如何通过代理使用 nmap 和 nmap 的 dns 解析?
我尝试了代理链,但对于 DNS 解析它不起作用,这是我在一些论坛上读到的已知错误。即使 proxychains 配置中没有 dns_proxy 功能,它也能正常工作。但我需要代理 dns 解析请求。
sudo proxychains nmap -T4 -sV -Pn -A --reason -v scanme.nmap.org
我尝试了 proxychains4(或 proxychains-ng),但是使用 nmap 它会同步扫描和发送所有数据包,因此例如扫描一台主机需要等待 30 分钟或更长时间。所以这不是一个选择,但效果很好。
sudo proxychains4 nmap -T4 -sV -Pn -A --reason -v scanme.nmap.org
我尝试使用内部 nmap 代理功能:
sudo nmap --proxy socks4://127.0.0.1:9050 -T4 -sV -Pn -A --reason -v scanme.nmap.org
但它是通过 Tor 代理 127.0.0.1:9050 进行 dns 解析请求还是仅扫描?似乎没有。
解决办法是什么?
答案1
尝试:
sudo nmap --proxy socks4://127.0.0.1:9050 --dns-servers 8.8.8.8 -T4 -sV -Pn -A --reason -v scanme.nmap.org
nmap您可以使用选项指定要使用的域名--dns-servers。这里的问题是默认的 DNS 服务器是您的路由器,它将有一个私有地址,因此您的 DNS 服务器对互联网是隐藏的。通过使用--dns-servers我只是告诉命令nmap使用谷歌的公共域名。 (像 192.168.1.0/24 这样的私有地址是不可路由的。)
答案2
这是我的设置并且proxychains4工作正常。
首先,我配置了 Tor 服务并在端口 9050 上运行。
其次,这是我的代理链配置(/etc/proxychains4.conf)(注释掉socks4行):
socks5 127.0.0.1 9050
这与我刚才运行的 namp 命令完全相同(花了 5 分钟才能完成)。请注意, 位于命令sudo之后proxychains4。
❯ proxychains4 sudo nmap -T4 -sV -Pn -A --reason -v scanme.nmap.org
[proxychains] config file found: /etc/proxychains4.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
Starting Nmap 7.80 ( https://nmap.org ) at 2022-01-09 00:08 AEDT
NSE: Loaded 151 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 00:08
Completed NSE at 00:08, 0.00s elapsed
Initiating NSE at 00:08
Completed NSE at 00:08, 0.00s elapsed
Initiating NSE at 00:08
Completed NSE at 00:08, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 00:08
Completed Parallel DNS resolution of 1 host. at 00:08, 0.52s elapsed
Initiating SYN Stealth Scan at 00:08
Scanning scanme.nmap.org (45.33.32.156) [1000 ports]
Discovered open port 80/tcp on 45.33.32.156
Discovered open port 443/tcp on 45.33.32.156
Discovered open port 8080/tcp on 45.33.32.156
Discovered open port 5060/tcp on 45.33.32.156
Discovered open port 22/tcp on 45.33.32.156
Discovered open port 31337/tcp on 45.33.32.156
Discovered open port 9929/tcp on 45.33.32.156
Completed SYN Stealth Scan at 00:08, 2.82s elapsed (1000 total ports)
Initiating Service scan at 00:08
Scanning 7 services on scanme.nmap.org (45.33.32.156)
Service scan Timing: About 71.43% done; ETC: 00:11 (0:00:44 remaining)
Completed Service scan at 00:10, 117.24s elapsed (7 services on 1 host)
Initiating OS detection (try #1) against scanme.nmap.org (45.33.32.156)
Retrying OS detection (try #2) against scanme.nmap.org (45.33.32.156)
Initiating Traceroute at 00:10
Completed Traceroute at 00:10, 3.19s elapsed
Initiating Parallel DNS resolution of 11 hosts. at 00:10
Completed Parallel DNS resolution of 11 hosts. at 00:10, 1.13s elapsed
NSE: Script scanning 45.33.32.156.
Initiating NSE at 00:10
Completed NSE at 00:11, 48.07s elapsed
Initiating NSE at 00:11
Completed NSE at 00:12, 60.07s elapsed
Initiating NSE at 00:12
Completed NSE at 00:12, 0.00s elapsed
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up, received user-set (0.21s latency).
Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f
Not shown: 992 closed ports
Reason: 992 resets
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 52 OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 1024 ac:00:a0:1a:82:ff:cc:55:99:dc:67:2b:34:97:6b:75 (DSA)
| 2048 20:3d:2d:44:62:2a:b0:5a:9d:b5:b3:05:14:c2:a6:b2 (RSA)
| 256 96:02:bb:5e:57:54:1c:4e:45:2f:56:4c:4a:24:b2:57 (ECDSA)
|_ 256 33:fa:91:0f:e0:e1:7b:1f:6d:05:a2:b0:f1:54:41:56 (ED25519)
25/tcp filtered smtp no-response
80/tcp open http syn-ack ttl 64 Apache httpd 2.4.7 ((Ubuntu))
|_http-favicon: Unknown favicon MD5: 156515DA3C0F7DC6B2493BD5CE43F795
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.4.7 (Ubuntu)
|_http-title: Go ahead and ScanMe!
443/tcp open tcpwrapped syn-ack ttl 64
5060/tcp open tcpwrapped syn-ack ttl 64
8080/tcp open tcpwrapped syn-ack ttl 64
9929/tcp open nping-echo syn-ack ttl 53 Nping echo
31337/tcp open tcpwrapped syn-ack ttl 52
Aggressive OS guesses: HP P2000 G3 NAS device (93%), Linux 2.6.32 (92%), Linux 2.6.32 - 3.1 (92%), Ubiquiti AirMax NanoStation WAP (Linux 2.6.32) (92%), Linux 3.7 (92%), Linux 2.6.32 - 3.13 (92%), Linux 3.0 - 3.2 (92%), Linux 3.3 (92%), Infomir MAG-250 set-top box (91%), Linux 3.1 (91%)
No exact OS matches for host (test conditions non-ideal).
Uptime guess: 11.213 days (since Tue Dec 28 19:06:04 2021)
Network Distance: 12 hops
TCP Sequence Prediction: Difficulty=256 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 199/tcp)
HOP RTT ADDRESS
1 ...
2 70.32 ms REDACTED
3 171.80 ms REDACTED
4 171.83 ms REDACTED
5 251.96 ms REDACTED
6 252.09 ms REDACTED
7 252.11 ms REDACTED
8 252.13 ms REDACTED
9 252.15 ms REDACTED
10 252.20 ms 38.142.11.154
11 252.22 ms if-1-4.csw5-fnc1.linode.com (173.230.159.81)
12 252.25 ms scanme.nmap.org (45.33.32.156)
NSE: Script Post-scanning.
Initiating NSE at 00:12
Completed NSE at 00:12, 0.00s elapsed
Initiating NSE at 00:12
Completed NSE at 00:12, 0.00s elapsed
Initiating NSE at 00:12
Completed NSE at 00:12, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 240.81 seconds
Raw packets sent: 1234 (56.044KB) | Rcvd: 1078 (45.547KB)