Wondering how to use Nmap with ProxyChains?
Nmap, better known as Network Mapper, is a free and open-source application that acts as a network scanner. It is designed to discover all hosts and services that are available on a single network.
Nmap accomplishes this by sending multiple packets on the network and then analyzing the responses. In other words, Nmap acts as a scanner to find all hosts on a network.
Those working in Infosecurity would understand how useful a tool like Nmap could be if it offered anonymity with it. It could be used as a testing tool by ethical hackers and penetration testers to find vulnerabilities in networks without being traced.
Although there are many ways to add anonymity with Nmap, examples being using an idle scan, using proxies, or Tor. However, we’re going to cover a Linux-exclusive method in this guide i.e. using ProxyChains.
If you’re confused about how to use Nmap with ProxyChains, then this guide is meant for you. Just sit right back, relax and let us guide you on how you can use Nmap with ProxyChains.
So without further ado, let’s begin!
Understanding ProxyChains.
Before we begin, it’s better to have an idea about proxies and ProxyChains.
Proxying is a technique to pass your data traffic through multiple machines. This hides your original machine within a crowd of other machines. This technique is used to hide your original machine. It can also be used to bypass restrictions on your network.
ProxyChains is a Linux-specific tool that accomplishes these tasks. It forces TCP connections to pass through different proxies, for example, Tor, sock4s, socks5, and HTTP proxies. ProxyChains can also chain together multiple proxies, allowing for more anonymity.
All these features make ProxyChains favorable for hackers and members of the infosec industry. Aside from the baseline features, ProxyChains can operate in three different modes.
The first mode is known as Dynamic chain configuration. In this mode, one proxy must be available at all times. This method skips all unavailable proxies.
The second mode is known as Strict chain configuration. In this mode, all proxies should be available and chained in order, or else it won’t work.
The third mode is known as Random chain configuration. In this mode, the connection made by ProxyChains will be made using a random combination of proxies. The total number of proxies can be specified by the user.
Now that we’re aware of ProxyChains, we can learn how to use Nmap with ProxyChains.
Step 1: Installing ProxyChains.
Installing ProxyChains is a simple process that makes use of the command line input.
This method is for Linux distributions that are based on Debian. As long as you follow the steps correctly, installing ProxyChains should be a breeze.
Follow these steps to install ProxyChains.
- Open the terminal by pressing Ctrl + Alt +T.
- Next, type the following command.
o apt install proxychains -y
For systems that use RedHat/CentOS, type the following command.
$ sudo yum install proxychains
For systems with ArchLinux, type the following command.
$ sudo pacman -S proxychains-ng
This will install ProxyChains on your system. Our next step is to configure ProxyChains.
Step 2: Configuring ProxyChains.
This step involves configuring ProxyChains. Normally, ProxyChains are configured to use Tor as their default protocol.
This step will show you how to enable the Tor protocol for proxychain and configure ProxyChains.
To enable Tor protocol, follow these steps.
- Open the terminal by pressing Ctrl + Alt +T.
- Next, type the following command.
$ sudo apt install tor -y.
This will enable the Tor service on your system.
- Start the Tor service by typing the following command.
$ sudo service tor start
This will start the Tor service.
With Tor enabled, we can now configure the ProxyChains configuration file. Just follow these steps to configure the ProxyChains file on Debian-based Linux distributions.
- Open the terminal by pressing Ctrl + Alt +T.
- Next, type the following command.
$ sudo nano /etc/proxychains.conf
- In the configurations file, uncomment dynamic_chain by removing the “#”. Similarly, comment on the strict_chain by adding a “#” at the start.
This will configure the proxy as a Dynamic chain.
If you scroll down further, you will find a feature by the name of proxy_dns. Tweaking this feature allows you to prevent DNS requests from being sent to the ISP, ensuring more anonymity. This is done with the help of name resolution.
The syntax for adding a proxy is as follows.
<protocols> <hosts/IP> <port> <user> <password>
If the proxy has no designated user or password, you can leave those two spaces blank.
Also, if you wish to add proxies, we have a list of proxies you can access by clicking here.
If you wish to run it in strict chain configuration, just uncomment strict_chain and comment dynamic_chain.
You can restart the Tor service by typing the following command.
$ sudo service tor restart
Now that you have configured the file, you can test ProxyChains by running it with Mozilla Firefox by typing the following command.
$ proxychains firefox
Step 3: Running ProxyChains with Nmap.
Now that we’ve installed and configured ProxyChains on our system, it’s time that we get to the main course. Using Nmap with ProxyChains shouldn’t be a difficult experience.
As long as you follow the steps correctly, you should be able to install Nmap and use it with proxy chains without any problems.
It should be noted that Proxychains has some restrictions with Nmap. Most notably, you’ll need to use your Target IP address as DNS resolution doesn’t work with Nmap. Furthermore, you can only use TCP techniques with the help of the -sT
flag, as ICMP/UDP scans won’t work.
Follow these steps to install and use Nmap with Proxychains.
- Open the terminal by pressing Ctrl + Alt + T.
- Type the following command for Debian-based Linux distributions.
$ sudo apt install nmap -y
For Red Hat/ CentOS, type the following command.
$ sudo yum install nmap
With this, we have installed Nmap on our system. The next step is to use Nmap with ProxyChains.
- Next, run a scan through Nmap by typing the following command.
$ proxychains nmap -Pn -sT -p80 linuxhint.com -v
We can see that the DNS resolution was created with the help of ProxyChains. This means that our scan with Nmap was a success.
You can also try another scan by typing the following command.
$ sudo proxychains nmap -sT -v 172.67.209.252
You can learn about different Nmap flags by clicking here.
We hope this guide helped you learn how to use Nmap with ProxyChains and wish you all the best on your journey to deal with different networks.
Furthermore, if you wish to learn how to add fingerprint login in Ubuntu, click here.
If this guide helped you, please share it. 🙂