bitcoin_darkweb.py

1. import argparse
2. import requests
3. import networkx
4.  
5. webhose_access_token = ""
6.  
7. blacklist = ["4a6kzlzytb4ksafk.onion","blockchainbdgpzk.onion"]
8.  
9. webhose_base_url    = "https://www.blockchain.com/btc/address/112vq8eT295ekWeuNzyeKbGYbvAsAZYZGu"
10. webhose_darkweb_url = "/darkFilter?token=%s&format=json&q=" % webhose_access_token
11.  
12. block_explorer_url  = "https://blockexplorer.com/api/addrs/"
13. #?from=0&to=50
14.  
15. parser = argparse.ArgumentParser(description='Collect and visualize Bitcoin transactions and any related hidden services.')
16.  
17. parser.add_argument("--graph",help="Output filename of the graph file. Example: bitcoin.gexf",default="bitcoingraph.gexf")
18. parser.add_argument("--address", help="A bitcoin address to begin the search on.",)
19.  
20.  
21. args = parser.parse_args()
22.  
23. bitcoin_address = args.address
24. graph_file      = args.graph
25.  
26. #
27. # Retrieve all bitcoin transactions for a Bitcoin address
28. #
29. def get_all_transactions(bitcoin_address):
30.    
31.     transactions = []
32.     from_number  = 0
33.     to_number    = 50
34.    
35.     block_explorer_url_full = block_explorer_url + bitcoin_address + "/txs?from=%d&to=%d" % (from_number,to_number)
36.    
37.     response = requests.get(block_explorer_url_full)
38.    
39.     try:
40.         results  = response.json()
41.     except:
42.         print "[!] Error retrieving bitcoin transactions. Please re-run this script."
43.         return transactions
44.  
45.     if results['totalItems'] == 0:
46.         print "[*] No transactions for %s" % bitcoin_address
47.         return transactions
48.  
49.     transactions.extend(results['items'])
50.    
51.     while len(transactions) < results['totalItems']:
52.        
53.         from_number += 50
54.         to_number   += 50
55.    
56.         block_explorer_url_full = block_explorer_url + bitcoin_address + "/txs?from=%d&to=%d" % (from_number,to_number)
57.        
58.         response = requests.get(block_explorer_url_full)
59.            
60.         results  = response.json()        
61.    
62.         transactions.extend(results['items'])
63.    
64.     print "[*] Retrieved %d bitcoin transactions." % len(transactions)
65.    
66.     return transactions
67.  
68. #
69. # Simple function to return a list of all unique
70. # bitcoin addresses from a transaction list
71. #
72. def get_unique_bitcoin_addresses(transaction_list):
73.    
74.     bitcoin_addresses = []
75.    
76.     for transaction in transaction_list:
77.        
78.         # check the sending address
79.         if transaction['vin'][0]['addr'] not in bitcoin_addresses:
80.             bitcoin_addresses.append(transaction['vin'][0]['addr'])
81.        
82.         # walk through all recipients and check each address
83.         for receiving_side in transaction['vout']:
84.            
85.             if receiving_side['scriptPubKey'].has_key("addresses"):
86.                
87.                 for address in receiving_side['scriptPubKey']['addresses']:
88.                    
89.                     if address not in bitcoin_addresses:
90.                        
91.                         bitcoin_addresses.append(address)
92.    
93.     print "[*] Identified %d unique bitcoin addresses." % len(bitcoin_addresses)
94.    
95.     return bitcoin_addresses
96.  
97.  
98. #
99. # Search blockchain.info for each bitcoin address
100. #
101. def search_blockchain(bitcoin_addresses):
102.    
103.     bitcoin_to_hidden_services = {}
104.     count = 1
105.    
106.     for bitcoin_address in bitcoin_addresses:
107.        
108.         print "[*] Searching %d of %d bitcoin addresses." % (count,len(bitcoin_addresses))
109.        
110.         # search for the bitcoin address
111.         search_url = webhose_base_url + webhose_darkweb_url + bitcoin_address
112.        
113.         response   = requests.get(search_url)
114.        
