{"id":13775652,"url":"https://github.com/milesrichardson/docker-onion-nmap","last_synced_at":"2025-12-27T10:31:47.641Z","repository":{"id":70721831,"uuid":"108010279","full_name":"milesrichardson/docker-onion-nmap","owner":"milesrichardson","description":"Scan .onion hidden services with nmap using Tor, proxychains and dnsmasq in a minimal alpine Docker container.","archived":false,"fork":false,"pushed_at":"2017-10-24T00:36:08.000Z","size":7,"stargazers_count":505,"open_issues_count":2,"forks_count":70,"subscribers_count":40,"default_branch":"master","last_synced_at":"2025-05-11T08:35:38.888Z","etag":null,"topics":["docker","nmap","pentesting","proxychains","recon","scanner","security","tor"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/milesrichardson.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2017-10-23T16:42:48.000Z","updated_at":"2025-05-10T21:52:44.000Z","dependencies_parsed_at":"2023-04-25T21:02:59.330Z","dependency_job_id":null,"html_url":"https://github.com/milesrichardson/docker-onion-nmap","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/milesrichardson/docker-onion-nmap","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/milesrichardson%2Fdocker-onion-nmap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/milesrichardson%2Fdocker-onion-nmap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/milesrichardson%2Fdocker-onion-nmap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/milesrichardson%2Fdocker-onion-nmap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/milesrichardson","download_url":"https://codeload.github.com/milesrichardson/docker-onion-nmap/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/milesrichardson%2Fdocker-onion-nmap/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28077500,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-27T02:00:05.897Z","response_time":58,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","nmap","pentesting","proxychains","recon","scanner","security","tor"],"created_at":"2024-08-03T17:01:44.721Z","updated_at":"2025-12-27T10:31:47.615Z","avatar_url":"https://github.com/milesrichardson.png","language":"Shell","funding_links":[],"categories":["\u003ca id=\"6e80463404d46f0493cf6e84597e4b5c\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"e99ba5f3de02f68412b13ca718a0afb6\"\u003e\u003c/a\u003eTor\u0026\u0026\u0026Onion\u0026\u0026洋葱"],"readme":"## docker-onion-nmap\n\nUse nmap to scan hidden \"onion\" services on the Tor network. Minimal image\nbased on alpine, using proxychains to wrap nmap. Tor and dnsmasq are run\nas daemons via s6, and proxychains wraps nmap to use the Tor SOCKS proxy on port 9050. Tor is also configured via [DNSPort](https://www.torproject.org/docs/tor-manual.html.en#DNSPort) to anonymously resolve DNS requests to port 9053. dnsmasq is configured to with this localhost:9053 as an authority DNS server. Proxychains is configured to proxy DNS through the local resolver, so all DNS requests will go through Tor and applications can resolve .onion addresses.\n\n### Example:\n\n``` bash\n$ docker run --rm -it milesrichardson/onion-nmap -p 80,443 facebookcorewwwi.onion\n[tor_wait] Wait for Tor to boot... (might take a while)\n[tor_wait] Done. Tor booted.\n[nmap onion] nmap -p 80,443 facebookcorewwwi.onion\n[proxychains] config file found: /etc/proxychains.conf\n[proxychains] preloading /usr/lib/libproxychains4.so\n[proxychains] DLL init: proxychains-ng 4.12\n\nStarting Nmap 7.60 ( https://nmap.org ) at 2017-10-23 16:17 UTC\n[proxychains] Dynamic chain  ...  127.0.0.1:9050  ...  facebookcorewwwi.onion:443  ...  OK\n[proxychains] Dynamic chain  ...  127.0.0.1:9050  ...  facebookcorewwwi.onion:80  ...  OK\nNmap scan report for facebookcorewwwi.onion (224.0.0.1)\nHost is up (2.7s latency).\n\nPORT    STATE SERVICE\n80/tcp  open  http\n443/tcp open  https\n\nNmap done: 1 IP address (1 host up) scanned in 3.58 seconds\n```\n\n### How it works:\n\nWhen the container boots, it launches Tor and dnsmasq as daemons. The `tor_wait`\nscript then waits for the Tor SOCKS proxy to be up before executing your command.\n\n### Arguments:\n\nBy default, args to `docker run` are passed to [/bin/nmap](/bin/nmap)\nwhich calls nmap with args `-sT -PN -n \"$@\"` necessary for it to work over Tor ([via explainshell.com](https://explainshell.com/explain?cmd=nmap+-sT+-PN+-n)).