Tor Support

[petak33]

I think tor option to hide your identity would be cool

[GamehunterKaan]

This tool is mostly designed for using inside an internal network. But might as well add Tor support for testing outside targets.

[GamehunterKaan]

After experimenting with the --proxy flag in nmap I found out that you can't specify a socks5 proxy.

Then I tried to specify it as socks4 even though it is socks5.

At first that seemed to work but after running nc on port 80 I realized it is actually not working.

There are also other issues with using nmap with proxy :

• ICMP ping can not be done to see if a host is alive, since ICMP is not TCP.
• OS fingerprinting based on features of the IP stack is not possible because nmap does not speak with the targets IP stack when using a proxy, but instead with the proxies IP stack. This is a theoretical limit you have with any kind of proxy protocol.
• Nmap can do only CONNECT and SOCKS4 and these protocols can do only TCP.
• See more on this stackexchange thread.

This issue will be closed since it is not possible to use nmap with tor without using any external programs like "proxychains". I might consider adding this feature when nmap allows the use of socks5.