Provided by: proxycheck_0.49a-4_amd64 bug


       proxycheck — open proxy server checker


       proxycheck options host[:proto_port_spec]...


       proxycheck is a simple open proxy checking tool which is capable to quickly discovery open
       proxy servers on many hosts.  It's primary goal is to detect an open proxy server in order
       to  prevent  it's  abuse by various "bad guys", mostly spammers.  Having a wide-open proxy
       service running on a publicaly accessible  network  is  a  very  bad  idea  nowadays,  and
       proxycheck  may be used to find such system in order to be able to either secure a system,
       or to refuse servicing it until it will be secured properly.

       In order to determine if a given host is running an open proxy service,  proxycheck  tries
       to  connect  to  a given destination system via a host and perform some actions, trying to
       talk with the destination system.  If a talk is successeful, proxycheck assumes the  proxy
       service is running and wide-open.

       proxycheck  supports all commonly used proxy protocols, namely, HTTP CONNECT method, SOCKS
       versions 4 and 5, and  Wingate  "telnet"‐style  proxies.   In  future,  support  for  more
       protocols may be added.

       Please  note  that  with  current number of various trojan horses cicrulating around, each
       opening a proxy on a random port, it is not  really  enouth  to  probe  for  standard  (in
       whatever  reason)  ports  built into the proxycheck.  Instead, it is highly recommended to
       use a list of currently active ports maintained by several people on the 'net.


       The following command-line options are recognized:

       -h     print a short help and exit.

       -v     increase the verbosity level.  All debugging messages will  go  to  standard  error

       -d deshost:destport (required)
              try  to  establish  a  proxied connection to the given dsthost, port dstport.  This
              option is required.

       -c check[:params] (required)
              the "method" proxycheck will use when talking to a destination system to  determine
              if  a  proxy  is  open  or not.  Interpretation of params is check-dependant.  This
              option is required.  Several methods are available:

                     Try to perform simple "chat" with the destination system:  send  the  string
                     given  as  sendstr  and  wait for expectstr on output.  If sendstr is empty,
                     proxycheck will send the proxy parameters in the form
                     to the remote system.  Proxy assumed to be open if expectstr is found.

              dsbl   (no parameters accepted)
                     try  to  submit  all  found  proxies  to  the   system,   see
             for  more details.  All the parameters required (username,
                     password, recipient address, cookie server, ...) are expected to be found in
                     environment  variables.   Run  proxycheck  with  -h  option to see a list of
                     recognized variables and their default values.  By default, proxycheck  will
                     anonimously  submit  all  found proxies to (which isn't
                     very useful).  For trusted DSBL  user,  at  least  DSBL_USER  and  DSBL_PASS
                     variables should be set properly.

       -p proto_port_spec
              specifies protocol and ports to connect to.  If not given, proxycheck will try it's
              built-in default list.  This option may be specified more than  once.    See  below
              for  proto_port_spec.   If proto_port_spec is specified for a single host to check,
              it applies to that host only, and  no  protocols/ports  in  default  list  will  be
              checked for that host.

       -D     do  not  reset  default port list when using -p option, but prepend new ports to it

       -a     use more "advanced" ports/protocols.  The more -a's given, the more ports/protocols
              will  be  probed.   For a complete list of all ports and protocols and their level,
              execute proxycheck with -h option.

       -t timeout
              a timeout, in secounds, for every operation.  Default value is  30  secounds.   The
              timer  starts  at  the  connection  attempt  to the proxy itself, after sending the
              "connect" command to the proxy and so on.

       -m maxconn
              Do not attempt to make more than maxconn parallel connections.  By default, maximum
              number  of parallel connections limited by the operating system and on most systems
              it is around 1000.

       -M maxhconn
              Do not make more than maxhconn parallel connections to the same  host  (default  is
              unlimited).   This  may  be  useful  for overloaded proxies which can't handle many
              parallel connections using different ports/protocols, but  may  significantly  slow
              down the whole process.

       -s     when  an  open proxy is found on a given IP, stop probing for other ports/protocols
              for this IP.  Best used when many IPs are tested, and/or with -M option.   This  is
              because  currently,  proxycheck will not make any new connections to such host, but
              will wait for already active connections to complete.

       -b bindaddr
              use bindaddr as a source address for all outgoing connections.

       -n     write a line about definitely closed proxies to stdout  in  additional  to  writing
              about open proxies, in a form
        http:8080 closed

       -x     print  extended  proxy  information  (proxy-agent and the like) if available.  This
              will be on the same "open" (or "closed" with -n) line,  last,  enclosed  in  square
              brackets [].

       -i filename
              read  list  of  hosts  to  check from a given file filename (in addition to command
              line), or from stdin if filename if `-'.

   Protocol and Port specification
       Proxy protocols and ports to try (proto_port_spec) specified using the following syntax:
             hc:3128,8080 (http protocol on ports 3128 and 8080)
             hc:    (default list of ports for http protocol)
             3128   (try http protocol on standard http port 3128)
             1234   (try all protocols on non-standard port 1234)

       Run proxycheck -h to see a list of supported protocols and default ports.


       Simplest usage of proxycheck is to try to connect to e.g.  your own mailserver  with  chat
       check  method.   First, connect to your mailserver on port 25 to see which line it outputs
       upon connection (SMTP greething line), and use it with chat:

         proxycheck -d \
           -c chat::greething

       proxycheck will write a single line for every proto:port it finds to be open on stdout, in
       the form: hc:80 open
       where  is  an  IP address of a host being tested, hc is the protocol name (HTTP
       CONNECT, consult proxycheck -h for a full list of protocols) and 80 is a port number where
       the proxy service is running.

       In  addition,  if  proxycheck is able to guess outgoing IP address of a proxy as seen by a
       destination system, and if that address is different from input proxycheck  is  connecting
       to, it will print this information too on the same line, like: hc:80 open
       where  is  outgoing IP addres of a multihomed/cascaded proxy as reported by the
       destination system.  This IP address is hint only, there is no  simple  and  reliable  way
       currently  exists  for  proxycheck  to  determine that information.  Proxycheck is able to
       parse a line sent by remote system in -c chat mode — in this mode,  proxycheck  skips  all
       printable  characters  after  expstr  it found and searches for opening `[', when tries to
       find closing ']' and interpret digits and dots in between as  an  IP  address  which  gets
       printed like above.  If your mailserver's initial reply contains remote system's IP, or if
       your mailserver replies with remote system's IP address to HELO/EHLO command, this feature
       may be useful (in the last case, HELO command should be specified in chat).

       When  -n option is specified, for proto:ports which aren't running open proxy service, and
       for which proxycheck is able to strongly determine this, a line in  the  following  format
       will be written: hc:80 closed
       Note  however  that  in  most cases there is no way to reliable determine whenever a given
       service is not open: for example, an open proxy server  may  be  overloaded  and  refusing
       connections.   In  most  cases,  proxycheck  assumes proxy is in unknown state, only a few
       codes are recognized as real indication of "closed" state.

       When -x option is specified, there will be additional proxy info written on the same  line
       (if available), like: hc:80 open [AnalogX 3.1415926] hc:80 open [AnalogX 3.1415926] hc:80 closed [AnalogX 3.1415926]

       One  may see some detail of proxycheck's operations giving sufficient number of -v options
       in the command line.  Verbosity level of 5 (-vvvvv) will show almost everything.  All  the
       debugging  output  will  go  to  the standard error stream and thus will not affect normal
       operations (when you process proxycheck's output using some script).


       proxycheck will exit with code 100 if at least one open proxy server was found.   In  case
       of  incorrect usage, it will exit with code 1.  If no open proxies where found, proxycheck
       will return 0.


       This program is free software.  It may be used and distributed in  the  terms  of  General
       Public License (GPL) version 2 or later.


       proxycheck written by Michael Tokarev <>.  Latest version of this utlilty may
       be found at