Torhoo onion mirror : torhoocc3yugradvhrppml2fin4xob7kgg7uf42s4xk7p6r5vzy62ead.onion

Nmap over tor issue : hacking | Torhoo darknet markets

I am trying to scan the nmap scanme, however when I use my qubes+kali setup through whonix it comes back as all scanned (top 1k) ports open.
If I do the same default scan with the default firewall net qube, I get the expected results.

Is there anything I can do to get a proper scan without exposing my IP address?

/u/rmrf P sudo rm -rf /*

1 points

2 weeks ago

Scanning from Tor is not going to work well. Your IP is probably blacklisted as it is tor exit node and not all flags are really meant to be used with Tor. Buy a cheap vps, buy cheap datacenter or res proxies, and scan from them. Your results will be faster and you can ssh to the scan server from tor so that you are still safe.

/u/nmapexpertsoon 📢 🍼

1 points

2 weeks ago

Thanks for the help.
I noticed (at least for nmaps scanme server) that ports that are actually open will stand out if I use -sV over tor. All ports still report as open, but the ones that are actually open had version info.

/u/SupremeMalik

1 points

2 weeks ago

/post/3b534202bfda2a1c594b/#c-b710dee0b9896c2bdd

/u/nmapexpertsoon 📢 🍼

1 points

2 weeks ago

The problem even happens if I just scan one port.
If I do 'nmap -Pn -sT -p 100 45.33.32.156' through whonix I get
"Port 100/tcp State:Open "

But if I do the same command through my default network qube, I get
"Port 100/tcp State:Closed "

So it doesn't seem to be rate limiting.

/u/SupremeMalik

1 points

2 weeks ago

Are you trying to hide your Ip from nmap permanently?

/u/nmapexpertsoon 📢 🍼

1 points

2 weeks ago

Yes, I am trying to attack vulnerable web servers that I shouldn't be. I want to avoid any attacks being traced back to my IP. Ideally, not even my city/state so I want to avoid going to a public wifi to do the scans. I appreciate the help btw.

/u/SupremeMalik

1 points

2 weeks ago

No problem. I would suggest using the -D (Decoy) agument or the Source address one. Both of these will spoof your address from the target server. You cant make yourself Invisible per say but you can Make enough fake IPs So you are harder to find. Hope that helps

/u/nmapexpertsoon 📢 🍼

1 points

2 weeks ago

Yes, thank you for the help

/u/OVjScHXPx2qO

1 points

1 week ago

None of this works with Tor

/u/workerbee

1 points

2 weeks ago

I was writing some advice and decided I will just DM you

/u/0xDEADFED 🍼

1 points

2 weeks ago

Do not scan using Tor for scanning. Buy a cheap VPS and some socks proxies. Connect to your VPS through Tor. Then run nmap with proxychains. Scanning directly from Tor can lead to problems like connection timeouts, firewall blocks, and false negatives.

/u/nmapexpertsoon 📢 🍼

1 points

2 weeks ago

Thank you for the help.
Would you recommend proxychains over qubes netvms. I don't know much about proxychains so that question might be nonsense.

/u/[deleted] 🍼

1 points

2 weeks ago

for me in my scans usually i use proxy-chains but before you use it make sure that you set it up correctly and everything is working right to avoid IP leaks

/u/hacker P

1 points

1 week ago

When scanning through Whonix, your traffic routes over Tor, which can cause nmap to see all ports as open due to Tor’s exit node behavior and filtering. To get accurate scans without exposing your IP, consider using a VPN or proxy outside Tor that supports nmap scans, or scan from a trusted VPS with strict anonymity controls. Alternatively, limit scans to safer, less intrusive options like -sS (TCP SYN) and scan fewer ports to reduce detection and distortion.