nmap 및 nmap의 DNS 해상도를 프록시하는 방법

nmap 및 nmap의 DNS 해상도를 프록시하는 방법

프록시를 통해 nmap 및 nmap의 DNS 확인을 사용하는 방법은 무엇입니까?

프록시 연결을 시도했지만 DNS 확인이 작동하지 않습니다. 이는 일부 포럼에서 읽은 알려진 버그입니다. dns_proxy 기능이 프록시체인 구성에 없는 경우에도 작동합니다. 하지만 프록시 DNS 확인 요청이 필요합니다.

sudo proxychains nmap -T4 -sV -Pn -A --reason -v scanme.nmap.org

나는 Proxychains4(또는 Proxychains-ng)를 시도했지만 nmap을 사용하면 모든 패킷을 동기적으로 스캔하고 전송하므로 예를 들어 한 호스트를 스캔하려면 30분 이상 기다려야 합니다. 따라서 이는 옵션은 아니지만 훌륭하게 작동합니다.

sudo proxychains4 nmap -T4 -sV -Pn -A --reason -v scanme.nmap.org

내부 nmap 프록시 기능을 사용하려고 합니다.

sudo nmap --proxy socks4://127.0.0.1:9050 -T4 -sV -Pn -A --reason -v scanme.nmap.org

하지만 Tor 프록시 127.0.0.1:9050을 통해 DNS 확인 요청을 수행하고 있습니까, 아니면 그냥 스캔하고 있습니까? 그렇지 않은 것 같습니다.

해결책은 무엇입니까?

답변1

노력하다:

sudo nmap --proxy socks4://127.0.0.1:9050 --dns-servers 8.8.8.8 -T4 -sV -Pn -A --reason -v scanme.nmap.org

nmap옵션을 사용하여 사용할 도메인 이름을 지정할 수 있습니다 --dns-servers. 여기서 문제는 기본 DNS 서버가 개인 주소를 갖는 라우터이므로 DNS 서버가 인터넷에서 숨겨져 있다는 것입니다. 를 사용하면 Google의 공개 도메인 이름을 사용하라는 --dns-servers명령을 전달하는 것뿐입니다 . nmap(192.168.1.0/24와 같은 개인 주소는 라우팅할 수 없습니다.)

답변2

이것은 내 설정이며 proxychains4잘 작동합니다.


먼저 Tor 서비스를 구성하고 포트 9050에서 실행했습니다.

둘째, 내 프록시 체인 구성은 다음과 같습니다( /etc/proxychains4.conf)(sock4 줄 주석 처리).

socks5  127.0.0.1 9050

이는 방금 실행한 namp 명령과 정확히 동일합니다(완료하는 데 5분 소요). 는 명령 sudo뒤에 옵니다 proxychains4.

