Running nmap NSE scan through socks proxy

Hello guys,

I’m trying to scan vuln using Nmap NSE through socks proxy but Nmap doesn’t give me the result just port is up or host is up.

anything else without NSE script is work

My proxy server is a windows session on Metasploit with Administrator prvilege.
I have done all the necessary for the socks proxy to work (autoroute, …)

Does anyone know how to have NSE script work?

Thanks in advance

Have you tried using the --proxies flag with nmap instead of proxychains?
It’s experimental, but it might serve your purpose. Check man nmap for the correct syntax.

1 Like

Yes, I did. But it returned the same result

As per the RFC, you should probably try using SOCKS version 5 as it adds suport for UDP.

TL;DR

This new protocol extends the SOCKS Version 4 model to include UDP,
and extends the framework to include provisions for generalized
strong authentication schemes, and extends the addressing scheme to
encompass domain-name and V6 IP addresses.

https://datatracker.ietf.org/doc/html/rfc1928#section-2

1 Like