Self-hosted media automation, honestly reviewed. No marketing fluff, just what you get when you self-host it.

TL;DR

What it is: Open-source (GPL-3.0) web application that automatically searches, downloads, and organizes TV shows and movies via torrent indexers — all in one container stack [README].
Who it’s for: Non-technical self-hosters who want Sonarr/Radarr functionality without wiring together five separate apps. If you want one URL, one UI, and one docker-compose up, nefarious is the pitch [README].
Cost savings: Plex Pass runs $119.99/year; cable bundles run $100+/month; streaming services stack up to $50–100+/month across Netflix, Max, Disney+, Hulu. A $5–10/mo VPS running nefarious replaces the download-side of that equation entirely [README].
Key strength: Single docker-compose setup that bundles Jackett (indexer proxy), Transmission (downloader), and the nefarious web UI in one stack. No separate installs, no cross-service API wiring [README].
Key weakness: 1,224 GitHub stars as of this writing — a fraction of the *arr ecosystem’s user base. Less community support, fewer integrations, and slower development velocity than Sonarr or Radarr [README].
Third-party reviews: None found. The search results for “nefarious” are dominated by a 2023 Christian horror film of the same name. All analysis in this review is drawn from the project’s own documentation and GitHub repository.

What is nefarious

nefarious is a self-hosted web application that does one thing: automatically download TV shows and movies. You search for content, tell it what quality you want, and it handles the rest — finding torrents via Jackett, handing them to Transmission, downloading them to your drive, and renaming the files correctly when they land [README].

The project has been around long enough to accumulate real features and a working auto-update system. It sits at 1,224 GitHub stars, which in the self-hosted media space puts it firmly in the “niche but functional” category — well below Sonarr’s tens of thousands of stars, but above hobby projects that died after three commits [README].

The honest pitch is this: the *arr ecosystem (Sonarr for TV, Radarr for movies, Jackett for indexers, Prowlarr as an alternative, Transmission or qBittorrent as a client, plus Overseerr for requests) is powerful but requires you to configure five separate apps, maintain five sets of API keys, and troubleshoot five different UIs when something breaks. nefarious bundles the equivalent of Sonarr + Radarr + Jackett + Transmission into a single stack [README]. You trade configurability for simplicity.

Why people choose it

No usable third-party reviews exist for this tool — every “nefarious review” in the search index is about the 2023 Sean Patrick Flanery film. So the “why” here comes from the project’s own design choices and what the README reveals about its intended audience.

The pattern is recognizable: someone sets up the full *arr stack, spends a weekend debugging API connections between Sonarr and Jackett and Transmission and Overseerr, and then wonders why a simple “download this show automatically” use case required configuring four separate services. nefarious is the answer to that frustration. One docker-compose file, one admin UI, one place to look when something goes wrong [README].

The VPN integration is a notable differentiator. Most *arr guides treat VPN as an afterthought — you route your torrent client through a VPN separately, or you run a VPN killswitch at the OS level, and then you hope the pieces stay connected. nefarious ships VPN integration as a documented, first-class feature in the setup guide (see VPN.md) [README]. For non-technical users worried about their ISP seeing torrent traffic, this matters.

The quality profile system is comparable to what Sonarr/Radarr offer: set “1080p for movies, 720p for TV” and the app applies it automatically rather than requiring you to configure per-show preferences [README].

Features

Based on the README and website documentation [README]:

Search and discovery:

Search TV and movies by title, popularity, genre, year
Discover content via The Movie Database (TMDB) and Rotten Tomatoes
Find similar and recommended titles from within the app
Movie trailers embedded in the UI
Multi-language support (TMDB’s internationalized titles, descriptions, and artwork)

Download automation:

Auto-download new TV episodes as they release
Quality profiles (e.g., 1080p movies, 720p TV) applied globally or per-title
Manual search of raw Jackett results when automated matching fails
Blacklist specific torrents permanently (bad rips, fakes, corrupted files)
Spam/fake content autodetection — the project has a specific PR for this [README]
“Stuck” torrent detection: automatically blacklists torrents that fail to complete after a configurable number of days
Auto-subtitle downloads via OpenSubtitles API
Filter by subtitle type (avoid hardcoded subtitles if you prefer external .srt files)
Keyword filters: globally ignore releases tagged “x265”, “hevc”, or any other codec/release-group string

Library management:

Automatic file renaming after download
Import existing media libraries (for adding nefarious on top of files you already have)
“Wanted” list — content queued but not yet found
“Watching” status tracking

Infrastructure:

Docker + docker-compose deployment
Self/auto-updating application — containers pull latest version automatically
Multi-user support with admin and regular user permission groups
REST API available [merged profile]
Notification support via Apprise (covers Slack, Telegram, Discord, email, and dozens of others)
Responsive UI — works on mobile

