Port Scanning with ProxyChains via Nmap

Port scanning is a technique that allows hackers and security professionals to discover open ports and services on a target system. Port scanning can reveal valuable information about the target, such as the operating system, the applications running, and the vulnerabilities that may exist. However, port scanning can also expose the attacker’s IP address and trigger security alarms on the target. Therefore, it is important to use stealthy and anonymous methods for port scanning.

One of the most popular tools for port scanning is Nmap, which stands for Network Mapper. Nmap is a free and open-source utility that can perform various types of scans, such as TCP, UDP, SYN, ACK, and more. Nmap can also perform OS fingerprinting, service detection, version detection, and vulnerability scanning. Nmap is widely used by hackers and security professionals alike for network reconnaissance and penetration testing.

However, Nmap alone is not enough to ensure anonymity and stealth when port scanning. Nmap can reveal the attacker’s IP address to the target system and the intermediate routers. This can lead to detection, blocking, or tracing of the attacker. Therefore, it is advisable to use a proxy or a chain of proxies to hide the attacker’s IP address and route the traffic through different locations.

ProxyChains is a tool that allows users to run any program through a proxy or a chain of proxies. ProxyChains can support different types of proxies, such as SOCKS4, SOCKS5, HTTP, and HTTPS. ProxyChains can also support dynamic chains, random chains, and custom chains of proxies. ProxyChains can be used to run any TCP-based program through a proxy or a chain of proxies.

By using ProxyChains with Nmap, users can achieve several benefits for port scanning:

• Anonymity: ProxyChains can hide the user’s IP address and make it appear as if the scan is coming from different locations.
• Stealth: ProxyChains can reduce the chances of detection and blocking by the target system or the intermediate routers.
• Evasion: ProxyChains can bypass some firewall rules and network filters that may prevent direct access to the target system.

In this article, we will show you how to use ProxyChains with Nmap for port scanning. We will also provide some examples of port scanning with ProxyChains via Nmap and some troubleshooting tips for common errors.

How to Use ProxyChains with Nmap for Port Scanning

To use ProxyChains with Nmap for port scanning, you need to follow these steps:

Install ProxyChains and Nmap (if not already installed)

ProxyChains and Nmap are available for most Linux distributions and can be installed using the package manager of your choice. For example, on Debian-based systems, you can use the following command:

sudo apt-get install proxychains nmap

Alternatively, you can download the source code of ProxyChains from [here] and compile it yourself. You can also download the source code of Nmap from [here] and compile it yourself.

Configure ProxyChains

Before using ProxyChains, you need to configure it according to your preferences and needs. The configuration file of ProxyChains is located  /etc/proxychains.conf by default. You can edit this file using any text editor of your choice. For example:

sudo nano /etc/proxychains.conf

The configuration file contains several options that you can modify or uncomment. The most important ones are:

strict_chain

This option enables a strict chain of proxies that must be followed in order.

dynamic_chain

This option enables a dynamic chain of proxies that can skip dead proxies in the chain.

random_chain

This option enables a random chain of proxies that can change every connection.

chain_len

This option specifies the number of proxies in the chain.

proxy_dns

This option enables proxying DNS requests through the proxy server.

quiet_mode

This option disables output messages from ProxyChains.

You also need to specify the list of proxies that you want to use in the configuration file. You can add as many proxies as you want in the following format:

[Proxy_type] [IP] [Port] [Username] [Password]

For example:

socks5 192.168.1.1 1080 user1 pass1
http 10.10.10.10 8080 user2 pass2
socks4 172.16.0.1 9050

You can find free or paid proxies online from various sources, such as [here], [here], or [here]. However, you should be careful when using public proxies as they may be unreliable, slow, or malicious.

Start ProxyChains

After configuring ProxyChains, you can start it by using the following command:

proxychains

This will launch ProxyChains in the background and make it ready to use.

Run Nmap with the ProxyChains command.

To run Nmap with ProxyChains, you need to use the following syntax:

proxychains nmap [options] [target]

For example:

proxychains nmap -sS -p 80,443 192.168.0.100

This will run a TCP SYN scan on ports 80 and 443 of the target 192.168.0.100 using ProxyChains.

When you run Nmap with ProxyChains, you will see the output of both tools on the terminal. ProxyChains will show the chain of proxies that it is using and the status of each proxy. Nmap will show the results of the scan as usual.

Examples of Port Scanning with ProxyChains via Nmap

Here are some examples of port scanning with ProxyChains via Nmap that you can try:

Basic port scan

To perform a basic port scan on a target using ProxyChains and Nmap, you can use the following command:

proxychains nmap [target]

For example:

proxychains nmap 192.168.0.100

This will scan the most common 1000 ports on the target 192.168.0.100 using ProxyChains and Nmap.

TCP SYN scan

To perform a TCP SYN scan on a target using ProxyChains and Nmap, you can use the following command:

proxychains nmap -sS [options] [target]

For example:

proxychains nmap -sS -p 1-65535 192.168.0.100

This will scan all 65535 ports on the target 192.168.0.100 using a TCP SYN scan with ProxyChains and Nmap.

UDP scan

To perform a UDP scan on a target using ProxyChains and Nmap, you can use the following command:

proxychains nmap -sU [options] [target]

For example:

proxychains nmap -sU -p 53,67,68,69,123,161,162 192.168.0.100

This will scan some common UDP ports on the target 192.168.0.100 using a UDP scan with ProxyChains and Nmap.

Troubleshooting Port Scanning with ProxyChains via Nmap

Port scanning with ProxyChains via Nmap can sometimes result in errors or unexpected results. Here are some common errors and how to resolve them:

ProxyChains-3.1 (http://proxychains.sf.net) |DNS-request| www.google.com:

This error means that ProxyChains is trying to resolve the domain name of the target through the proxy server, but it is failing or taking too long. To fix this error, you can either use the IP address of the target instead of the domain name or disable proxying DNS requests by commenting out the proxy_dns option in the configuration file of ProxyChains.

ProxyChains-3.1 (http://proxychains.sf.net) |S-chain|-<>-127.0.0.1:9050-<><>-4.2.2.2:53-<><>-OK:

This error means that ProxyChains is trying to use a local proxy server on port 9050, but it is not working or not running. To fix this error, you can either start or restart the local proxy server or remove or change the local proxy server from the configuration file of ProxyChains.

ProxyChains-3.1 (http://proxychains.sf.net) |S-chain|-<>-192.168.1.1:1080-<--timeout:

This error means that ProxyChains is trying to use a remote proxy server on IP address 192.168.1.1 and port 1080, but it is not responding or not working. To fix this error, you can either check or change the remote proxy server settings or remove or change the remote proxy server from the configuration file of ProxyChains.

Note: Host seems down.:

This error means that Nmap is unable to reach or communicate with the target system through the proxy chain. To fix this error, you can either check or change the target system settings or check or change the proxy chain settings.

All 65535 scanned ports on www.google.com (172.217.160) are filtered:

This result means that Nmap is unable to determine the state of any port on the target system through the proxy chain because they are filtered by a firewall or a network device that prevents Nmap from getting any response. To fix this result, you can either try a different scan type or use more advanced techniques to bypass the filtering.