About Tortazo - Gentle Introduction.


Tortazo is a tool written in Python to perform pentesting activities through the TOR deep web. Allows the integration with other well known frameworks available in the market and any python developer could write plugins to execute attacks against hidden services and relays in TOR.


Tortazo is written in Python language using a lot of libraries to perform pentesting activities. This project is almost entirely “I+D” because there’s few tools publicly available to audit the hidden services or relays in TOR. The researching and innovative ideas are much appreciated because, there’s a lot of work and things to implement in Tortazo.


The anonymous networks are the favorite “tool” of criminals and this is a shame because networks like TOR, I2P or Freenet weren’t designed to protect killers, narcos, pedofiles and that kind of people. The initial idea of this project, is develop a tool to compromise the identity of that kind people. ¿How? A lot of them, usually are not aware of the vulnerabilities included in their boxes. A lot of them, just exposes hidden services with the “defaults” because they’re not security professionals and usually they are just end-users with basic knowledge about computing. A lot of them just starts TOR and exposes their machines as relays in the TOR network or creates websites as TOR hidden services without any security consideration. This is a good “starting point” to try to expose them and the purpose of Tortazo is to include a lot of features to find that kind of flaws and bring a bridge between the TOR network and the “good” hackers.


This project was initiated in early 2014 and actually is being developed just by me (@jdaanial aka. Adastra). Initially was a simple prototipe to test the features included in Stem library for TOR. (https://stem.torproject.org/) Stem is a impresive python library which uses the TOR controller protocol to manage a TOR instance. However, also includes utilities to querying the TOR authoritative directories and download the descriptors with the information about the relays running in TOR. On other hand, there’s a lot of libraries and tools to perform pentesting activities which will be perfect against some vulnerable web applications in the deep web. Tortazo allows the integration from some of the most known of this tools and frameworks


I’m a software developer and security enthusiast. Just a guy who spent his time playing with libraries, programming languages, tools, security techniques, network protocols and anything related with computers :-) What I like:

  • I like to read almost about everything.
  • I like the free speech.
  • I like free software.
  • I like the hacker philosophy.
  • I like the hacktivism.
  • I like to write code.
  • I like to find and fix bugs in code.
  • I like to improve code.
  • I like the reverse engineering.
  • I like to talk with people about things that matter. (obviously, this exclude football, politics, tv shows and other bullshit).
  • I like the freedom. Everyone should be free to do anything, but without affecting the freedom of others.

What I dislike:

  • I dislike the bugs.
  • I dislike the awful code.
  • I dislike the people lazy.
  • I dislike the mediocrity.
  • I dislike the authoritarianism.
  • I dislike some rock stars “selling smoke” in conferences and other events. We need more mentors and less security rock stars. Sadly, this is the worst thing that I’ve found in the infosec environment in my country and other places.


Sure, writes an email to: debiadastra [at] gmail.com I’ll reply as soon as possible. Also, you can follow me in Twitter. @jdaanial