proxycheck(1)proxycheck(1)NAMEproxycheck - open proxy server checker
SYNOPSYSproxycheck options host[:proto_port_spec]...
DESCRIPTIONproxycheck is a simple open proxy checking tool which is capable to
quickly discovery open proxy servers on many hosts. It's primary goal
is to detect an open proxy server in order to prevent it's abuse by
various "bad guys", mostly spammers. Having a wide-open proxy service
running on a publicaly accessible network is a very bad idea nowadays,
and proxycheck may be used to find such system in order to be able to
either secure a system, or to refuse servicing it until it will be
secured properly.
In order to determine if a given host is running an open proxy service,
proxycheck tries to connect to a given destination system via a host
and perform some actions, trying to talk with the destination system.
If a talk is successeful, proxycheck assumes the proxy service is run‐
ning and wide-open.
proxycheck supports all commonly used proxy protocols, namely, HTTP
CONNECT method, SOCKS versions 4 and 5, and Wingate "telnet"-style
proxies. In future, support for more protocols may be added.
Please note that with current number of various trojan horses cicrulat‐
ing around, each opening a proxy on a random port, it is not really
enouth to probe for standard (in whatever reason) ports built into the
proxycheck. Instead, it is highly recommended to use a list of cur‐
rently active ports maintained by several people on the 'net.
OPTIONS
The following command-line options are recognized:
-h print a short help and exit.
-v increase the verbosity level. All debugging messages will go to
standard error stream.
-d deshost:destport (required)
try to establish a proxied connection to the given dsthost, port
dstport. This option is required.
-c check[:params] (required)
the "method" proxycheck will use when talking to a destination
system to determine if a proxy is open or not. Interpretation
of params is check-dependant. This option is required. Several
methods are available:
chat:sendstr:expectstr
Try to perform simple "chat" with the destination system:
send the string given as sendstr and wait for expectstr
on output. If sendstr is empty, proxycheck will send the
proxy parameters in the form
protocol:ip-address:portnumber
to the remote system. Proxy assumed to be open if
expectstr is found.
dsbl (no parameters accepted)
try to submit all found proxies to the DSBL.org-like sys‐
tem, see http://dsbl.org/ for more details. All the
parameters required (username, password, recipient
address, cookie server, ...) are expected to be found in
environment variables. Run proxycheck with -h option to
see a list of recognized variables and their default val‐
ues. By default, proxycheck will anonymously submit all
found proxies to unconfirmed.dsbl.org (which isn't very
useful). For trusted DSBL user, at least DSBL_USER and
DSBL_PASS variables should be set properly.
-p proto_port_spec
specifies protocol and ports to connect to. If not given, prox‐
ycheck will try it's built-in default list. This option may be
specified more than once. See below for proto_port_spec. If
proto_port_spec is specified for a single host to check, it
applies to that host only, and no protocols/ports in default
list will be checked for that host.
-D do not reset default port list when using -p option, but prepend
new ports to it instead.
-a use more "advanced" ports/protocols. The more -a's given, the
more ports/protocols will be probed. For a complete list of all
ports and protocols and their level, execute proxycheck with -h
option.
-t timeout
a timeout, in secounds, for every operation. Default value is
30 secounds. The timer starts at the connection attempt to the
proxy itself, after sending the "connect" command to the proxy
and so on.
-m maxconn
Do not attempt to make more than maxconn parallel connections.
By default, maximum number of parallel connections limited by
the operating system and on most systems it is around 1000.
-M maxhconn
Do not make more than maxhconn parallel connections to the same
host (default is unlimited). This may be useful for overloaded
proxies which can't handle many parallel connections using dif‐
ferent ports/protocols, but may significantly slow down the
whole process.
-s when an open proxy is found on a given IP, stop probing for
other ports/protocols for this IP. Best used when many IPs are
tested, and/or with -M option. This is because currently, prox‐
ycheck will not make any new connections to such host, but will
wait for already active connections to complete.
-b bindaddr
use bindaddr as a source address for all outgoing connections.
-n write a line about definitely closed proxies to stdout in addi‐
tional to writing about open proxies, in a form
127.0.0.1 http:8080 closed
-x print extended proxy information (proxy-agent and the like) if
available. This will be on the same "open" (or "closed" with
-n) line, last, enclosed in square brackets [].
-i filename
read list of hosts to check from a given file filename (in addi‐
tion to command line), or from stdin if filename if `-'.
Protocol and Port specification
Proxy protocols and ports to try (proto_port_spec) specified using the
following syntax:
[proto:][port,port,port]
like:
hc:3128,8080 (http protocol on ports 3128 and 8080)
hc: (default list of ports for http protocol)
3128 (try http protocol on standard http port 3128)
1234 (try all protocols on non-standard port 1234)
Run proxycheck-h to see a list of supported protocols and default
ports.
