Tornado : Anonymously Reverse Shell Over Tor Network Using Hidden Services Without Port forwarding


Tornado is implements tor network with metasploit-framework tool and msfvenom module, you can easily create hidden services for your localhost .onion domain without portforwarding. If you have experience different remote administration tools, probably you know you need forward port with virtual private network or ngrok but in this sense with tornado, the tor network offers the possibility of making services in a machine accessible as hidden services without portforwarding, by taking advantage of the anonymity it offers and thereby preventing the real location of the machine from being exposed.

tornado can do

  • create hidden service with tor network
  • generate cross platform msfvenom payload with fully undetectable shellcode execution not shikata_ga_nai things
  • hidden service becomes available outside tor network and ready to reverse shell connection

be careful with tor2web even onion network, the only suicide mission is wearing blinders. tornado not secure from victim’s point of view: the point of tor is that users can connect without being eavesdropped on and going through the clearnet with tor2web, even with https seriously cripples the efforts made to protect users.

Built With

  • Tor
  • Metasploit
  • Tor2Web

Getting Started

To get a local copy up and running follow these simple steps.


  • Clone the repo

$ git clone

  • Setup tornado with requirement packages

$ sudo python3 install

  • Run it with sudo permissions

$ sudo tornado


  • Run tornado with sudo permissions & -start flag

$ sudo tornado -start


Please enter your comment!
Please enter your name here