Install Tor + Nmap + ProxyChains

To perform an anonymous port scanning, we need to install the following tools:

Package Description
tor Anonymizing overlay network for TCP
nmap Network port scanner
proxychains Redirect connections through proxy servers

Tor

Install Tor from the standard repositories:

$ sudo apt-get install tor

Nmap

$ sudo apt-get install nmap

ProxyChains

$ sudo apt-get install proxychains

ProxyChains is already configured to use Tor by default.

You can verify this by looking up /etc/proxychains.conf.

The last lines should be like these:

[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
socks4 127.0.0.1 9050

Anonymous Port Scanning Through Tor

Run the following command to perform an anonymous Nmap scanning through Tor network:

$ proxychains nmap -sT -PN -n -sV -p 80,443,21,22 217.xx.xx.xx
ProxyChains-3.1 (http://proxychains.sf.net)

Starting Nmap 6.00 ( http://nmap.org ) at 2014-03-24 17:34 EET
|S-chain|-<>-127.0.0.1:9050-<><>-217.xx.xx.xx:443-<><>-OK
|S-chain|-<>-127.0.0.1:9050-<><>-217.xx.xx.xx:21-<><>-OK
|S-chain|-<>-127.0.0.1:9050-<><>-217.xx.xx.xx:80-<><>-OK
|S-chain|-<>-127.0.0.1:9050-<><>-217.xx.xx.xx:22-<--denied

Nmap scan report for 217.xx.xx.xx
Host is up (0.14s latency).
PORT    STATE  SERVICE  VERSION
21/tcp  open   ftp      Pure-FTPd
22/tcp  closed ssh
80/tcp  open   http     Apache httpd 2.2.26 ((CentOS))
443/tcp open   ssl/http Apache httpd 2.2.26 ((CentOS))

In the scan log we can see the ‘chain’ that goes from Tor-proxy (127.0.0.1:9050) to our scanned host (217.xx.xx.xx).

Nmap Through Tor: Get Round Blocked Endpoints

It is possible that we will encounter a situation where scan fails, because Tor endpoints are blocked.

The solution may be in adding common public proxy server to the ‘chain’.

We can do that by simply editing the /etc/proxychains.conf and adding a new entry at the end of the [ProxyList] (be sure that random_chain option is disabled).

[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
socks4  127.0.0.1 9050
socks4 115.71.237.212 1080

The new ‘chain’ goes through the Tor-proxy (127.0.0.1:9050) to some public proxy server (115.71.237.212:1080) and then to our scanned host (217.xx.xx.xx).

$ proxychains nmap -sT -PN -n -sV -p 21 217.xx.xx.xx
ProxyChains-3.1 (http://proxychains.sf.net)

Starting Nmap 6.00 ( http://nmap.org ) at 2014-03-25 11:05 EET
|S-chain|-<>-127.0.0.1:9050-<>-115.71.237.212:1080-<><>-217.xx.xx.xx:21-<><>-OK
|S-chain|-<>-127.0.0.1:9050-<>-115.71.237.212:1080-<><>-217.xx.xx.xx:21-<><>-OK
Nmap scan report for 217.xx.xx.xx
Host is up (1.2s latency).
PORT   STATE SERVICE VERSION
21/tcp open  ftp     Pure-FTPd

In the examples above, i run Nmap with the following options:

Option Description
-sT full TCP connection scan
-PN do not perform host discovery
-n never perform DNS resolution (to prevent DNS leaks)
-sV determine service version/info
-p ports to scan

Scanning through Tor is very slow. That is why, i’ve scanned only several specified ports in the examples above.

Lists of Free Public Proxy Servers

Even if you are using proxy, all your DNS queries still go to the DNS server of your ISP.

To prevent DNS leaks, use tor-resolve command to resolve a hostname to an IP address via Tor network:

$ tor-resolve google.com
173.194.34.174
Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

DOS and Linux Commands

Table C-1. Similar Commands Command's Purpose MS-DOS Linux Basic Linux Example...
When does LVE manager Loading and not working?

Permission problems Similarly, wrong permissions also create problems. For instance, in one of...
Reinstall Apache in cpanel
rebuildhttpdconf Apache in cpanel

# cd /etc/ # mv apache2 apache2bk # yum reinstall ea-apache* -y # /scripts/rebuildhttpdconf #...
Can't delete file in linux/centos? or Operation not permitted

if you are unable to delete the file from the root in centos or any Linux then follow this...