        print out a simple report detailing what is wrong and how to fix it, 
        true by default (default true)
  -timeout int
        read timeout for connecting to onion services (default 120)
  -torProxyAddress string
        the address of the tor proxy to use (default "")
        print out a verbose log output of the scan
  -webport int
        if given, onionscan will expose a webserver on localhost:[port] 
        to enabled searching of the database (default 8080)

onionscan Cannot connect to Tor proxy, is the –torProxyAddress setting correct?

Trying to run onionscan, but encountering the error
Cannot connect to Tor proxy, is the --torProxyAddress setting correct?

Simply get the latest tor browser running on your machine and add the following proxy:


The latest tor runs on your local machine at port 9150. This flag instructs onionscan to use that as the proxy.

Example command:

onionscan –torProxyAddress –verbose targetsite.onion