Download monitoring:

Transmission status visible from within nefarious — you don’t need to open the Transmission UI separately
Progress tracking per title

Pricing: SaaS vs self-hosted math

nefarious itself is free software (GPL-3.0). The cost is infrastructure.

nefarious stack cost:

nefarious license: $0 [README]
VPS to run it: $5–10/mo (Hetzner, Contabo, DigitalOcean)
Storage: depends on your library size. A 1TB VPS volume runs $5–10/mo on most providers, or attach a $10/mo external block storage

What you’re replacing:

Streaming subscriptions are the comparison that matters here, not SaaS automation tools. Netflix standard with ads is $7/mo; without ads $15/mo. Max is $10–16/mo. Disney+ is $8–14/mo. Hulu is $8–18/mo. A household running Netflix + Max + Disney+ is spending $25–50/month minimum, and that’s before “I wanted that specific film” subscriptions like Mubi or Criterion Channel.

nefarious doesn’t replace streaming catalogs directly — it automates torrent downloads, which is a different and legally distinct category. But the economic comparison is why people in r/selfhosted run this setup: a $6 VPS plus a storage volume is a fixed monthly cost, not a per-title or per-service subscription that compounds as studios fragment their libraries across more platforms.

There is no pricing page for nefarious because there is no paid tier. Data unavailable on hosted or managed versions — none appear to exist.

Deployment reality check

Setup is documented in two parts and is more involved than single-service Docker installs [README].

What you deploy:

nefarious (the web UI and application logic)
Jackett (torrent indexer proxy — the thing that actually searches The Pirate Bay, 1337x, and other sites)
Transmission (torrent client — the thing that actually downloads)

All three run from one docker-compose.yml. The .env file handles configuration — the README explicitly says you should never need to edit docker-compose.yml directly [README].

Minimum required steps after docker-compose up:

Wait for first-start to complete (noted as taking “a few minutes”) [README]
Log in with default admin/admin credentials
Open Jackett at http://localhost:9117, copy the API token
Paste that API token into nefarious settings
Add indexers in Jackett (The Pirate Bay, 1337x, etc.) and test them
Verify Transmission connection in nefarious settings
Save and verify settings

This is more setup steps than a single-service Docker app but significantly fewer than deploying Sonarr, Radarr, Jackett, and a download client separately.

VPN setup: Documented separately in VPN.md. Not configured by default — you opt in [README].

Storage: You set HOST_DOWNLOAD_PATH in .env to point at your download directory. Persistent volumes mean upgrades don’t wipe your library [README].

Low-powered systems: Documented separately in SBC.md for Raspberry Pi and similar hardware [README]. The stack runs on a Pi, though performance on the Jackett search side can be sluggish on older single-board hardware.

What can go sideways:

Jackett indexers break frequently — they’re scrapers of sites that actively change their HTML. Expect to occasionally debug a broken indexer.
Transmission’s default configuration is minimal. If you want per-torrent speed limits, watch-folders, or specific peer settings, you configure transmission-settings.json before first launch and recreate the container [README].
No official support channel beyond GitHub issues. 1,224 stars is not enough community mass for a busy forum or Discord server.

Realistic time estimate for someone comfortable with Docker: 45–90 minutes to a working instance. For someone following a guide for the first time: 3–5 hours including VPN setup, indexer configuration, and storage routing.

Pros and Cons

Pros

Single stack simplicity. One docker-compose file deploys the entire pipeline — indexer proxy, torrent client, and web UI. No inter-service API wiring [README].
GPL-3.0 license. Fully open source. No usage restrictions, no “fair-code” limitations, no commercial licensing tier [README].
VPN integration as a first-class feature. Documented in the official setup guide, not an afterthought [README].
Spam/fake content autodetection. Automatically blacklists bad torrents — a real quality-of-life feature for anyone who has downloaded a virus-laced “1080p” release [README].
Stuck torrent detection. Configurable auto-blacklist for torrents that stall indefinitely [README].
Apprise notifications. One library covers Slack, Telegram, Discord, email, and dozens of other services without requiring separate integrations per channel [README].
Self-updating. The application keeps itself current without manual intervention [README].
Multi-user support. Admin and regular user groups — usable for household deployments where you don’t want everyone to have admin access [README].
Existing library import. Doesn’t require starting from zero — can index files you already have [README].

