{"id":8,"date":"2024-09-06T22:38:54","date_gmt":"2024-09-06T21:38:54","guid":{"rendered":"https:\/\/www.northit.co.uk\/posts\/?p=8"},"modified":"2024-09-07T02:13:59","modified_gmt":"2024-09-07T01:13:59","slug":"bypassing-port-scan-blocking-firewalls","status":"publish","type":"post","link":"https:\/\/www.northit.co.uk\/posts\/bypassing-port-scan-blocking-firewalls\/","title":{"rendered":"How to Bypass Port Scan Blocking Firewalls"},"content":{"rendered":"\n<p><\/p>\n\n\n\n<p>This guide will help you bypass port scan blocking firewalls using the dark web, TOR. Our pen-test team will often use it as part of an <a href=\"https:\/\/www.northit.co.uk\/perimeter-network-penetration-testing\">external network pen-test<\/a> where a number of firewalls and devices are now attempting to block port scans.<\/p>\n\n\n\n<p>Please see <a href=\"https:\/\/www.youtube.com\/watch?v=f8qD0IkUhFc\" data-type=\"link\" data-id=\"https:\/\/www.youtube.com\/watch?v=f8qD0IkUhFc\">Bypassing Post Scan Blocking<\/a> video for this in youtube format!<\/p>\n\n\n\n<p>The Linux distro we are using is Kali Linux.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step 1: Download the GitHub Repo<\/h2>\n\n\n\n<p>Open your linux terminal, install git with <code>sudo apt install git<\/code>. Then, download the code by using <code>git clone https:\/\/github.com\/NorthInfosecTesting\/tor_port_scan.git<\/code>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step 2: Install the Requirements<\/h2>\n\n\n\n<p>Once the GitHub Repo is downloaded, you need to ensure any prerequisites are installed.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Change directory to the downloaded tor_port_scan directory by entering <code>cd tor_port_scan<\/code><\/li>\n\n\n\n<li>Install TOR by entering <code>sudo apt install tor<\/code><\/li>\n\n\n\n<li>You may need to uncommect <code>ControlPort 9051<\/code> from the file <code>\/etc\/tor\/torrc<\/code> by removing the <code>#<\/code> from <code>#ControlPort 9051<\/code><br><br><img loading=\"lazy\" decoding=\"async\" width=\"866\" height=\"146\" class=\"wp-image-14\" src=\"https:\/\/www.northit.co.uk\/posts\/wp-content\/uploads\/2024\/09\/tor_config_file.png\" alt=\"\"><br><\/li>\n\n\n\n<li>Enter <code>sudo systemctl restart tor<\/code>, then <code>sudo systemctl start tor<\/code><\/li>\n\n\n\n<li>Ensure pip and python3 is installed, and enter <code>python3 install -r requirements.txt<\/code><\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">Step 3: Script Parameters<\/h2>\n\n\n\n<p>Now the requirements are installed, the TOR port scan python script is ready to run. However, first lets check what parameters can be passed to the script.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><code>python3 scan.py -h<\/code> will bring up the usage menu.<br><img loading=\"lazy\" decoding=\"async\" width=\"985\" height=\"395\" class=\"wp-image-13\" style=\"\" src=\"https:\/\/www.northit.co.uk\/posts\/wp-content\/uploads\/2024\/09\/scan_help.png\" alt=\"\"><\/li>\n\n\n\n<li><code>python3 scan.py [target]<\/code> will execute a port scan changing the TOR address every 5 ports.<br><img loading=\"lazy\" decoding=\"async\" width=\"857\" height=\"707\" class=\"wp-image-15\" style=\"\" src=\"https:\/\/www.northit.co.uk\/posts\/wp-content\/uploads\/2024\/09\/tor_port_scan.png\" alt=\"\"><\/li>\n\n\n\n<li>You can use the <code>--tor-interval [n]<\/code> flag to change the number of ports scanned before the TOR IP address is changed. For example, <code>python3 python3 scan.py --tor-interval 10 [target]<\/code><\/li>\n\n\n\n<li>The timeout <code>-t<\/code> flag can be used to enter the TIMEOUT seconds to wait before connection timeout for each port.<\/li>\n\n\n\n<li>The jobs <code>-j<\/code> flag can be used to set the maximum number of open connections at the same time.<\/li>\n<\/ol>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This guide will help you bypass port scan blocking firewalls using the dark web, TOR. Our pen-test team will often use it as part of an external network pen-test where a number of firewalls and devices are now attempting to block port scans. Please see Bypassing Post Scan Blocking video for this in youtube format! [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":11,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_daextamp_enable_autolinks":"","footnotes":""},"categories":[5,14],"tags":[10,9],"class_list":["post-8","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-code","category-how-to","tag-firewalls","tag-port-scanning"],"_links":{"self":[{"href":"https:\/\/www.northit.co.uk\/posts\/wp-json\/wp\/v2\/posts\/8","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.northit.co.uk\/posts\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.northit.co.uk\/posts\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.northit.co.uk\/posts\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.northit.co.uk\/posts\/wp-json\/wp\/v2\/comments?post=8"}],"version-history":[{"count":4,"href":"https:\/\/www.northit.co.uk\/posts\/wp-json\/wp\/v2\/posts\/8\/revisions"}],"predecessor-version":[{"id":79,"href":"https:\/\/www.northit.co.uk\/posts\/wp-json\/wp\/v2\/posts\/8\/revisions\/79"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.northit.co.uk\/posts\/wp-json\/wp\/v2\/media\/11"}],"wp:attachment":[{"href":"https:\/\/www.northit.co.uk\/posts\/wp-json\/wp\/v2\/media?parent=8"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.northit.co.uk\/posts\/wp-json\/wp\/v2\/categories?post=8"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.northit.co.uk\/posts\/wp-json\/wp\/v2\/tags?post=8"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}