Kali Linux

Tornado : Anonymously Reverse Shell Over Tor Network Using Hidden Services Without Port forwarding

Tornado is implements tor network with metasploit-framework tool and msfvenom module, you can easily create hidden services for your localhost .onion domain without portforwarding. If you have experience different remote administration tools, probably you know you need forward port with virtual private network or ngrok but in this sense with tornado, the tor network offers the possibility of making services in a machine accessible as hidden services without portforwarding, by taking advantage of the anonymity it offers and thereby preventing the real location of the machine from being exposed.

tornado can do

  • create hidden service with tor network
  • generate cross platform msfvenom payload with fully undetectable shellcode execution not shikata_ga_nai things
  • hidden service becomes available outside tor network and ready to reverse shell connection

be careful with tor2web even onion network, the only suicide mission is wearing blinders. tornado not secure from victim’s point of view: the point of tor is that users can connect without being eavesdropped on and going through the clearnet with tor2web, even with https seriously cripples the efforts made to protect users.

Built With

  • Tor
  • Metasploit
  • Tor2Web

Getting Started

To get a local copy up and running follow these simple steps.

Installation

  • Clone the repo

$ git clone https://github.com/samet-g/tornado.git

  • Setup tornado with requirement packages

$ sudo python3 setup.py install

  • Run it with sudo permissions

$ sudo tornado

Usage

  • Run tornado with sudo permissions & -start flag

$ sudo tornado -start

R K

Recent Posts

Bash For Loop Examples Explained Simply for Beginners

If you are new to Bash scripting or Linux shell scripting, one of the most…

7 hours ago

How Does a Firewall Work Step by Step

How Does a Firewall Work Step by Step? What Is a Firewall and How Does…

2 days ago

ROADTools: The Modern Azure AD Exploration Framework

ROADTools is a powerful framework designed for exploring and interacting with Microsoft Azure Active Directory…

5 days ago

How to Enumerate Microsoft 365 Groups Using PowerShell and Python

Microsoft 365 Groups (also known as M365 Groups or Unified Groups) are at the heart…

5 days ago

SeamlessPass: Using Kerberos Tickets to Access Microsoft 365

SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain…

6 days ago

PPLBlade: Advanced Memory Dumping and Obfuscation Tool

PPLBlade is a powerful Protected Process Dumper designed to capture memory from target processes, hide…

6 days ago