Cons

Small community. 1,224 GitHub stars means limited community documentation, fewer tutorials, and slower bug response compared to the *arr ecosystem [README].
*Less configurable than arr. Sonarr and Radarr expose granular control over release profiles, custom formats, quality cutoffs, and indexer priority. nefarious is opinionated — you get quality profiles and keyword filters, not the full release profile engine [README].
Jackett dependency is fragile. Jackett’s indexers scrape public sites and break when those sites change. This is a Jackett problem, not a nefarious problem — but nefarious ships Jackett, so you own the maintenance [README].
No Prowlarr support mentioned. Prowlarr is the newer, more actively maintained indexer manager that the *arr ecosystem has largely migrated to. nefarious ships Jackett, which is older [README].
No third-party reviews exist. The search space for “nefarious” is dominated by a 2023 film. If you run into a problem that isn’t in the GitHub issues, you’re largely on your own.
Transmission only. The stack bundles Transmission. If you prefer qBittorrent or rTorrent, you’ll need to modify the setup [README].
Auto-update can surprise you. “Self-updating application” means a container restart might change behavior. For a media server you configure once and forget, this is usually fine. For a production environment, it’s something to be aware of [README].

Who Should Use This / Who Shouldn’t

Use nefarious if:

You want automated media downloads without learning five separate applications.
You’ve tried the full *arr stack and found the configuration overhead not worth it for your use case.
You want VPN integration handled at the stack level, not bolted on externally.
You’re comfortable with Docker and can follow a README.
You’re deploying for a household where one admin manages everything and other users just search and request.

Skip it (use Sonarr + Radarr instead) if:

You need granular release profiles, custom format scoring, or quality cutoffs with fallback logic.
You want an active community forum and hundreds of existing guides.
You’re running Plex or Jellyfin and want native request management via Overseerr or Jellyseerr.
Your media library is large and you need fine-grained per-show or per-movie quality management.
You want to migrate from Jackett to Prowlarr (actively maintained, growing replacement).

Skip it (use a streaming service) if:

You’re not comfortable managing a Linux server and don’t want to learn.
Your time costs more than $20/month.
You only want a few titles per month — at that scale, one streaming subscription is simpler.

Alternatives Worth Considering

Sonarr — the standard for automated TV show downloads. More complex to set up (separate from your movie tool and torrent client), but far more configurable and with a large community. Works with Jackett, Prowlarr, and any supported torrent client.
Radarr — Sonarr’s sister project for movies. Same ecosystem, same community, same setup pattern.
Prowlarr — the indexer manager replacing Jackett in the modern *arr stack. Integrates directly with Sonarr and Radarr without requiring per-app API key configuration.
Overseerr / Jellyseerr — request management UIs that sit on top of the *arr stack and let household members request content without admin access. More polished than nefarious’s built-in multi-user system for larger households.
Medusa — another all-in-one alternative to nefarious, focused on TV only, with a longer history and more active community.
Mylar3 — the comic book download equivalent, if that’s your use case.

For a non-technical user who wants to avoid the *arr configuration maze, the realistic shortlist is nefarious vs. paying someone to set up Sonarr + Radarr for you. nefarious wins on upfront simplicity. Sonarr/Radarr win on long-term flexibility and community support.

Bottom Line

nefarious does what it says: one docker-compose file, and you have automated movie and TV show downloads with a web UI, quality profiles, VPN support, and notification integration. The value proposition is real — it’s the “I just want it to work” alternative to a full *arr stack deployment, and for a household with straightforward needs, that’s enough.

The honest limitation is community size. 1,224 stars is a small user base, and when the third result for “nefarious review” is a Christian horror film, you can infer that the community documentation ecosystem is thin. You’re betting on a project that has delivered real features but doesn’t have the critical mass that Sonarr or Radarr do. For a personal or household media server where you can tolerate occasional manual intervention, that’s an acceptable trade. For something you need to run reliably and diagnose quickly when it breaks, the larger *arr ecosystem is the safer bet.

If the Docker setup is the blocker, that’s exactly what upready.dev deploys for clients.

Sources

Primary sources (all analysis derived from):

[README] nefarious GitHub Repository and README. https://github.com/lardbit/nefarious (1,224 stars, GPL-3.0 license)
[merged profile] nefarious project profile and feature data. https://lardbit.github.io/nefarious/

Note: No usable third-party reviews of the nefarious software tool were found. Search results for “nefarious review” return reviews of a 2023 film of the same name. All claims in this article are sourced from the project’s official documentation.

Features

Integrations & APIs

REST API

Related Media & Streaming Tools

View all 334 →

Immich

95K

High-performance self-hosted photo and video management — automatic backup, ML-powered search, and a Google Photos-like experience on your own server.

media AGPL-3.0

Jellyfin

49K

The volunteer-built media solution that puts you in control of your media. Stream movies, shows, music, and photos to any device from your own server.

media GPL-2.0