• December 21, 2024

Nmap With Proxychains

How to use nmap through proxychains? – Security …

I am running nmap through proxychains using this command:
proxychains nmap -v
This produced an error:
root@kali:~# proxychains nmap -v
ProxyChains-3. 1 ()
Starting Nmap 6. 49BETA4 () at 2016-05-07 17:23 IST
|DNS-request|
|D-chain|-<>-127. 0. 1:9050-<>-127. 1:9050-<--denied |D-chain|-<>-127. 1:9050-<><>-4. 2. 2:53-<><>-OK
|DNS-response| is 45. 33. 32. 156
45. 156/0 looks like an IPv6 target specification — you have to use the -6 option.
Read data files from: /usr/bin/.. /share/nmap
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0. 94 seconds
Then I went to this question (here) and I tried this:
to the solution was, that I disabled the DNS through socks:
in /etc/ file, just add a # before the line “proxy_dns”
But when I ran nmap through proxychains the nmap scan was running, but the proxychains proxy is not working which gave me the following verbose output:
Starting Nmap 6. 49BETA4 () at 2016-05-07 17:26 IST
Initiating Ping Scan at 17:26
Scanning (45. 156) [4 ports]
Completed Ping Scan at 17:26, 0. 20s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 17:26
Completed Parallel DNS resolution of 1 host. at 17:26, 0. 00s elapsed
Initiating SYN Stealth Scan at 17:26
Scanning (45. 156) [1000 ports]
Discovered open port 22/tcp on 45. 156
Discovered open port 80/tcp on 45. 156
Increasing send delay for 45. 156 from 0 to 5 due to 11 out of 31 dropped probes since last increase.
Increasing send delay for 45. 156 from 5 to 10 due to 59 out of 196 dropped probes since last increase.
Increasing send delay for 45. 156 from 10 to 20 due to max_successful_tryno increase to 4
Increasing send delay for 45. 156 from 20 to 40 due to max_successful_tryno increase to 5
Increasing send delay for 45. 156 from 40 to 80 due to 28 out of 92 dropped probes since last increase.
Increasing send delay for 45. 156 from 80 to 160 due to max_successful_tryno increase to 6
Increasing send delay for 45. 156 from 160 to 320 due to max_successful_tryno increase to 7
SYN Stealth Scan Timing: About 24. 82% done; ETC: 17:28 (0:01:34 remaining)
Increasing send delay for 45. 156 from 320 to 640 due to 11 out of 21 dropped probes since last increase.
Increasing send delay for 45. 156 from 640 to 1000 due to max_successful_tryno increase to 8
SYN Stealth Scan Timing: About 24. 66% done; ETC: 17:30 (0:03:06 remaining)
Discovered open port 31337/tcp on 45. 156
Discovered open port 9929/tcp on 45. 156
Completed SYN Stealth Scan at 17:28, 97. 38s elapsed (1000 total ports)
Nmap scan report for (45. 156)
Host is up (0. 23s latency).
Other addresses for (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f
Not shown: 992 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
514/tcp filtered shell
1434/tcp filtered ms-sql-m
9929/tcp open nping-echo
31337/tcp open Elite
Nmap done: 1 IP address (1 host up) scanned in 97. 65 seconds
Raw packets sent: 1477 (64. 936KB) | Rcvd: 1457 (58. 288KB)
From this we can see that the nmap works fine, but my question is why did nmap start as soon as the command was executed without tunneling itself through the proxies?, but if I ran a command like this:
proxychains firefox
I got the following verbose output which shows the tunneling of proxies.
root@kali:~# proxychains firefox ProxyChains-3. 1 ()
(process:6159): GLib-CRITICAL **: g_slice_set_config: assertion ‘sys_page_size == 0’ failed
[CustomizableUI]
Custom widget with id loop-button does not return a valid node
|D-chain|-<>-127. 1:9050-<><>-46. 51. 216. 186:80-<><>-OK
|D-chain|-<>-127. 186:443-<><>-OK
|D-chain|-<>-127. 1:9050-<><>-52. 19. 3. 28:443-<><>-OK
|D-chain|-<>-127. 1:9050-<><>-117. 18. 237. 29:80-<><>-OK
|D-chain|-<>-127. 1:9050-<><>-74. 125. 130. 91:443-<><>-OK
|D-chain|-<>-127. 1:9050-<><>-216. 58. 199. 174:80-<><>-OK
|D-chain|-<>-127. 102:443-<><>-OK
|D-chain|-<>-127. 1:9050-<><>-54. 251. 178. 52:443-<><>-OK
How to use Nmap with Proxychains - Linux Hint

How to use Nmap with Proxychains – Linux Hint

Combining Proxychains with Nmap is a widely used technique to avoid being traced.
For example, usually, there is only a proxy between us and the destination when we implement a VPN. This is ok if the VPN is configured properly, but in some cases, there are bugs or security holes that may expose our traffic to our ISP or anyone monitoring the network traffic. An example of this scenario would be a DNS leak in which, despite using a VPN, all DNS requests are sent to ISP-defined DNS. Implementing Proxychains can prevent this type of bug and increase anonymity and privacy through additional proxies.
About Proxychains:
The tool used to chain proxies in this tutorial is Proxychains, a tool available only for Linux. It supports protocols, socks4 and socks5.
Proxychains have 3 configuration options: Dynamic, Strict and Random.
Dynamic chain: If this option is selected, at least one proxy must be available for the chain to work. Unavailable proxies are skipped.
Strict chain: Contrary to dynamic chains. With Strict configuration, all proxies must be online or available; otherwise, it won’t work.
Random chain: With a random chain, all proxies will be selected randomly.
After reading this tutorial, you will know how to configure those modes, the advantages and limitations of the combination of Nmap with Proxychains.
Installing and configuring Proxychains:
To install proxychains on Debian based Linux distributions, run the following command:
sudo apt install proxychains -y
On Red Hat / CentOS, you can install Proxychains with the command below:
sudo yum install proxychains
To install Proxychains on ArchLinux run:
sudo pacman -S proxychains-ng
By default, Proxychains is configured to be used with Tor (Anonymity Network); this tutorial will show how to enable it. To install Tor run the command below:
Note: You can get Tor for other Linux distributions at To start the Tor service, run the command below:
As you can see, with the command sudo service tor status, Tor is running properly.
Now before proceeding let’s explore Proxychains configuration file /etc/, on the terminal run:
nano /etc/
Above, you can see the 3 configuration types I mentioned in the introductions of this tutorial. All options are well explained in the configuration file. For now, comment on the line strict_chain and uncomment the line dynamic_chain.
If you scroll down, you will discover another Proxychains feature: proxy_dns. This means Proxychains supports name resolution, so no DNS requests to ISP servers will be sent; the resolution is made by the proxy, which guarantees more anonymity.
Below you can see the proper format to add a proxy; if the proxy has no user and password, leave blank spaces. You see 127. 0. 1 on port 9050 as the only proxy because that’s the default Proxychains configuration when working with Tor.
If you want to define a strict chain, you must define the proxies with the syntax shown in the image.
Note: If you want to add proxies, you can get free proxy lists at or; there are more available lists on Google.
After commenting strict_chain and uncommenting dynamic_chain, restart the Tor service:
Before continuing with Nmap, you can test Proxychains with any program. For example, run Firefox with proxychains and check your IP address as shown in the example below:
On google, type “What is my ip, ” and if proxychains is working properly, you need to see a different IP address; you can compare it with another browser session without Proxychains.
How to use Nmap with Proxychains:
Using Nmap with Proxychains is similar to using any other software with Proxychains; just run proxychains before the command you want to execute, like with the Firefox example. With Nmap, the process is the same. All Nmap procedures remain, and the only difference in the syntax is the Proxychains prefix.
When using Nmap with Proxychains, there are several limitations you should remember:
The proxy DNS resolution works in the browser but doesn’t seem to work with Nmap, so you need to use your target IP address.
ICMP/UDP scans don’t work. Keep using TCP techniques. Keep using the flag -sT.
Before continuing, if you don’t have Nmap installed yet, run the command below on Debian based Linux distributions:
To install Nmap on Red Hat-based Linux distributions like CentOS run:
Once installed Proxychains, Tor and Nmap, you are ready to start scanning targets anonymously. You can use Nmap techniques you already know, taking into account the limitations mentioned previously.
First of all, let’s ensure we are safe from DNS leaks by checking if DNS resolution is made through Proxychains. Run the command below:
proxychains nmap -Pn -sT -p80 -v
As you can see in the output, the DNS resolution was made by Proxychains, so we are safe from DNS leaks.
The next example shows a TCP scan of ports ftp, ssh, telnet, smtp, and.
proxychains nmap -sT -p21, 22, 23, 25, 80, 443 -v 172. 67. 209. 252
The following command scans the most common TCP ports:
sudo proxychains nmap -sT -v 172. 252
You can find additional Nmap techniques you can practice with proxychains at nmap flags and what they do.
Conclusion:
As you can see, using Proxychains with Nmap is so simple as using Proxychains with any other application. However, combining Proxychains with Nmap results in many limitations and poor performance. No ICMP or UDP packets, no OS detection, no banner grabbing, no domain name resolution, etc.
Nmap already brings different options to implement a proxy (not proxy chain), including proxy-dns, but some limitations remain when using socks.
Nmap also offers additional techniques to scan a target under the radar or bypass firewalls and IDS (Intrusion Detection System).
Despite this conclusion, Proxychains and Nmap are widely complemented by hackers looking for mechanisms to remain undetected. Proxychains are included by default in Kali Linux, the most used Linux distribution for security purposes.
I hope this tutorial was useful. Keep following Linux Hint for more Linux tips and tutorials.
About the author
David Adams is a System Admin and writer that is focused on open source technologies, security software, and computer systems.
How to Use Nmap With Proxychains - Saintlad.com

