TorBot Review

Dark web investigation starts with a lead—a marketplace page, leak site, forum thread, or contact page.

You ask: what is this site connected to? The problem is .onion research isn't linear.

Services link to mirrors, related forums, escrow pages, support portals, clearnet contacts, and adjacent infrastructure. You miss the ecosystem if you review one page manually. Operators hide in complexity; that's the nature of the dark web.

That is where TorBot is useful.

Onion sites are not indexed here, and no dark web search results are provided. The service is a Tor crawler designed for scraping .onion sites, collecting links, emails, and page text. As users navigate, relationship maps are formed, which is sufficient for some analysts.

What TorBot Does

TorBot crawls the dark web, starting with a seed URL, routing traffic through Tor. It visits .onion sites, extracts links, content, and emails, and saves them locally.

The power of TorBot lies in its recursive crawling capability. It doesn't stop at page one. Instead, it follows .onion links and maps infrastructure, providing a site's connections, including support portals, mirrors, and vendor pages.

TorBot also crawls clearnet URLs, which is useful when dark web sites link to surface-web resources. This keeps your collection path consistent. While it's not a general web crawler, it's handy for dark web investigations that spill into clearnet.

TorBot serves as a discovery tool, giving analysts a raw map of what's reachable from a dark web target.

What TorBot Extracts

The link graph is the best part.

Every internal and external URL becomes a node in a relationship map, helping analysts see how a target site connects to other .onion services or clearnet destinations. Infrastructure context emerges. A forum may link to an admin contact page, a mirror network, or a payment service.

The graph is useful; it identifies related services worth reviewing next. These services include related forums, payment services, and mirror networks.

Email extraction is another practical output. TorBot harvests email addresses from crawled page content, which is especially useful on dark web targets. Email addresses appear in vendor pages, service descriptions, and forum posts. These addresses can be pivots for broader OSINT, breach checking, or attribution work, such as vendor pages, service descriptions, forum posts.

Saved page content and metadata are also important. Dark web services are unstable; pages disappear, and domains rotate. Saving content locally provides a timestamped snapshot and preserves evidence that would otherwise vanish.

TorBot's output is raw, but it is useful raw. The output includes links, contacts, and content snapshots.

Operational Security and Tor Dependency

TorBot requires Tor. Good design.

The tool checks Tor connectivity first. No connection, no crawl. This prevents accidental direct hits on dark web targets. Simple mistakes in dark web ops can be costly: wrong proxies, mixed traffic, or a host that's not isolated.

Run TorBot in an isolated VM or container. Dark web crawling shouldn't share a machine with your daily work. This reduces fingerprinting risk and contains any content or scripts you collect. Tor alone isn't enough; isolation is key.

Crawl settings are important. Thread counts, delays, and depth limits affect performance and control your visibility on the target. On sensitive sites, aggressive crawling can be noisy or unstable. Treat these settings as safety features, not just speed tweaks.

Misused, a crawler makes noise. Used with care, it's a precise collection tool.

Limitations

The first limitation is dark web volatility.

.onion services disappear constantly, they change addresses, rotate mirrors, or become unreachable between sessions. TorBot collects what it can while it's up, but sessions get interrupted and you lose your place.

The tool doesn't solve the underlying instability; it starts over when it drops, and there is no crawl-resume mechanism.

TorBot gives you output, including links, emails, and content. It doesn't tell you what's important. You have to determine which ones are real targets and which pages have value.

Dark web crawling isn't neutral everywhere; laws vary. Collection methods matter, and who's doing it matters. You should know the rules before you crawl.

Verdict

TorBot helps you map a dark web site's infrastructure. Preserve what's exposed before it vanishes.

TorBot's best feature is recursive link graphing. Start with one .onion service, then walk outward to related sites, mirrors, support pages, and contact channels. This helps you move from page review to ecosystem mapping. The tool also offers email extraction and local content saving.

The output is raw collection, not finished intelligence. Disciplined review, opsec, and legal boundaries are still your job. For analysts who need a Tor-routed crawler focused on .onion mapping and evidence capture, TorBot is useful.