»Unlabelled » Tunneling Nmap Through Tor

Tunneling Nmap Through Tor

 Tunneling Nmap Through Tor


    Use this tutorial for whatever you want to use it for. However, I am not responsible for your actions.


    Abstract: So you want to port scan anonymously. This tutorial will show you how to use Tor to hide your location while performing a port scan.


    Tools you will need:
    Nmap
    Tor
    Privoxy
    proxychains
    tortunnel.


    Here is a video explaining configuration of the tools listed above to port scan through Tor: Tor and nmap with tortunnel on Vimeo


    How to Portscan using nmap and Tor:

    Code:

    # proxychains nmap xxx.xx.xx.xxx

    This is a default nmap scan. However, this is a SYN scan that does not scan through your Tor nodes.


    Rather, use this:


    Code:

    # proxychains nmap -sT xxx.xx.xx.xxx

    Now you are routing your scan through the Tor network. Some pentesters will argue that this is %100 safe. I assure you that is not the case. Nmap by default pings the remote host. It sends ICMP packets to the target system. Here is how to eliminate this:


    Code:

    # iptables -A OUTPUT –dest <TargetIP or range> -j DROP

    This above rule drops packets that are not being routed through the Tor network. Now you can run the command proxychains nmap -sT xxx.xx.xx.xxx safely. There is one more problem. Your traffic is being routed through three nodes. Therefore, a simple scan could take hours sometimes days depending on the size of the network. I have a simple cure for this. It is called tortunnel. By using tortunnel you can bypass the first two hops and route your traffic through the exit node only. To use tortunnel you will need to edit your proxchains.conf file to use socks5. Tortunnel listens on TCP port 5060. Below is the config line you need to add in your /etc/proxychains.conf file.


    Code:

    Socks5 127.0.0.1 5060

    Next, you have to look up some Tor exit nodes. You can usually find some on google, but if not PM me. If I like you I may give you a exitnode.txt list. If I don't like you, you will receive the exitnodes.exe list. Now that you have your exit node you can start tortunnel:


    Code:

    # ./torproxy <ExitNodeIP>

    The above command sets up the Tor proxy connection. Next, rerun your nmap scan:


    Code:

    # proxychains nmap -sT xxx.xx.xx.xxx

    It should be faster. If it isn't find another exit node.


    Note: Even though tortunnel gives you a faster scan, it also makes your path easier to track. Remember if you use tortunnel you only use one node, and If you don't you use three nodes. I recommend not using tortunnel and dealing with the slow scan. Also, true anonymity is difficult if not impossible to acheive using any tactic because of IDS and packet sniffers. Take that into consideration.


    Sources: PaulDotCom: Archives

Written By bii

{ 0 comments... Skip to Comments }


Please comment here

 

IP Address

IP

Followers

Be Huge © 2012 | Template By Be Huge