One of the important additions in recent versions is HTTP and SOCKS4 proxy support. By scanning through a proxy, we can mask the origin IP address, but we should consider the additional latency introduced.
This recipe will show you how to tunnel your scans through proxies.
Open a terminal and enter the following command:
# nmap -sV -Pn -n --proxies <comma separated list of proxies> <target>
This feature is implemented within Nsock, and not all Nmap features are supported. You need to be careful to avoid accidentally disclosing your origin IP address. For example, to scan a host through TOR, we can use this:
# nmap -sV -Pn -n --proxies socks4://127.0.0.1:9050 scanme.nmap.org
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.13s latency).
Other addresses for scanme.nmap.org (not scanned):
2600:3c01::f03c:91ff:fe18:bb2f
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.7 ((Ubuntu))
...