Skip to content

Anonymously Reverse Shell over Tor Network using Hidden services without Portforwarding.

License

Notifications You must be signed in to change notification settings

samogod/tornado

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

54 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation


Logo

tornado

anonymously reverse shell over onion network using hidden services without portfortwarding
Explore the docs
fully undetectable reverse shell · View Demo · bulletproof anonymity


Table of Contents
  1. What is tornado?
  2. Built With
  3. Getting Started
  4. Usage
  5. Roadmap
  6. Contributing
  7. License
  8. Disclaimer

If you are having any operating system compatiblity issue, let me know. I will try to fix as soon as possible so let's explore the docs.

What is tornado?

Tornado is implements tor network with metasploit-framework tool and msfvenom module, you can easily create hidden services for your localhost .onion domain without portforwarding. If you have experience different remote administration tools, probably you know you need forward port with virtual private network or ngrok but in this sense with tornado, the tor network offers the possibility of making services in a machine accessible as hidden services without portforwarding, by taking advantage of the anonymity it offers and thereby preventing the real location of the machine from being exposed.

tornado can do

  • create hidden service with tor network
  • generate cross platform msfvenom payload with fully undetectable shellcode execution not shikata_ga_nai things
  • hidden service becomes available outside tor network and ready to reverse shell connection

A word of caution regarding the use of Tor2Web and the onion network: disregarding security measures can be perilous. From the standpoint of a potential victim, Tornado might not be secure; Tor's primary aim is to enable anonymous connections free from surveillance. Utilizing Tor2Web to access services over the clearnet, even with the use of HTTPS, can significantly undermine the privacy and security efforts the Tor network strives to provide.

Built With

image

Getting Started

To get a local copy up and running follow these simple steps.

Installation

Linux

  1. Clone the repo
    $ git clone https://github.com/samogod/tornado.git
  2. Setup tornado with requirement packages.
    $ sudo python3 setup.py install
  3. Run it with sudo permissions.
    $ sudo tornado

Windows

  1. Clone the repo
git clone https://github.com/samogod/tornado.git
  1. Setup tornado with requirement packages.
python setup.py install
  1. Run it
python -m tornado

Usage

Linux

  • Run tornado with sudo permissions & -start flag.
    $ sudo tornado -start

Windows

  • Run tornado with -start flag
    python -m tornado -start
    

Roadmap

  • Integrity to Windows operating system
  • Reverse shell without Tor2web - The working mechanism is inject payload to tor expert bundle .exe with special torrc files.

Contributing

Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated especially Roadmap check this to-do list.

  1. Fork the Project
  2. Create your Feature Branch git checkout -b feature/feature
  3. Commit your Changes git commit -m 'Add some feature'
  4. Push to the Branch git push origin feature/feature
  5. Open a Pull Request

License

Distributed under the GNU License.
See LICENSE for more information.

Disclaimer

This tool is only for testing and can only be used where strict consent has been given. Do not use it for illegal purposes! It is the end user’s responsibility to obey all applicable local, state and federal laws. I assume no liability and are not responsible for any misuse or damage caused by this tool and software.