Skip to main content

Overview

scan4all supports SOCKS5 proxy routing, enabling you to scan targets through proxy servers for anonymity, bypassing restrictions, or accessing internal networks.

Basic Proxy Usage

Route all scan traffic through a SOCKS5 proxy: 
scan4all -host target.com -proxy socks5://127.0.0.1:1080
scan4all currently supports SOCKS5 proxies only. HTTP/HTTPS proxies are not supported.

Proxy URL Format

The proxy URL must use the SOCKS5 protocol scheme: 
socks5://[username:password@]host:port

Examples

scan4all -host target.com -proxy socks5://127.0.0.1:1080

Common Proxy Scenarios

Tor Network

Route scans through Tor for anonymity:
1

Install and Start Tor

# Ubuntu/Debian
sudo apt install tor
sudo systemctl start tor

# macOS
brew install tor
tor
2

Configure scan4all

scan4all -host target.com -proxy socks5://127.0.0.1:9050
Tor’s default SOCKS5 port is 9050.
3

Verify Tor Connection

Test your connection:
curl --socks5 127.0.0.1:9050 https://check.torproject.org/api/ip
Using Tor significantly slows down scans. Use lower rate limits (-rate 10) to avoid overwhelming the Tor network.

SSH Tunnel

Create a SOCKS5 proxy via SSH dynamic port forwarding:
1

Create SSH Tunnel

ssh -D 1080 -C -N [email protected]
  • -D 1080: Create SOCKS5 proxy on local port 1080
  • -C: Enable compression
  • -N: No remote command execution
2

Run Scan Through Tunnel

scan4all -host internal-network.local -proxy socks5://127.0.0.1:1080
This is useful for:
  • Scanning internal networks from outside
  • Accessing resources behind firewalls
  • Using jump hosts for security compliance

Cloud Proxy Services

Use commercial proxy services: 
scan4all -host target.com -proxy socks5://user:[email protected]:1080
Popular services:
  • ProxyMesh
  • Bright Data (formerly Luminati)
  • Smartproxy
  • IPRoyal

Proxy Configuration Options

Combine with Other Settings

scan4all -host target.com \
  -proxy socks5://127.0.0.1:1080 \
  -c 10 \
  -rate 50 \
  -timeout 5000 \
  -json -o results.json
When using proxies:
  • Increase timeout values (3000-5000ms)
  • Reduce concurrency (-c 5-10)
  • Lower rate limits (-rate 50-100)
  • Add more retries (-retries 5)

Multiple Target Scan Through Proxy

scan4all -l targets.txt -proxy socks5://127.0.0.1:1080
All targets will be scanned through the specified proxy.

Proxy Authentication

For proxies requiring authentication: 
scan4all -host target.com -proxy socks5://username:[email protected]:1080

URL Encoding Special Characters

If your username or password contains special characters, URL-encode them: 
# Password: p@ss#123
# Encoded: p%40ss%23123
scan4all -host target.com -proxy socks5://user:p%40ss%[email protected]:1080
Common encodings:
  • @%40
  • #%23
  • $%24
  • &%26
  • :%3A

Testing Proxy Connectivity

Verify your proxy works before running scans: 
# Test with curl
curl -x socks5://127.0.0.1:1080 https://api.ipify.org?format=json

# Test with proxychains
proxychains curl https://api.ipify.org?format=json

Proxy Performance Optimization

scan4all -host target.com \
  -proxy socks5://127.0.0.1:1080 \
  -c 5 \
  -rate 50 \
  -timeout 5000 \
  -retries 3 \
  -warm-up-time 5
SettingWithout ProxyWith ProxyReason
Threads (-c)255-10Reduce proxy load
Rate (-rate)100050-100Prevent proxy blocking
Timeout1000ms3000-5000msAccount for latency
Retries35Handle proxy instability

Proxy Chains

For multi-hop proxy routing, use proxychains:
1

Install proxychains

# Ubuntu/Debian
sudo apt install proxychains4

# macOS
brew install proxychains-ng
2

Configure proxychains

Edit /etc/proxychains4.conf:
strict_chain
proxy_dns

[ProxyList]
socks5 127.0.0.1 9050
socks5 proxy2.example.com 1080 user pass
3

Run scan4all through proxychains

proxychains scan4all -host target.com

Troubleshooting

Connection Timeout

Problem: Scan fails with timeout errors Solution: 
scan4all -host target.com -proxy socks5://127.0.0.1:1080 -timeout 5000

Proxy Refuses Connection

Problem: “connection refused” error Solutions:
  1. Verify proxy is running: netstat -an | grep 1080
  2. Check proxy authentication
  3. Test proxy with curl first

Slow Scan Performance

Problem: Scans are extremely slow Solutions:
  1. Reduce concurrency: -c 5
  2. Lower rate: -rate 50
  3. Use faster proxy service
  4. Avoid chaining multiple proxies

DNS Resolution Issues

Problem: Domain names not resolving through proxy Solution: Specify custom resolvers: 
scan4all -host target.com -proxy socks5://127.0.0.1:1080 -r 8.8.8.8,1.1.1.1

Security Considerations

Important Security Notes:
  • Proxies can log your traffic
  • Free proxies may be malicious or compromised
  • Use VPNs instead of proxies for true anonymity
  • Tor is slow but provides better anonymity
  • Always use trusted proxy providers

Anonymity Tips

Use Tor for Anonymity

Tor provides better anonymity than commercial proxies

Combine with VPN

Layer VPN + Tor + Proxy for maximum privacy

Rotate Proxies

Use different proxies for different targets

Verify IP Leaks

Test for DNS and IP leaks before scanning

Practical Examples

1

Anonymous Scan via Tor

# Start Tor
sudo systemctl start tor

# Run scan
scan4all -host target.com \
  -proxy socks5://127.0.0.1:9050 \
  -c 5 \
  -rate 10 \
  -timeout 10000
2

Internal Network Access

# Create SSH tunnel
ssh -D 1080 -C -N [email protected]

# Scan internal network
scan4all -host 10.0.0.0/24 \
  -proxy socks5://127.0.0.1:1080 \
  -tp 100 \
  -json -o internal-scan.json
3

Commercial Proxy Service

scan4all -host target.com \
  -proxy socks5://user:[email protected]:1080 \
  -c 10 \
  -rate 100 \
  -timeout 3000 \
  -csv -o results.csv

Proxy vs VPN

FeatureSOCKS5 ProxyVPN
SpeedModerateFast
AnonymityLow-MediumHigh
ConfigurationSimpleComplex
Protocol SupportApplication-levelSystem-wide
CostFree/CheapSubscription
Use CaseSpecific scansAll traffic
For production security assessments, consider using a VPN instead of or in addition to proxies.

Next Steps

Basic Usage

Return to basic scanning techniques

Advanced Options

Explore more advanced features

Build docs developers (and LLMs) love

Get started for freeTalk to us