Nmap Development mailing list archives

Re: Nmap Port Scan through Proxy - How to !!

From: "DePriest, Jason R." <jrdepriest () gmail com>
Date: Mon, 28 Jan 2008 22:57:17 -0600

On Jan 28, 2008 10:33 PM, Nikhil Wagholikar  wrote:

Hello Mailing List,

I am an Information Security Analyst at one of India's Information
Security companies. I am into VAPT since long time. However I never
came across a situation in which I had to do reconnaissance phase i.e.
network scanning using NMAP through a proxy server.

The organization in which I am currently carrying out Vulnerability
Assessment, has a internal proxy server for accessing everything
within as well as outside the organization. Since I have to carry out
port scan for some machines within the network (intranet) and some
machines outside the organization (over internet), I am interested in
knowing, how can I run NMAP scans through a proxy?

Even the current version of Nmap i.e. Nmap V4.53 doesn't have option
on command line, about running a scan through a proxy.

Can you kindly guide, how to handle this situation i.e. running port
scan using NMAP through proxy (HTTP/HTTPS/SOCKS5).

Thank you.

----
NIKHIL


I don't know of a reliable way to do this.  You may end up scanning
the interface of the proxy server instead of your target depending on
how the proxy works.

You could also just get wildly inaccurate results because of the
clean-up that some proxies perform... heck it might just serve up a
cached version of the site you are trying to scan.

That said, you can search around for a good generic proxy tunnel tool.
 Have it create a tunnel and for nmap to scan through it.  That might
be complicated depending on how the tunneler works.

I'm sure someone on this list has had experience using one.

The only tunneling I've done through a proxy is to get ssh working
with corkscrew or with a commercial applet for Windows (Hummingbird).

My suggestion is to scan the inside systems from the inside and the
outside systems from the outside (or from the same DMZ preferably if
you have access to it).

-Jason

-- 
NOTICE:  Reading this email message requires root privileges which you
do not appear to possess. Sorry, dude.

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Nmap Port Scan through Proxy - How to !! Nikhil Wagholikar (Jan 28)
- Re: Nmap Port Scan through Proxy - How to !! DePriest, Jason R. (Jan 28)
- RE: Nmap Port Scan through Proxy - How to !! Dario Ciccarone (dciccaro) (Jan 28)