USAGE
Simplest usage of proxycheck is to try to connect to e.g. your own
mailserver with chat check method. First, connect to your mailserver
on port 25 to see which line it outputs upon connection (SMTP greething
line), and use it with chat:
proxycheck-d yourmailserver.example.org:25 \
-c chat::greething ip.add.re.ss...
proxycheck will write a single line for every proto:port it finds to be
open on stdout, in the form:
127.0.0.3 hc:80 open
where 127.0.0.3 is an IP address of a host being tested, hc is the pro‐
tocol name (HTTP CONNECT, consult proxycheck-h for a full list of pro‐
tocols) and 80 is a port number where the proxy service is running.
In addition, if proxycheck is able to guess outgoing IP address of a
proxy as seen by a destination system, and if that address is different
from input proxycheck is connecting to, it will print this information
too on the same line, like:
127.0.0.2 hc:80 open 127.0.0.3
where 127.0.0.3 is outgoing IP addres of a multihomed/cascaded proxy as
reported by the destination system. This IP address is hint only,
there is no simple and reliable way currently exists for proxycheck to
determine that information. Proxycheck is able to parse a line sent by
remote system in -c chat mode - in this mode, proxycheck skips all
printable characters after expstr it found and searches for opening
`[', when tries to find closing ']' and interpret digits and dots in
between as an IP address which gets printed like above. If your
mailserver's initial reply contains remote system's IP, or if your
mailserver replies with remote system's IP address to HELO/EHLO com‐
mand, this feature may be useful (in the last case, HELO command should
be specified in chat).
When -n option is specified, for proto:ports which aren't running open
proxy service, and for which proxycheck is able to strongly determine
this, a line in the following format will be written:
127.0.0.4 hc:80 closed
Note however that in most cases there is no way to reliable determine
whenever a given service is not open: for example, an open proxy server
may be overloaded and refusing connections. In most cases, proxycheck
assumes proxy is in unknown state, only a few codes are recognized as
real indication of "closed" state.
When -x option is specified, there will be additional proxy info writ‐
ten on the same line (if available), like:
127.0.0.2 hc:80 open 127.0.0.3 [AnalogX 3.1415926]
127.0.0.3 hc:80 open [AnalogX 3.1415926]
127.0.0.4 hc:80 closed [AnalogX 3.1415926]
One may see some detail of proxycheck's operations giving sufficient
number of -v options in the command line. Verbosity level of 5
(-vvvvv) will show almost everything. All the debugging output will go
to the standard error stream and thus will not affect normal operations
(when you process proxycheck's output using some script).
EXIT CODEproxycheck will exit with code 100 if at least one open proxy server
was found. In case of incorrect usage, it will exit with code 1. If
no open proxies where found, proxycheck will return 0.
EXAMPLES
In the simplest case, specify:
proxycheck-vv -ddsthost:dstport -c chat::"waitstr" list-of-IPs
where dsthost is the host and dstport is the port number of the desti‐
nation system, and waitstr is a string to look for from the remote sys‐
tem. If you decide to connect to your own mailserver (which is quite
logical, since most proxy abuse nowadays is to send spam to your
mailserver), connect to it first using telnet and see which SMTP greet‐
ing string it prints out upon connection, and use this string as wait‐
str. For example, if your mailserver is mail.example.com, the follow‐
ing may apply:
$ telnet mail.example.com 25
Telnet: trying 127.0.0.1... connected.
250 mail.example.com ESMTP welcome
QUIT
In this case, proxycheck's command line may look as follows:
proxycheck-vv -d mail.example.com:25 \
-c chat::"250 mail.example.com ESMTP welcome" list-of-IPs
Another usage scenario is to automatically submit all open proxies to
DSBL.org-style blocklists. For this, specify -c dsbl and set up envi‐
ronment variables for dsbl client. The variables DSBL_USER and
DSBL_PASS are required for non-anonymous DSBL submissions, for anony‐
mous submissions to the unconfirmed.dsbl.org defaults are sufficient.
To submit a proxy to DSBL.org, set destination to the mail exchanger of
listme.dsbl.org domain, currently mx.listme.dsbl.org. For example:
DSBL_USER=username DSBL_PASS=password ./proxycheck -vv \
-dmx.listme.dsbl.org:25 -cdsbl proxyhost
Additional and updated information may be found at the URL below.
LICENSE
This program is free software. It may be used and distributed in the
terms of General Public License (GPL) version 2 or later.
AUTHORproxycheck written by Michael Tokarev <mjt@corpit.ru>. Latest version
of this utlilty may be found at http://www.corpit.ru/mjt/proxy‐
check.html.
proxycheck(1)
