Scanning through proxies
One of the important additions in recent versions is HTTP and SOCKS4 proxy support. By scanning through a proxy, we can mask the origin IP address, but we should consider the additional latency introduced.
This recipe will show you how to tunnel your scans through proxies.
How to do it...
Open a terminal and enter the following command:
# nmap -sV -Pn -n --proxies <comma separated list of proxies> <target>
This feature is implemented within Nsock, and not all Nmap features are supported. You need to be careful to avoid accidentally disclosing your origin IP address. For example, to scan a host through TOR, we can use this:
# nmap -sV -Pn -n --proxies socks4://127.0.0.1:9050 scanme.nmap.org
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.13s latency).
Other addresses for scanme.nmap.org (not scanned):
2600:3c01::f03c:91ff:fe18:bb2f
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.7 ((Ubuntu))
...