Metasploit With Proxychains Info

| Feature | Works? | Explanation | | :--- | :--- | :--- | | TCP Connect scans ( scanner/portscan/tcp ) | ✅ Yes | Pure TCP handshake. | | Most TCP exploits (e.g., SMB, SSH, FTP) | ✅ Yes | As long as payload is TCP-based. | | Meterpreter reverse_tcp | ⚠️ Tricky | Callback must also go through proxy chain. Use bind_tcp or reverse_https with proxy-aware stagers. | | UDP-based exploits (SNMP, DNS) | ❌ No | ProxyChains only hooks TCP. | | SYN stealth scans | ❌ No | Requires raw sockets. | | Nmap -sS or -sU via proxychains | ❌ No | Use -sT or switch to Metasploit's portscan. | | db_nmap inside msf | ❌ No | Nmap launched from msf ignores the proxychains wrapper. |

Routing the Matrix: How to Run Metasploit Through ProxyChains (For Anonymity & Pivoting)

Install and start Tor:

proxychains4 nmap -sT -Pn -p 80 example.com Note: Only -sT (TCP Connect) scans work, not -sS (SYN stealth). The magic command is simple: prefix msfconsole with proxychains4 .

socks5 10.0.0.15 1080 socks5 172.16.1.20 1080 High risk of logging/hijacking. Use only in lab environments. Step 2: Verify the Proxy Chain Works Before launching Metasploit, test the chain with a simple tool: metasploit with proxychains

ls /etc/proxychains4.conf Edit the configuration:

sudo apt install tor -y sudo systemctl start tor Add this line to the proxy list: | Feature | Works

socks4 127.0.0.1 9050 If you have a compromised host acting as a SOCKS proxy (via auxiliary/server/socks_proxy ), add its IP: