Forum Thread: The Most Anonymous Reconnaissance Technique?

Hello guys,

I'm new to hacking and I'm learning the Reconnaissance phase. I'm also completely new to Networking... but I'm always thinking how anonymize all my techniques. I would like to ask which are the most anonymous active recon technique you guys are applying today.

I already started doing a little research. Trying to figure it out, I gathered some interesting techniques that I would like to talk/share with you guys:

Well, since I'm just learning, I'm a little bit lost with all that info. My first intention was understand how could I anonymize the following tools on the network: SpiderFoot, ReconDog, Red Hawk v.2, Devploit, Sn1per, etc...

But digging into it I found some technical issues about some techniques(nmap via tor), for example:

  • "only normal TCP connections will be possible with the proxy, no SYN and FIN scan. (...) DNS lookup is not possible through the proxy"
  • "ICMP ping can not be done to see if a host is alive, since ICMP is not TCP. So you might need to skip the host discovery step if your targets are only accessible through the proxy (-Pn)"

From here, I found:

  • "To hide the scanning computer's IP address, it was necessary to eliminate pinging by setting the –Pn flag. The –sT flag needed to be set in order to run the scan using TCP instead of UDP 4. The –sV flag allows for version scanning and does not leak the scanner's IP address. The –O (OSDetection), and -A (OS detection, version detection, script scanning, and traceroute) did reveal the IP address because Nmap bypassed Proxychains during part of the execution"

From my little research, almost all of the content was directed to "Proxy + Tor + Nmap", but what about the other tools? How can I manage them to run through Tor too? If Nmap + Tor doesn't accept SYN scan, OS detection, traceroute, etc (without reveal IP)... how can I run an anonymous recon? The Idle Scan could handle the host discovering, but what about the rest of the recon?

Ps: Sorry if it is a silly question, or if it sounds like script kiddie because of the tools, but I'm really trying to understand and learn everything as possible here. So I really really really appreciate all answers from the Masters of Null-Byte <3

Ps2: Sorry if my question wasn't clear enough, english is not my main language.

1 Response

The most anonymous technique is to use some online tools for a quick target overview and then overscan picked vector. Personal recommendation spyse.com(mostly for large targets) and shodan.io (mostly for small targets).

Share Your Thoughts

  • Hot
  • Active