Linux, NMAP, Tor

Anonymous port scanning through the tor network

To accomplish this task you have to install privoxy and proxychains on your system.

For ubuntu users just issue the following command: sudo apt-get install privoxy proxychains

proxychains is configured by default to work with the Tor network.

Now that we have privoxy and proxychains installed we can issue the following command in the terminal:

proxychains nmap -Pn -sT -n -sV -p 21,22,23,53,80,110,139,143,443 x.x.x.x

Explaining:

-Pn: skip host discovery, in this way we do not send any ICMP packets.

-sT: full Connect() scan, in this way all packets use the tor network.

-n: no DNS request

-sV: discover software versions (services)

-p 80, 443, .. : scan a range of common ports

You will see something similar to this:

ProxyChains-3.1 (http://proxychains.sf.net)
Starting Nmap 5.21 ( http://nmap.org ) at 2011-12-30 07:00 EET
|S-chain|-<>-127.0.0.1:9050-<><>-x.x.x.x:21-<><>-OK
|S-chain|-<>-127.0.0.1:9050-<><>-x.x.x.x:139-<><>-OK
|S-chain|-<>-127.0.0.1:9050-<><>-x.x.x.x:53-<><>-OK
|S-chain|-<>-127.0.0.1:9050-<><>-x.x.x.x:443-<><>-OK
..
..
Nmap scan report for x.x.x.x
Host is up (0.88s latency).
PORT    STATE  SERVICE     VERSION
21/tcp  open   ftp         ProFTPD
22/tcp  open   ssh         OpenSSH
23/tcp  closed telnet
..
..
Service Info: Host: localhost.localdomain; OSs: Unix, Linux

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 33.61 seconds