Home page logo
Zenmap screenshot
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
Example Nmap output

Nmap Network Scanning

Proxy Options

--proxy <host>[:<port>] (Specify proxy address)

Requests proxying through <host>:<port>, using the protocol specified by --proxy-type.

If no port is specified, the proxy protocol's well-known port is used (1080 for SOCKS and 3128 for HTTP). When specifying an IPv6 HTTP proxy server using the IP address rather than the hostname, the square-bracket notation (for example [2001:db8::1]:8080) MUST be used to separate the port from the IPv6 address. If the proxy requires authentication, use --proxy-auth.

--proxy-type <proto> (Specify proxy protocol)

In connect mode, this option requests the protocol <proto> to connect through the proxy host specified by --proxy. In listen mode, this option has Ncat act as a proxy server using the specified protocol.

The currently available protocols in connect mode are http (CONNECT), socks4 (SOCKSv4), and socks5 (SOCKSv5). The only server currently supported is http. If this option is not used, the default protocol is http.

--proxy-auth <user>[:<pass>] (Specify proxy credentials)

In connect mode, gives the credentials that will be used to connect to the proxy server. In listen mode, gives the credentials that will be required of connecting clients. For use with --proxy-type http or --proxy-type socks5, the form should be username:password. For --proxy-type socks4, it should be a username only.

These credentials can be alternatively passed onto Ncat by setting environment variable NCAT_PROXY_AUTH, which reduces the risk of the credentials being captured in process logs. (Option --proxy-authtakes precedence.)

--proxy-dns <type> (Specify where to resolve proxy destination)

In connect mode, it provides control over whether proxy destination hostnames are resolved by the remote proxy server or locally, by Ncat itself. Possible values for <type> are:

local - Hostnames are resolved locally on the Ncat host. Ncat exits with error if the hostname cannot be resolved.

remote - Hostnames are passed directly onto the remote proxy server. This is the default behavior.

both - Hostname resolution is first attempted on the Ncat host. Unresolvable hostnames are passed onto the remote proxy server.

none - Hostname resolution is completely disabled. Only a literal IPv4 or IPv6 address can be used as the proxy destination.

Local hostname resolution generally respects IP version specified with options -4 or -6, except for SOCKS4, which is incompatible with IPv6.

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]