❯ proxychains4 sudo nmap -T4 -sV -Pn -A --reason -v scanme.nmap.org
[proxychains] config file found: /etc/proxychains4.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
Starting Nmap 7.80 ( https://nmap.org ) at 2022-01-09 00:08 AEDT
NSE: Loaded 151 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 00:08
Completed NSE at 00:08, 0.00s elapsed
Initiating NSE at 00:08
Completed NSE at 00:08, 0.00s elapsed
Initiating NSE at 00:08
Completed NSE at 00:08, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 00:08
Completed Parallel DNS resolution of 1 host. at 00:08, 0.52s elapsed
Initiating SYN Stealth Scan at 00:08
Scanning scanme.nmap.org (45.33.32.156) [1000 ports]
Discovered open port 80/tcp on 45.33.32.156
Discovered open port 443/tcp on 45.33.32.156
Discovered open port 8080/tcp on 45.33.32.156
Discovered open port 5060/tcp on 45.33.32.156
Discovered open port 22/tcp on 45.33.32.156
Discovered open port 31337/tcp on 45.33.32.156
Discovered open port 9929/tcp on 45.33.32.156
Completed SYN Stealth Scan at 00:08, 2.82s elapsed (1000 total ports)
Initiating Service scan at 00:08
Scanning 7 services on scanme.nmap.org (45.33.32.156)
Service scan Timing: About 71.43% done; ETC: 00:11 (0:00:44 remaining)
Completed Service scan at 00:10, 117.24s elapsed (7 services on 1 host)
Initiating OS detection (try #1) against scanme.nmap.org (45.33.32.156)
Retrying OS detection (try #2) against scanme.nmap.org (45.33.32.156)
Initiating Traceroute at 00:10
Completed Traceroute at 00:10, 3.19s elapsed
Initiating Parallel DNS resolution of 11 hosts. at 00:10
Completed Parallel DNS resolution of 11 hosts. at 00:10, 1.13s elapsed
NSE: Script scanning 45.33.32.156.
Initiating NSE at 00:10
Completed NSE at 00:11, 48.07s elapsed
Initiating NSE at 00:11
Completed NSE at 00:12, 60.07s elapsed
Initiating NSE at 00:12
Completed NSE at 00:12, 0.00s elapsed
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up, received user-set (0.21s latency).
Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f
Not shown: 992 closed ports
Reason: 992 resets
PORT      STATE    SERVICE    REASON         VERSION
22/tcp    open     ssh        syn-ack ttl 52 OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
|   1024 ac:00:a0:1a:82:ff:cc:55:99:dc:67:2b:34:97:6b:75 (DSA)
|   2048 20:3d:2d:44:62:2a:b0:5a:9d:b5:b3:05:14:c2:a6:b2 (RSA)
|   256 96:02:bb:5e:57:54:1c:4e:45:2f:56:4c:4a:24:b2:57 (ECDSA)
|_  256 33:fa:91:0f:e0:e1:7b:1f:6d:05:a2:b0:f1:54:41:56 (ED25519)
25/tcp    filtered smtp       no-response
80/tcp    open     http       syn-ack ttl 64 Apache httpd 2.4.7 ((Ubuntu))
|_http-favicon: Unknown favicon MD5: 156515DA3C0F7DC6B2493BD5CE43F795
| http-methods:
|_  Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.4.7 (Ubuntu)
|_http-title: Go ahead and ScanMe!
443/tcp   open     tcpwrapped syn-ack ttl 64
5060/tcp  open     tcpwrapped syn-ack ttl 64
8080/tcp  open     tcpwrapped syn-ack ttl 64
9929/tcp  open     nping-echo syn-ack ttl 53 Nping echo
31337/tcp open     tcpwrapped syn-ack ttl 52
Aggressive OS guesses: HP P2000 G3 NAS device (93%), Linux 2.6.32 (92%), Linux 2.6.32 - 3.1 (92%), Ubiquiti AirMax NanoStation WAP (Linux 2.6.32) (92%), Linux 3.7 (92%), Linux 2.6.32 - 3.13 (92%), Linux 3.0 - 3.2 (92%), Linux 3.3 (92%), Infomir MAG-250 set-top box (91%), Linux 3.1 (91%)
No exact OS matches for host (test conditions non-ideal).
Uptime guess: 11.213 days (since Tue Dec 28 19:06:04 2021)
Network Distance: 12 hops
TCP Sequence Prediction: Difficulty=256 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 199/tcp)
HOP RTT       ADDRESS
1   ...
2   70.32 ms  REDACTED
3   171.80 ms REDACTED
4   171.83 ms REDACTED
5   251.96 ms REDACTED
6   252.09 ms REDACTED
7   252.11 ms REDACTED
8   252.13 ms REDACTED
9   252.15 ms REDACTED
10  252.20 ms 38.142.11.154
11  252.22 ms if-1-4.csw5-fnc1.linode.com (173.230.159.81)
12  252.25 ms scanme.nmap.org (45.33.32.156)

NSE: Script Post-scanning.
Initiating NSE at 00:12
Completed NSE at 00:12, 0.00s elapsed
Initiating NSE at 00:12
Completed NSE at 00:12, 0.00s elapsed
Initiating NSE at 00:12
Completed NSE at 00:12, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 240.81 seconds
           Raw packets sent: 1234 (56.044KB) | Rcvd: 1078 (45.547KB)

관련 정보