TOR (https://www.torproject.org/) is a great project if you want to take care of your privacy. You can use TOR to proxy your nmap scans making it very difficult for the scanned network to find the source.
Only scan networks that you are allowed to scan!
First check that you have TOR installed. It should be listening on a local network port tcp/9050.
tcp 0 0 127.0.0.1:9050 0.0.0.0:* LISTEN xxxx/tor
You also need to install a package called proxychains that will proxy all the traffic through TOR. Proxychains has its configuration file in /etc/proxychains.conf. When installed, it will add the TOR connection as one of the available proxies./
[ProxyList] # add proxy here ... # meanwile # defaults set to "tor" socks4 127.0.0.1 9050
Now, in order to proxy your nmap traffic through TOR, use the nmap command prepended with proxychains. Remember that due to the nature of the TOR network, you should limit your scans to TCP only. Use the sS (SYN) or sT (CONNECT) scan types.
proxychains nmap -sS -PN -n -p 21,443
proxychains nmap -sT -PN -n -p 21,443
UPDATE
A visitor pointed out that nmap breaks out of proxychains.
Further investigation showed that nmap breaks out of proxychains for the SYN (-sS) scan. The CONNECT (-sT) scan is done via proxychains.
this is post is just bullshit. nmap 5.x breaks out of proxychains, and uses your normal internet connection to scan the given host. try it yourself, use wireshark / tcpdump to monitor the outgoing connection, then run nmap with the given command “namp -sS -PN -n -p 21,443 somehost”. there is no traffic proxyed to the tor network at all. only the dns resolution will be done by the tor network.
c&p FAIL
how about puting the proxychains command upfront, thats what it is about …
same result cause putting proxychains does the same thing
The post is not correct concerning the SYN scan, it does work for the CONNECT scan.
hello is there any new method use nmap with proxychains4 ? or any with any other tool , to be anonymous while scaning
https://github.com/orjail/orjail
I would figure instead of using nmap create and control a proxy and do it’s scan… proxychains nmap… like a tunnel if you will. Nmap through proxychains vs nmap with proxychains.