115.         result     = response.json()
116.        
117.         # loop continually until we have retrieved all results at Webhose
118.         while result['totalResults'] > 0:
119.            
120.             # now walk each search result and map out the unique hidden services
121.             for search_result in result['darkposts']:
122.                
123.                 if not bitcoin_to_hidden_services.has_key(bitcoin_address):
124.                     bitcoin_to_hidden_services[bitcoin_address] = []
125.                
126.                 if search_result['source']['site'] not in bitcoin_to_hidden_services[bitcoin_address]:
127.                    
128.                     bitcoin_to_hidden_services[bitcoin_address].append(search_result['source']['site'])
129.            
130.             # if we have 10 or less results no need to ding the API again
131.             if result['totalResults'] <= 10:
132.                 break
133.            
134.             # build a filtering keyword string
135.             query = "%s" % bitcoin_address
136.            
137.             for hidden_service in bitcoin_to_hidden_services[bitcoin_address]:
138.                 query += " -site:%s" % hidden_service
139.            
140.             # use the blacklisted onions as filters
141.             for hidden_service in blacklist:
142.                 query += " -site:%s" % hidden_service
143.            
144.             search_url = webhose_base_url + webhose_darkweb_url + query
145.            
146.             response     = requests.get(search_url)
147.            
148.             result     = response.json()
149.        
150.         if bitcoin_to_hidden_services.has_key(bitcoin_address):        
151.             print "[*] Discovered %d hidden services connected to %s" % (len(bitcoin_to_hidden_services[bitcoin_address]),bitcoin_address)
152.        
153.         count += 1
154.    
155.     return bitcoin_to_hidden_services
156.  
157. #
158. # Graph all of the Bitcoin transactions
159. #
160. def build_graph(source_bitcoin_address,transaction_list,hidden_services):
161.    
162.     graph = networkx.DiGraph()
163.    
164.     # graph the transactions by address
165.     for transaction in transaction_list:
166.        
167.         # check the sending address
168.         sender = transaction['vin'][0]['addr']
169.    
170.         if sender == source_bitcoin_address:
171.             graph.add_node(sender,{"type":"Target Bitcoin Address"})
172.         else:
173.             graph.add_node(sender,{"type":"Bitcoin Address"})
174.        
175.      
176.         # walk through all recipients and check each address
177.         for receiving_side in transaction['vout']:
178.    
179.             if receiving_side['scriptPubKey'].has_key("addresses"):
180.                 for address in receiving_side['scriptPubKey']['addresses']:
181.                    
182.                     if address == source_bitcoin_address:
183.                         graph.add_node(address,{"type":"Target Bitcoin Wallet"})
184.                     else:
185.                         graph.add_node(address,{"type":"Bitcoin Wallet"})
186.                    
187.                     graph.add_edge(sender,address)
188.        
189.     for bitcoin_address in hidden_services:
190.        
191.         for hidden_service in hidden_services[bitcoin_address]:
192.            
193.             if hidden_service not in blacklist:
194.                 graph.add_node(hidden_service,{"type":"Hidden Service"})
195.                 graph.add_edge(bitcoin_address,hidden_service)
196.    
197.    
198.     # write out the graph
199.     networkx.write_gexf(graph,graph_file)
200.    
201.     return
202.  
203.  
204. # get all of the bitcoin transactions  
205. print "[*] Retrieving all transactions from the blockchain for %s" % bitcoin_address
206.  
207. transaction_list = get_all_transactions('112vq8eT295ekWeuNzyeKbGYbvAsAZYZGu')
208.  
209. if len(transaction_list) > 0:
210.    
211.     # get all of the unique bitcoin addresses
212.     bitcoin_addresses = get_unique_bitcoin_addresses(transaction_list)
213.    
214.     # now search blockchain for all addresses looking
215.     # for hidden services
216.     hidden_services   = search_blockchain(bitcoin_addresses)
217.  
218.     # graph the bitcoin transactions
219.     build_graph(bitcoin_address,transaction_list, hidden_services)
220.    
221.     print "[*] Done! Open the graph file and happy hunting!"