Tor Network Access

v1.0.0Securitystable

Provide AI agents with full Tor network access and dark web data through a zero-config OpenClaw skill or standalone tool.

ai-agentshidden-servicesllmmcp-serveronion
Share:
194
Stars
0
Downloads
0
Weekly
0/5

What is Tor Network Access?

Tor Network Access is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to provide ai agents with full tor network access and dark web data through a zero-config openclaw skill or standalone tool.

Provide AI agents with full Tor network access and dark web data through a zero-config OpenClaw skill or standalone tool.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • Provide AI agents with full Tor network access and dark web

Use Cases

Access Tor network from AI agents
Dark web data retrieval
OSINT on hidden services
LicenseNOASSERTION
Languagepython
Versionv1.0.0
UpdatedMay 22, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx onionclaw

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use Tor Network Access

OnionClaw is a Python-based toolkit that gives AI agents and security researchers full access to the Tor network and dark web hidden services, functioning either as an OpenClaw skill or a standalone set of command-line tools. It provides seven specialized scripts for verifying Tor connectivity, rotating exit circuits, health-checking 18 dark web search engines, querying them in parallel, fetching .onion pages, and running LLM-powered OSINT analysis across four specialized modes (threat intelligence, ransomware indicators, personal identity exposure, and corporate credential leaks). No LLM API key is required for the five non-analysis commands, making it suitable for privacy-preserving network research with fully local inference via Ollama.

Prerequisites

  • Python 3.10 or higher
  • Tor installed and running locally with SOCKS proxy on 127.0.0.1:9050
  • Python packages: requests[socks], beautifulsoup4, python-dotenv, stem
  • Optional: LLM API key (OpenAI, Anthropic, Google Gemini) or Ollama for local inference — required only for ask.py and pipeline.py
  • OpenClaw (for skill-based installation) or standalone terminal usage
1

Install Tor on your system

OnionClaw requires a running Tor daemon listening on the default SOCKS port 9050. Install it via your system package manager and start it.

# macOS
brew install tor && tor &

# Linux (Debian/Ubuntu)
apt install tor && tor &
2

Clone OnionClaw and install dependencies

Clone the repository and install the required Python packages. The requests[socks] extra is critical for routing traffic through Tor's SOCKS5 proxy.

git clone https://github.com/JacobJandon/OnionClaw
cd OnionClaw
pip install requests[socks] beautifulsoup4 python-dotenv stem
3

Configure environment variables

Copy the example .env file and edit it with your Tor settings. The defaults work for standard Tor installations. Add an LLM API key only if you plan to use ask.py or pipeline.py.

cp .env.example .env
# Edit .env — defaults work for standard Tor:
# TOR_SOCKS_HOST=127.0.0.1
# TOR_SOCKS_PORT=9050
# TOR_CONTROL_HOST=127.0.0.1
# TOR_CONTROL_PORT=9051
# Optional for analysis:
# LLM_PROVIDER=openai
# OPENAI_API_KEY=sk-...
4

Verify Tor connectivity

Run the check_tor script to confirm your Tor daemon is reachable and traffic is routing correctly. It displays your Tor exit IP to confirm anonymization is active.

python3 check_tor.py
5

Search the dark web

Use search.py to query multiple dark web search engines simultaneously. Specify one or more engine names from the 18 supported engines.

python3 search.py --query "ransomware healthcare" --engines Ahmia Tor66
6

Run full automated OSINT pipeline

The pipeline.py script combines searching, fetching, and LLM analysis into an end-to-end investigation workflow. Specify a query, analysis mode, and output file.

python3 pipeline.py --query "hospital ransomware 2026" --mode ransomware --out report.md

Tor Network Access Examples

Client configuration (Claude Desktop)

Register OnionClaw as an MCP server in Claude Desktop. The server runs Python scripts from the cloned directory.

{
  "mcpServers": {
    "onionclaw": {
      "command": "python3",
      "args": ["/path/to/OnionClaw/mcp_server.py"],
      "env": {
        "TOR_SOCKS_HOST": "127.0.0.1",
        "TOR_SOCKS_PORT": "9050",
        "OPENAI_API_KEY": "sk-your-key-for-analysis"
      }
    }
  }
}

Prompts to try

Use these prompts for OSINT research tasks via Tor network access.

- "Check Tor connectivity and show me the current exit node IP"
- "Search dark web for mentions of ransomware targeting hospitals using Ahmia and Tor66"
- "Fetch and analyze this .onion page for threat intelligence indicators"
- "Run a ransomware OSINT pipeline for the query 'healthcare data breach 2026'"
- "Rotate the Tor circuit to get a new exit IP"
- "Check which of the 18 dark web search engines are currently online"

Troubleshooting Tor Network Access

check_tor.py fails with connection refused or SOCKS proxy error

Ensure the Tor daemon is running: `ps aux | grep tor` on macOS/Linux. On macOS run `tor &` or `brew services start tor`. Verify TOR_SOCKS_PORT=9050 in your .env matches Tor's actual SocksPort (check /etc/tor/torrc or ~/.torrc).

renew.py fails to rotate the Tor circuit

Circuit rotation requires the Tor control port (9051) to be enabled and accessible. Edit your torrc file to add `ControlPort 9051` and optionally set `CookieAuthentication 1`. Restart Tor after changing torrc. Set TOR_CONTROL_PASSWORD in .env if you configured a hashed password.

ask.py or pipeline.py fails with LLM provider error

Verify your LLM_PROVIDER and corresponding API key are set in .env. Valid providers are: openai, anthropic, gemini, ollama, llamacpp. For fully local inference without API costs, set LLM_PROVIDER=ollama and ensure Ollama is running locally with a model pulled (e.g. `ollama pull llama3`).

Frequently Asked Questions about Tor Network Access

What is Tor Network Access?

Tor Network Access is a Model Context Protocol (MCP) server that provide ai agents with full tor network access and dark web data through a zero-config openclaw skill or standalone tool. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install Tor Network Access?

Follow the installation instructions on the Tor Network Access GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with Tor Network Access?

Tor Network Access works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is Tor Network Access free to use?

Yes, Tor Network Access is open source and available under the NOASSERTION license. You can use it freely in both personal and commercial projects.

Tor Network Access Alternatives — Similar Security Servers

Looking for alternatives to Tor Network Access? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "onionclaw": { "command": "npx", "args": ["-y", "onionclaw"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use Tor Network Access?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides