Script socks-open-proxy

Script types: portrule
Categories: default, discovery, external, safe
Download: https://svn.nmap.org/nmap/scripts/socks-open-proxy.nse

Script Summary

Checks if an open socks proxy is running on the target.

The script attempts to connect to a proxy server and send socks4 and socks5 payloads. It is considered an open proxy if the script receives a Request Granted response from the target port.

The payloads try to open a connection to www.google.com port 80. A different test host can be passed as proxy.url argument.

Script Arguments

proxy.pattern, proxy.url

See the documentation for the proxy library.

Example Usage

nmap --script=socks-open-proxy \
   --script-args proxy.url=<host>,proxy.pattern=<pattern>

Script Output

PORT     STATE  SERVICE
1080/tcp open   socks
|  socks-open-proxy:
|   status: open
|   versions:
|     socks4
|_    socks5

Requires

• proxy
• shortport
• stdnse
• string
• url

---

Author:

• Joao Correa

License: Same as Nmap--See https://nmap.org/book/man-legal.html