When it comes to penetration testing the first preference is online anonymity. Hackers use services such as VPN or TOR, comparatively tor offers more security and anonymity on the web and in addition it allow access to the dark web. I personally prefer tor over vpn.

Tor is configured in such a way that  a combination of three relays or nodes. First one the entry guard – the server where user is allowed to communicate first with a 3 layer encryption. Second one middle relay – TOR’s internal server the data from first relay is sent to the exit relay, but the origin of traffic is unknown. Third one exit relay – the node that communicates with the target server thus this node is visible to outside world. This node keeps on changing periodically and its more secure.

Tor allows you to change the exit relay, which is very useful for a hacker while attacking a highly secured target. This reduces the risk of being busted.

NOTE: Automated script available TORGHOST

How it works

since tor is running as a service like simple proxy mechanism we can control the tor using telnet and command it through its control port. Telnet establish a connection to tor using terminal which allows you command it or simply controlling it. When a request to change the exit node is made the middle node automatically switches to a random exit node. Note that the minimum timeout is 10 seconds i.e. you can only request for new circuit every 10 seconds.


Edit torrc file

you have to enable control port and select authentication method. Control port supports two authentication method, hashed password authentication and cookie authentication. Here we are using hashed password method.

open the torrc file from terminal

# /etc/tor/torrc

In gedit find the “#ControlPort 9051” line and remove the # tag, this will enable the control port access. Also remove the # from “#HashedControlPassword…”  In this line you can find a long hashed password “16:9CA54AA…” this is the default password in hash form. You have to replace this hash with your new password hash. we cannot use a raw password so hash it. open another terminal.

# tor –hash-password “your new password”

this will output the hash of your new password,now copy that and paste it on the torrc file, save and exit.

Kill all tor services

# sudo killall tor

Open tor in a new terminal simple command “tor”. wait until it loads don’t close it so that you can monitor all logs in real-time so, keep it aside.


Requesting new circuit

open a new terminal and establish a telnet connection.
follow the commands.
# telnet 9051
Connected to
Escape character is ‘^]’.
AUTHENTICATE “your new password”
250 OK

If it returns the code 250, its working fine now you have access to the control port. Request for new circuit with the command “SIGNAL NEWNYM“.

250 OK

New tor circuit will be loaded instantly. Change your IP like a boss 😉 Any question or doubts? post in the commend section below.

Susmith Krishnan

I’m a computer enthusiast basically and i love to write blogs on tech issues and cyber security. I started penetration testing at the age of 16 and i would like to explore security vulnerabilities and latest tech news and wanna share with you


Kaligula · January 18, 2017 at 6:12 am

# tor –hash-password “your new password”

You need to type “–hash-password “your new password

    vbeerapond · March 23, 2017 at 2:35 pm

    tor –hash-password “your new password”

vbeerapond · March 23, 2017 at 2:36 pm

tor – – hash-password “your new password”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.