\n\nFor example, this:\n\n``` bash\ndocker run --rm -it milesrichardson/onion-nmap -p 80,443 facebookcorewwwi.onion\n```\n\nwill be executed as:\n\n``` sh\nproxychains4 -f /etc/proxychains.conf /usr/bin/nmap -sT -PN -n -p 80,443 facebookcorewwwi.onion\n```\n\nIn addition to the custom script for `nmap`, custom wrapper scripts for `curl`\nand `nc` exist to wrap them in proxychains, at [/bin/curl](/bin/curl)\nand [/bin/nc](/bin/nc). To call them, simply specify `curl` or `nc`\nas the first argument to `docker run`. For example:\n\n``` bash\ndocker run --rm -it milesrichardson/onion-nmap nc -z 80 facebookcorewwwi.onion\n```\n\nwill be executed as:\n\n``` bash\nproxychains4 -f /etc/proxychains.conf /usr/bin/nc -z 80 facebookcorewwwi.onion\n```\n\nand\n\n``` bash\ndocker run --rm -it milesrichardson/onion-nmap curl -I https://facebookcorewwwi.onion\n```\n\nwill be executed as:\n\n```\nproxychains4 -f /etc/proxychains.conf /usr/bin/curl -I https://facebookcorewwwi.onion\n```\n\nIf you want to call any other command, including the original `/usr/bin/nmap` or\n`/usr/bin/nc` or `/usr/bin/curl` you can specify it as the first argument to docker run, e.g.:\n\n``` bash\ndocker run --rm -it milesrichardson/onion-nmap /usr/bin/curl -x socks4h://localhost:9050 https://facebookcorewwwi.onion\n```\n\n### Environment variables:\n\nThere is only one environment variable: `DEBUG_LEVEL`. If you set it to\nanything other than `0`, more debugging info will be printed (specifically,\nthe attempted to connections to Tor while waiting for it to boot). Example:\n\n``` bash\n$ docker run -e DEBUG_LEVEL=1 --rm -it milesrichardson/onion-nmap -p 80,443 facebookcorewwwi.onion\n[tor_wait] Wait for Tor to boot... (might take a while)\n[tor_wait retry 0] Check socket is open on localhost:9050...\n[tor_wait retry 0] Socket OPEN on localhost:9050\n[tor_wait retry 0] Check SOCKS proxy is up on localhost:9050 (timeout 2 )...\n[tor_wait retry 0] SOCKS proxy DOWN on localhost:9050, try again...\n[tor_wait retry 1] Check socket is open on localhost:9050...\n[tor_wait retry 1] Socket OPEN on localhost:9050\n[tor_wait retry 1] Check SOCKS proxy is up on localhost:9050 (timeout 4 )...\n[tor_wait retry 1] SOCKS proxy DOWN on localhost:9050, try again...\n[tor_wait retry 2] Check socket is open on localhost:9050...\n[tor_wait retry 2] Socket OPEN on localhost:9050\n[tor_wait retry 2] Check SOCKS proxy is up on localhost:9050 (timeout 6 )...\n[tor_wait retry 2] SOCKS proxy UP on localhost:9050\n[tor_wait] Done. Tor booted.\n[nmap onion] nmap -p 80,443 facebookcorewwwi.onion\n[proxychains] config file found: /etc/proxychains.conf\n[proxychains] preloading /usr/lib/libproxychains4.so\n[proxychains] DLL init: proxychains-ng 4.12\n\nStarting Nmap 7.60 ( https://nmap.org ) at 2017-10-23 16:34 UTC\n[proxychains] Dynamic chain  ...  127.0.0.1:9050  ...  facebookcorewwwi.onion:443  ...  OK\n[proxychains] Dynamic chain  ...  127.0.0.1:9050  ...  facebookcorewwwi.onion:80  ...  OK\nNmap scan report for facebookcorewwwi.onion (224.0.0.1)\nHost is up (2.8s latency).\n\nPORT    STATE SERVICE\n80/tcp  open  http\n443/tcp open  https\n\nNmap done: 1 IP address (1 host up) scanned in 4.05 seconds\n```\n\n### Notes:\n\n- No UDP available over Tor\n- Tor can take 10-20 seconds to boot. If this is untenable, another option is to run the proxy in its own container, or run it as the main process and then run \"exec\" to call commands like nmap\n\n### gr33tz:\n\n- [@jessfraz](https://github.com/jessfraz) [tor-proxy](https://github.com/jessfraz/dockerfiles/tree/master/tor-proxy)\n- [@zuazo](https://github.com/zuazo) [alpine-tor-docker](https://github.com/zuazo/alpine-tor-docker)\n- [shellhacks](https://www.shellhacks.com/anonymous-port-scanning-nmap-tor-proxychains/)\n- [crypto-rebels.de](https://www.crypto-rebels.de/scanhidden.html)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmilesrichardson%2Fdocker-onion-nmap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmilesrichardson%2Fdocker-onion-nmap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmilesrichardson%2Fdocker-onion-nmap/lists"}