Nmap Development mailing list archives
Re: [tor-talk] Fwd: CALL FOR TESTING: new port scanning subsystem (allows scanning behind proxies, including Tor!)
From: David Fifield <david () bamsoftware com>
Date: Sat, 4 Jul 2015 08:20:52 -0700
On Fri, Jul 03, 2015 at 11:25:26PM +0200, Jacek Wielemborek wrote:
W dniu 03.07.2015 o 22:01, grarpamp pisze:One of the features that my modifications enable is performing port scanning behind proxies. I only scanned it using SOCKS4 server built into Tor ./nmap -sT --proxy socks4://localhost:9050 scanme.nmap.org Please do note that even though port scanning within Tor is possible, you cannot scan .onion names due to lack of SOCKS4A support.SOCKS4 and SOCKS4A are old and deprecated and should not be implemented (unless you're also implementing the current SOCKS5 and adding in 4/4A as a bonus). Tor supports SOCKS5 (and the deprecated 4/4A but it will complain). So scanning onions and anything else by name should be possible. SOCKS5 also supports IPv6 which is becoming the way of things. Therefore, implement SOCKS5 :)I think that SOCKS5 support within Nsock library (on which my modification depends) is planned. SOCKS5 also supports UDP, so it could bring even more benefits. For now, SOCKS4 has to do though.
Yeah. Jacek's post wasn't about adding proxy support to Nmap per se--Nmap has been able to use a proxy for certain operations for quite some time now, through the --proxies command line option. The proxy support worked for things like version detection and NSE (Nmap Scripting Engine), but it notably did not work for port scanning, because the port-scanning code in Nmap uses sockets much differently than the rest of it. Jacek's patch is about overcoming certain architectural difficulties and extending proxy support to the port scanning phase too. The patch doesn't actually add new SOCKS code to Nmap. It just uses what is already there. Supporting SOCKS5 is a good project but it is separate from this one. Doing domain name resolution through the proxy (which would prevent DNS leaks and enable scanning of onion sites) is also a separate and kind of large project. Many parts of Nmap's code assume that they have an IP address to work with, so it will take some rearchitecting too. _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- CALL FOR TESTING: new port scanning subsystem (allows scanning behind proxies, including Tor!) Jacek Wielemborek (Jul 03)
- Message not available
- Message not available
- Re: [tor-talk] Fwd: CALL FOR TESTING: new port scanning subsystem (allows scanning behind proxies, including Tor!) Jacek Wielemborek (Jul 03)
- Re: [tor-talk] Fwd: CALL FOR TESTING: new port scanning subsystem (allows scanning behind proxies, including Tor!) Jasey DePriest (Jul 03)
- Re: [tor-talk] Fwd: CALL FOR TESTING: new port scanning subsystem (allows scanning behind proxies, including Tor!) Daniel Miller (Jul 03)
- Re: [tor-talk] Fwd: CALL FOR TESTING: new port scanning subsystem (allows scanning behind proxies, including Tor!) David Fifield (Jul 04)
- Message not available
- Message not available
- Re: CALL FOR TESTING: new port scanning subsystem (allows scanning behind proxies, including Tor!) David Fifield (Jul 04)
- Re: CALL FOR TESTING: new port scanning subsystem (allows scanning behind proxies, including Tor!) Jacek Wielemborek (Jul 04)
- Re: CALL FOR TESTING: new port scanning subsystem (allows scanning behind proxies, including Tor!) David Fifield (Jul 04)
- Re: CALL FOR TESTING: new port scanning subsystem (allows scanning behind proxies, including Tor!) Jacek Wielemborek (Jul 14)
- Re: CALL FOR TESTING: new port scanning subsystem (allows scanning behind proxies, including Tor!) Jacek Wielemborek (Jul 04)
- Re: CALL FOR TESTING: new port scanning subsystem (allows scanning behind proxies, including Tor!) David Fifield (Jul 04)
- Re: CALL FOR TESTING: new port scanning subsystem (allows scanning behind proxies, including Tor!) Jacek Wielemborek (Jul 04)