Linux, NMAP, Tor

Anonymous port scanning through the tor network

To accomplish this task you have to install privoxy and proxychains on your system.

For ubuntu users just issue the following command: sudo apt-get install privoxy proxychains

proxychains is configured by default to work with the Tor network.

Now that we have privoxy and proxychains installed we can issue the following command in the terminal:

proxychains nmap -Pn -sT -n -sV -p 21,22,23,53,80,110,139,143,443 x.x.x.x


-Pn: skip host discovery, in this way we do not send any ICMP packets.

-sT: full Connect() scan, in this way all packets use the tor network.

-n: no DNS request

-sV: discover software versions (services)

-p 80, 443, .. : scan a range of common ports

You will see something similar to this:

ProxyChains-3.1 (
Starting Nmap 5.21 ( ) at 2011-12-30 07:00 EET
Nmap scan report for x.x.x.x
Host is up (0.88s latency).
21/tcp  open   ftp         ProFTPD
22/tcp  open   ssh         OpenSSH
23/tcp  closed telnet
Service Info: Host: localhost.localdomain; OSs: Unix, Linux

Service detection performed. Please report any incorrect results at .
Nmap done: 1 IP address (1 host up) scanned in 33.61 seconds