How to Use Nmap With Proxychains – Saintlad.com

Wondering how to use Nmap with ProxyChains?
Nmap, better known as Network Mapper, is a free and open-source application that acts as a network scanner. It is designed to discover all hosts and services that are available on a single network.
Nmap accomplishes this by sending multiple packets on the network and then analyzing the responses. In other words, Nmap acts as a scanner to find all hosts on a network.
Those working in Infosecurity would understand how useful a tool like Nmap could be if it offered anonymity with it. It could be used as a testing tool by ethical hackers and penetration testers to find vulnerabilities in networks without being traced.
Although there are many ways to add anonymity with Nmap, examples being using an idle scan, using proxies, or Tor. However, we’re going to cover a Linux-exclusive method in this guide i. e. using ProxyChains.
If you’re confused about how to use Nmap with ProxyChains, then this guide is meant for you. Just sit right back, relax and let us guide you on how you can use Nmap with ProxyChains.
So without further ado, let’s begin!
Understanding ProxyChains.
Before we begin, it’s better to have an idea about proxies and ProxyChains.
Proxying is a technique in which you pass your data traffic through multiple machines. This hides your original machine within a crowd of other machines. This technique is used to hide your original machine. It can also be used to bypass restrictions on your network.
ProxyChains is a Linux-specific tool that accomplishes these tasks. It forces TCP connections to pass through different proxies, for example, Tor, sock4s, socks5, and HTTP proxies. ProxyChains can also chain together multiple proxies, allowing for more anonymity.
All these features make ProxyChains favorable for hackers and members of the infosec industry. Aside from the baseline features, ProxyChains can operate in three different modes.
The first mode is known as Dynamic chain configuration. In this mode, one proxy must be available at all times. This method skips all unavailable proxies.
The second mode is known as Strict chain configuration. In this mode, all proxies should be available and chained in order, else it won’t work.
The third mode is known as Random chain configuration. In this mode, the connection made by ProxyChains will be made using a random combination of proxies. The total number of proxies can be specified by the user.
Now that we’re aware of ProxyChains, we can learn how to use Nmap with ProxyChains.
Step 1: Installing ProxyChains.
Installing ProxyChains is a simple process that makes use of the command line input.
This method is for Linux distributions that are based on Debian. As long as you follow the steps correctly, installing ProxyChains should be a breeze.
Follow these steps to install ProxyChains.
Open the terminal by pressing Ctrl + Alt, type the following command.
o apt install proxychains -y
For systems that use RedHat/CentOS, type the following command.
$ sudo yum install proxychains
For systems with ArchLinux, type the following command.
$ sudo pacman -S proxychains-ng
This will install ProxyChains on your system. Our next step is to configure ProxyChains.
Step 2: Configuring ProxyChains.
This step involves configuring ProxyChains. Normally, ProxyChains are configured to use Tor as their default protocol.
This step will show you how to enable the Tor protocol for proxychain along with how to configure ProxyChains.
To enable Tor protocol, follow these steps.
$ sudo apt install tor -y.
This will enable the Tor service on your system.
Start the Tor service by typing the following command.
