POOPAK - TOR Hidden Service Crawler
Branch: master
Clone or download
teal33t Update requirements.txt
Update for `requests`
The Requests package through 2.19.1 before 2018-09-14 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
Latest commit cf4b1b3 Jan 16, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
application Update requirements.txt Jan 16, 2019
web-server - Multiple crawler [panel, crawler, detector, web-app] Apr 28, 2018
.gitignore TODO updated. May 1, 2018
Pipfile.lock TODO updated. May 1, 2018
README.md Update README.md Jan 16, 2019
docker-compose.yml Update docker-compose.yml Jan 16, 2019
screenshots.jpg Remove ignored files Apr 22, 2018


POOPAK | TOR Hidden Service Crawler

License: GPL v3 Open Source Love made-with-python Generic badge


This is an experimental application for crawling, scanning and data gathering from TOR hidden services.


  • Multi-level in-depth crawling using CURL
  • Link extractor
  • Extract Emails/BTC/ETH/XMR addresses
  • Extract EXIF meta data
  • Screenshot (using Splash)
  • Subject detector (using Spacy)
  • Port Scanner
  • Extract report from a hidden service (CSV/PDF)
  • Fulltext search through the directory
  • Language detection
  • Web application security scanning (using Arachni) - [Under Developing]
  • Docker based and Web UI


This software is made available under the GPL v.3 license. It means if you run a modified program on a server and let other users communicate with it there, your server must also allow them to download the source code corresponding to the modified version running there.


  • Docker (tested on Docker version 18.03.1)
  • Docker Compose (tested on version 1.21.1)
  • Python 3
  • pipenv


Just run application with docker-compose:

docker-compose up -d

and next point your browser to localhost.