Today I quickly translated a python script i had floating around into a more useful NSE script.
It pulls the consensus data from one of the 9 Tor directory servers (documentation here) and runs a regular expression to extract the ip addresses of the nodes until it finds a matching one.
nmap -p0 -dd -Pn --datadir=. --script=tor-consensus-checker 184.108.40.206 ... NSE: Starting 'tor-consensus-checker' (thread: 0x9a87568) against 220.127.116.11. Initiating NSE at 23:36 NSE: checking if 18.104.22.168 is a tor relay NSE: Final http cache size (674972 bytes) of max size of 1000000 NSE: consensus retrieved from 22.214.171.124 NSE: Finished 'tor-consensus-checker' (thread: 0x9a87568) against 126.96.36.199. PORT STATE SERVICE REASON 0/tcp closed unknown conn-refused Host script results: | tor-consensus-checker: |_ 188.8.131.52 is a tor node Nmap done: 1 IP address (1 host up) scanned in 1.42 seconds
The script can currently be found on my github repository of nmap scripts.