$ sudo service tor start
This will start the Tor service.
With Tor enabled, we can now configure the ProxyChains configuration file. Just follow these steps to configure the ProxyChains file on Debian-based Linux distributions.
$ sudo nano /etc/
In the configurations file, uncomment dynamic_chain by removing the “#”. Similarly, comment on the strict_chain by adding a “#” at the start.
This will configure the proxy as a Dynamic chain.
If you scroll down further, you will find a feature by the name of proxy_dns. Tweaking this feature allows you to prevent DNS requests from being sent to the ISP, ensuring more anonymity. This is done with the help of name resolution.
The syntax for adding a proxy is as follows. If the proxy has no designated user or password, you can leave those two spaces as blank.
If you wish to add proxies, we have a list of proxies you can access by clicking here.
If you wish to run it in strict chain configuration, just uncomment strict_chain and comment dynamic_chain.
You can restart the Tor service by typing the following command.
$ sudo service tor restart
Now that you have configured the file, you can test ProxyChains by running it with Mozilla Firefox by typing the following command.
$ proxychains firefox
Step 3: Running ProxyChains with Nmap.
Now that we’ve installed and configured ProxyChains on our system, it’s time that we get to the main course. Using Nmap with ProxyChains shouldn’t be a difficult experience.
As long as you follow the steps correctly, you should be able to install Nmap and use it with proxy chains without any problems.
It should be noted that Proxychains has some restrictions with Nmap. Most notably, you’ll need to use your Target IP address as DNS resolution doesn’t work with Nmap. Furthermore, you can only use TCP techniques with the help of the -sT flag as ICMP/UDP scans won’t work.
Follow these steps to install and use Nmap with Proxychains.
Open the terminal by pressing Ctrl + Alt + the following command for Debian-based Linux distributions.
$ sudo apt install nmap -y
For Red Hat/ CentOS, type the following command.
$ sudo yum install nmap
With this, we have installed Nmap on our system. The next step is to use Nmap with ProxyChains.
Next, run a scan through Nmap by typing the following command.
$ proxychains nmap -Pn -sT -p80 -v
We can see that the DNS resolution was created with the help of ProxyChains. This means that our scan with Nmap was a success.
You can also try another scan by typing the following command.
$ sudo proxychains nmap -sT -v 172. 67. 209. 252
You can learn about different Nmap flags by clicking here.
We hope this guide helped you learn how to use Nmap with ProxyChains and wish you all the best on your journey to deal with different networks.
Furthermore, if you wish to learn how to add fingerprint login in Ubuntu, click here.
If this guide helped you, please share it.

Frequently Asked Questions about nmap with proxychains

Can you use Proxychains with Nmap?

Using Nmap with Proxychains is similar to using any other software with Proxychains; just run proxychains before the command you want to execute, like with the Firefox example. With Nmap, the process is the same.

Is Proxychains safe?

As outlined above, proxies are not very secure. … Proxychains is a program that sends your traffic through a series of open web proxies that you supply before sending it on to your final destination. Unlike Tor, proxychains does not encrypt the connections between each proxy server.

Does Nmap work with TOR?

You can use TOR to proxy your nmap scans making it very difficult for the scanned network to find the source.Mar 24, 2013

Leave a Reply