Nmap Development mailing list archives
Re: CALL FOR TESTING: new port scanning subsystem (allows scanning behind proxies, including Tor!)
From: David Fifield <david () bamsoftware com>
Date: Sat, 4 Jul 2015 14:12:05 -0700
On Fri, Jul 03, 2015 at 02:24:27PM +0200, Jacek Wielemborek wrote:
======================== BUILDING INSTRUCTIONS ========================= This is the same as in [1]: 1. Pull my nmap-nsock-ultrascan branch: svn co https://svn.nmap.org/nmap-exp/d33tah/nmap-nsock-ultrascan 2. Enter nmap-nsock-ultrascan directory and build Nmap: cd nmap-nsock-ultrascan ; ./configure && make 3. If all went well, try a simple -sT scan: ./nmap -sT scanme.nmap.org ========================== HOW TO TEST IT ============================== Apart from a simple -sT scan I mentioned in step 3 of "BUILDING INSTRUCTIONS", I would definitely welcome trying out more complicated test scenarios. One of the features that my modifications enable is performing port scanning behind proxies. I only scanned it using SOCKS4 server built into Tor - to repeat that, you can run the "tor" command in the background and execute the following line to scan scanme.nmap.org: ./nmap -sT --proxy socks4://localhost:9050 scanme.nmap.org
It worked for me. Without a proxy, it took 3.95 seconds to find 3 open ports, 6 filtered, and 991 closed. With a Tor proxy, it took 155 seconds to find 3 open ports and 997 closed|filtered ports. "socks4://localhost:9050" did not work ("Cannot initialize proxy node"), probably because localhost can resolve to an IPv6 address for me. It worked with "socks4://127.0.0.1:9050". $ ./nmap -sT scanme.nmap.org Starting Nmap 6.49SVN ( https://nmap.org ) at 2015-07-04 13:45 PDT Nmap scan report for scanme.nmap.org (45.33.32.156) Host is up (0.097s latency). Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f rDNS record for 45.33.32.156: li982-156.members.linode.com Not shown: 991 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 3006/tcp filtered deslogind 7741/tcp filtered scriptview 8654/tcp filtered unknown 9929/tcp open nping-echo 14000/tcp filtered scotty-ft Nmap done: 1 IP address (1 host up) scanned in 3.95 seconds $ ./nmap -sT --proxy socks4://localhost:9050 scanme.nmap.org Cannot initialize proxy node socks4://localhost:9050 QUITTING! $ ./nmap -sT --proxy socks4://127.0.0.1:9050 scanme.nmap.org Starting Nmap 6.49SVN ( https://nmap.org ) at 2015-07-04 13:47 PDT Nmap scan report for scanme.nmap.org (45.33.32.156) Host is up (0.61s latency). Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f rDNS record for 45.33.32.156: li982-156.members.linode.com Not shown: 997 closed|filtered ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 9929/tcp open nping-echo Nmap done: 1 IP address (1 host up) scanned in 155.06 seconds _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- CALL FOR TESTING: new port scanning subsystem (allows scanning behind proxies, including Tor!) Jacek Wielemborek (Jul 03)
- Message not available
- Message not available
- Re: [tor-talk] Fwd: CALL FOR TESTING: new port scanning subsystem (allows scanning behind proxies, including Tor!) Jacek Wielemborek (Jul 03)
- Re: [tor-talk] Fwd: CALL FOR TESTING: new port scanning subsystem (allows scanning behind proxies, including Tor!) Jasey DePriest (Jul 03)
- Re: [tor-talk] Fwd: CALL FOR TESTING: new port scanning subsystem (allows scanning behind proxies, including Tor!) Daniel Miller (Jul 03)
- Re: [tor-talk] Fwd: CALL FOR TESTING: new port scanning subsystem (allows scanning behind proxies, including Tor!) David Fifield (Jul 04)
- Message not available
- Message not available
- Re: CALL FOR TESTING: new port scanning subsystem (allows scanning behind proxies, including Tor!) David Fifield (Jul 04)
- Re: CALL FOR TESTING: new port scanning subsystem (allows scanning behind proxies, including Tor!) Jacek Wielemborek (Jul 04)
- Re: CALL FOR TESTING: new port scanning subsystem (allows scanning behind proxies, including Tor!) David Fifield (Jul 04)
- Re: CALL FOR TESTING: new port scanning subsystem (allows scanning behind proxies, including Tor!) Jacek Wielemborek (Jul 14)
- Re: CALL FOR TESTING: new port scanning subsystem (allows scanning behind proxies, including Tor!) Jacek Wielemborek (Jul 04)
- Re: CALL FOR TESTING: new port scanning subsystem (allows scanning behind proxies, including Tor!) David Fifield (Jul 04)
- Re: CALL FOR TESTING: new port scanning subsystem (allows scanning behind proxies, including Tor!) Jacek Wielemborek (Jul 04)