➡️ Documentation | Discord | Installation Guide ⬅️

Disclaimer: This tool is intended for educational and research purposes only. Unauthorized use of this tool is prohibited. Use it responsibly and at your own risk.

capNcook is a Python Flask-based web application designed for dark web exploration.

"What about anonymity?"

That's the point. You don't need to worry about it now, our tool utilizes tor for anonymity and privacy, identifies entry and exit nodes while esthablishing a tor circuit, rebuild the tor circuit each time you run the tool and flush old circuits.

The tool employs efficient multi-threading in Python to enhance performance 🚀

Live implementation of different tools and techniques to explore and do basic recon on hidden services over TOR

• Search Over Tor: Utilize different search engines on the dark web to find relevant onion domains.

• Anonymity and Privacy: Identify entry and exit nodes to ensure anonymity and privacy when interacting with onion domains. The tool includes circuit rebuilding to maintain security.

• TOR Whois Information: Retrieve WHOIS information for onion domains.

• Screenshots: Capture screenshots and grab response headers of .onion sites.

• Subdirectories: Identify and list subdirectories of onion web-servers.

• Python 3 [sudo apt install python3]
• Python3-pip [sudo apt install python3-pip]
• Flask
• Stem
• Requests
• BeautifulSoup
• Termcolor
• Dotenv
• AquaTone (for screenshot functionality)
• FeroxBuster (for enumeration functionality)
• Tor [sudo apt install tor]
• WhoIS [sudo apt install whois]
• Proxychains [sudo apt install proxychains4]
• Jq - process json data
• Chromium [sudo apt install chromium]

If you're having trouble with setting up capNcook, read this.

You can run capNcook -

1. Run with flask flask run
2. Normal way with python3 python3 app.py

• This is the main interface of tool, select your preferred search engine and you can search using keywords like you'd do over any normal search engine and it'll list domains related to the keyword.

• In onion_check, it'll grab the site's title and description, its status code, and based on the status code it'll filter it as active / inactive.

• In recon, it's doing recon using torwhois database to pull info regarding each listed onion domain if available.

• In headers, it's taking screenshots and grabbing server response headers, often reveals the technology or programming language used to build the web application via header like X-Powered-By, It may include information about the underlying frameworks or CMS (Content Management System) being used. The Server header typically indicates the software and version running on the server.

• In enumeration, it's doing basic directory fuzzing for each onion domain using the wordlist.txt

Don't be afraid to contribute! We have many, many things you can do to help out. If you're trying to contribute but stuck, tag @hoodietramp, join our discord server ✨

Contributions are welcome, but ensure they align with ethical use. If you encounter issues, please report them on the GitHub repository.

By doing so, you'll get your name added to the README below and get to be a part of an ever-growing project

The contributions will be used to fund not only the future of capNcook and its authors, but also Cyber Security Club at the PIET College, Panipat, India.

Thanks goes to these wonderful people (emoji key):

Mr. Holmes 🎨 🚧 🧑‍🏫 💻 🤔

0day 🧑‍🏫 📣 🤔

This project follows the all-contributors specification. Contributions of any kind welcome!

This tool is provided for educational purposes only. The developers are not responsible for any misuse or illegal activities conducted with this tool. Use it responsibly and ethically 🙏