Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CALL FOR TESTING: new port scanning subsystem (allows scanning behind proxies, including Tor!)

From: David Fifield <david () bamsoftware com>
Date: Sat, 4 Jul 2015 14:12:05 -0700
On Fri, Jul 03, 2015 at 02:24:27PM +0200, Jacek Wielemborek wrote:

======================== BUILDING INSTRUCTIONS =========================

This is the same as in [1]:

1. Pull my nmap-nsock-ultrascan branch:

svn co https://svn.nmap.org/nmap-exp/d33tah/nmap-nsock-ultrascan

2. Enter nmap-nsock-ultrascan directory and build Nmap:

cd nmap-nsock-ultrascan ; ./configure && make

3. If all went well, try a simple -sT scan:

./nmap -sT scanme.nmap.org

========================== HOW TO TEST IT ==============================

Apart from a simple -sT scan I mentioned in step 3 of "BUILDING
INSTRUCTIONS", I would definitely welcome trying out more complicated
test scenarios.

One of the features that my modifications enable is performing port
scanning behind proxies. I only scanned it using SOCKS4 server built
into Tor - to repeat that, you can run the "tor" command in the
background and execute the following line to scan scanme.nmap.org:

./nmap -sT --proxy socks4://localhost:9050 scanme.nmap.org


It worked for me. Without a proxy, it took 3.95 seconds to find 3 open
ports, 6 filtered, and 991 closed. With a Tor proxy, it took 155 seconds
to find 3 open ports and 997 closed|filtered ports.

"socks4://localhost:9050" did not work ("Cannot initialize proxy node"),
probably because localhost can resolve to an IPv6 address for me. It
worked with "socks4://127.0.0.1:9050".


$ ./nmap -sT scanme.nmap.org

Starting Nmap 6.49SVN ( https://nmap.org ) at 2015-07-04 13:45 PDT
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.097s latency).
Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f
rDNS record for 45.33.32.156: li982-156.members.linode.com
Not shown: 991 closed ports
PORT      STATE    SERVICE
22/tcp    open     ssh
80/tcp    open     http
139/tcp   filtered netbios-ssn
445/tcp   filtered microsoft-ds
3006/tcp  filtered deslogind
7741/tcp  filtered scriptview
8654/tcp  filtered unknown
9929/tcp  open     nping-echo
14000/tcp filtered scotty-ft

Nmap done: 1 IP address (1 host up) scanned in 3.95 seconds


$ ./nmap -sT --proxy socks4://localhost:9050 scanme.nmap.org
Cannot initialize proxy node socks4://localhost:9050
QUITTING!


$ ./nmap -sT --proxy socks4://127.0.0.1:9050 scanme.nmap.org

Starting Nmap 6.49SVN ( https://nmap.org ) at 2015-07-04 13:47 PDT
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.61s latency).
Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f
rDNS record for 45.33.32.156: li982-156.members.linode.com
Not shown: 997 closed|filtered ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
9929/tcp open  nping-echo

Nmap done: 1 IP address (1 host up) scanned in 155.06 seconds
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: