Arguably, nmap is the most widely employed
port scanning device in history, but - in conjunction with Tor - unless
only the -sT switch is used, it spews GOBS of irritating libtorsocks errors
when connecting to UDP ports. This makes anonymous scanning sessions
somewhat unpleasant. Plus - by default, nmap performs host discovery by
transmitting ICMP packets - which could reveal your IP. (Since Tor can't
handle ICMP packets, they can be routed to the clearnet.)
With netcat (installed on most UNIX operating systems), it scans hosts on both the clear and the dark net cleanly, quietly and efficiently. By default, netcat does not connect to UDP ports.
1-100 = the port range to scan
somehostxxxxxxxx.onion = the host to scan
With the "-w" switch, you'll need to observe nc as it scans. If it hangs for 5 seconds then resumes, the port is open. So, it's best to use "-z" for scanning, unless you have a compelling reason for "-w" (e.g., to view the greeting message of a daemon). Finally - when scanning a clearnet site - as a precaution, use the IP rather than the hostname. Below, tor-resolve can be used.
With netcat (installed on most UNIX operating systems), it scans hosts on both the clear and the dark net cleanly, quietly and efficiently. By default, netcat does not connect to UDP ports.
$ torify nc -v -z somehostxxxxxxxx.onion 1-100-z = scan mode
1-100 = the port range to scan
somehostxxxxxxxx.onion = the host to scan
$ torify nc -v -w 5 somehostxxxxxxxx.onion 1-100-w = timeout for connects and final net reads
With the "-w" switch, you'll need to observe nc as it scans. If it hangs for 5 seconds then resumes, the port is open. So, it's best to use "-z" for scanning, unless you have a compelling reason for "-w" (e.g., to view the greeting message of a daemon). Finally - when scanning a clearnet site - as a precaution, use the IP rather than the hostname. Below, tor-resolve can be used.
$ tor-resolve cnn.com
157.166.226.25
Comments
Post a Comment