{"id":1021,"date":"2017-03-17T14:55:30","date_gmt":"2017-03-17T14:55:30","guid":{"rendered":"http:\/\/www.hackwhackandsmack.com\/?p=1021"},"modified":"2017-03-18T15:29:23","modified_gmt":"2017-03-18T15:29:23","slug":"speeding-up-proxychains-with-nmap-xargs","status":"publish","type":"post","link":"https:\/\/www.hackwhackandsmack.com\/?p=1021","title":{"rendered":"Speeding up Proxychains with Nmap \/ Xargs"},"content":{"rendered":"<p>So for a while now I&#8217;ve wanted a way to better use Nmap with proxychains and essentially I&#8217;ve resulted in a fairly simple one-liner that has worked for me for a while now on basic port scanning. It&#8217;s a trivial concept but really does speed up the process with no negative affect from what I can tell. Obviously you have to be careful on how\u00a0many threads you permit with Xargs but other than that its pretty straight forward.<\/p>\n<p>A couple of options that you may consider\u00a0when pivoting with proxychains is possibly multiple hosts with a low number of ports or the alternative being a large amount of ports against one host. Depending on your usage may depend on how you use it because you always have to remember how stealthy you want to be before doing this type of attack. If you&#8217;re using this on an internal pentest then you may not worry so much about stealth, but if you&#8217;re running this on a Red Team engagement you will want to manipulate the Nmap flags accordingly.<\/p>\n<p>Using the traditional way of running proxychains with Nmap it took 193.62 seconds\u00a0to finish. An example of this usage has been shown below:<\/p>\n<p><code>proxychains nmap -p 1-1000 -sT -Pn --open -n -T4 --min-parallelism 100 --min-rate 1 --oG proxychains_nmap_old --append-output &lt;IP Address&gt;<\/code><\/p>\n<p>Bringing Xargs into the loop with a thread count of 50 dramatically improves the results and only took 9 seconds to complete.\u00a0An example of this usage has been shown below:<\/p>\n<p><code>seq 1 1000 | xargs -P 50 -I{}\u00a0proxychains nmap -p {} -sT -Pn --open -n -T4 --min-parallelism 100 --min-rate 1 --oG proxychains_nmap --append-output &lt;IP Address&gt;<\/code><\/p>\n<p>If you want to run multiple ports or port ranges against multiple hosts you could use the following alternative:<\/p>\n<p><code>seq 1 254 | xargs -P 50 -I{} proxychains nmap -p 80,443,3389,445,22 -sT -Pn --open -n -T4 --min-parallelism 100 --min-rate 1 --oG proxychains_nmap --append-output 192.168.1.{}<\/code><\/p>\n<p>Then grep the output for open ports:<\/p>\n<p><a href=\"http:\/\/www.hackwhackandsmack.com\/wp-content\/uploads\/2017\/03\/grep.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-1033\" src=\"http:\/\/www.hackwhackandsmack.com\/wp-content\/uploads\/2017\/03\/grep.png\" alt=\"grep\" width=\"817\" height=\"274\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>So for a while now I&#8217;ve wanted a way to better use Nmap with proxychains and essentially I&#8217;ve resulted in a fairly simple one-liner that has worked for me for a while now on basic port scanning. It&#8217;s a trivial concept but really does speed up the process with no negative affect from what I&hellip; <a class=\"more-link\" href=\"https:\/\/www.hackwhackandsmack.com\/?p=1021\">Continue reading <span class=\"screen-reader-text\">Speeding up Proxychains with Nmap \/ Xargs<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=\/wp\/v2\/posts\/1021"}],"collection":[{"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1021"}],"version-history":[{"count":17,"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=\/wp\/v2\/posts\/1021\/revisions"}],"predecessor-version":[{"id":1039,"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=\/wp\/v2\/posts\/1021\/revisions\/1039"}],"wp:attachment":[{"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1021"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1021"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1021"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}