Anonymizing NMAP scans
Once I wanted to conduct a portscan using NordVPN and I failed. The scan results of nmap didn't match up to the open ports of my webserver. Quickly I realized that the way NordVPN handles my traffic isn't suitable for executing nmap scans at all. I did some research on the blog of "That One Privacy Guy" and figured out that NordVPN should provide SOCKS5 proxy servers.
Unfortunately, these kind of servers aren't active anymore. I guess that's because of NordVPNs target audience which isn't really interested in such services.
My next approach was to use nmap over tor (with proxychains). This is one of the most common approaches to conduct anonymous nmap scans due to the limited proxy capabilities of nmap itself.
Quickly I realized that there is a high potential for leaks when using this setup right away. DNS and ICMP scans can be avoided but I do not fully trust nmap to that point to just exclude these types of scans.
Thats the main reason I have created "anonmap" a script that creates security mechanisms to force all traffic through tor with dnscrypt-proxy encrypting dns queries to Cloudflare.
Each packet gets installed and configured. Also, iptables is used to block or redirect traffic. An additional function can be used to check for potential ip leaks.
Stopping the script will revert all changes as each configuration file gets backuped first.
It's intended to extend the leak() function by an additional DNS leak check.
As always use it at your own risk but my first QA tests couldn't provide any evidence of leaks.
Happy scanning!
shark0x00