Provided by: proxycheck_0.49a-4_amd64 
NAME
proxycheck — open proxy server checker
SYNOPSYS
proxycheck options host[:proto_port_spec]...
DESCRIPTION
proxycheck is a simple open proxy checking tool which is capable to quickly discovery open
proxy servers on many hosts. It's primary goal is to detect an open proxy server in order
to prevent it's abuse by various "bad guys", mostly spammers. Having a wide-open proxy
service running on a publicaly accessible network is a very bad idea nowadays, and
proxycheck may be used to find such system in order to be able to either secure a system,
or to refuse servicing it until it will be secured properly.
In order to determine if a given host is running an open proxy service, proxycheck tries
to connect to a given destination system via a host and perform some actions, trying to
talk with the destination system. If a talk is successeful, proxycheck assumes the proxy
service is running and wide-open.
proxycheck supports all commonly used proxy protocols, namely, HTTP CONNECT method, SOCKS
versions 4 and 5, and Wingate "telnet"‐style proxies. In future, support for more
protocols may be added.
Please note that with current number of various trojan horses cicrulating around, each
opening a proxy on a random port, it is not really enouth to probe for standard (in
whatever reason) ports built into the proxycheck. Instead, it is highly recommended to
use a list of currently active ports maintained by several people on the 'net.
OPTIONS
The following command-line options are recognized:
-h print a short help and exit.
-v increase the verbosity level. All debugging messages will go to standard error
stream.
-d deshost:destport (required)
try to establish a proxied connection to the given dsthost, port dstport. This
option is required.
-c check[:params] (required)
the "method" proxycheck will use when talking to a destination system to determine
if a proxy is open or not. Interpretation of params is check-dependant. This
option is required. Several methods are available:
chat:sendstr:expectstr
Try to perform simple "chat" with the destination system: send the string
given as sendstr and wait for expectstr on output. If sendstr is empty,
proxycheck will send the proxy parameters in the form
protocol:ip-address:portnumber
to the remote system. Proxy assumed to be open if expectstr is found.
dsbl (no parameters accepted)
try to submit all found proxies to the DSBL.org-like system, see
http://dsbl.org/ for more details. All the parameters required (username,
password, recipient address, cookie server, ...) are expected to be found in
environment variables. Run proxycheck with -h option to see a list of
recognized variables and their default values. By default, proxycheck will
anonimously submit all found proxies to unconfirmed.dsbl.org (which isn't
very useful). For trusted DSBL user, at least DSBL_USER and DSBL_PASS
variables should be set properly.
-p proto_port_spec
specifies protocol and ports to connect to. If not given, proxycheck will try it's
built-in default list. This option may be specified more than once. See below
for proto_port_spec. If proto_port_spec is specified for a single host to check,
it applies to that host only, and no protocols/ports in default list will be
checked for that host.
-D do not reset default port list when using -p option, but prepend new ports to it
instead.
-a use more "advanced" ports/protocols. The more -a's given, the more ports/protocols
will be probed. For a complete list of all ports and protocols and their level,
execute proxycheck with -h option.
-t timeout
a timeout, in secounds, for every operation. Default value is 30 secounds. The
timer starts at the connection attempt to the proxy itself, after sending the
"connect" command to the proxy and so on.
-m maxconn
Do not attempt to make more than maxconn parallel connections. By default, maximum
number of parallel connections limited by the operating system and on most systems
it is around 1000.
-M maxhconn
Do not make more than maxhconn parallel connections to the same host (default is
unlimited). This may be useful for overloaded proxies which can't handle many
parallel connections using different ports/protocols, but may significantly slow
down the whole process.
-s when an open proxy is found on a given IP, stop probing for other ports/protocols
for this IP. Best used when many IPs are tested, and/or with -M option. This is
because currently, proxycheck will not make any new connections to such host, but
will wait for already active connections to complete.
-b bindaddr
use bindaddr as a source address for all outgoing connections.
-n write a line about definitely closed proxies to stdout in additional to writing
about open proxies, in a form
127.0.0.1 http:8080 closed
-x print extended proxy information (proxy-agent and the like) if available. This
will be on the same "open" (or "closed" with -n) line, last, enclosed in square
brackets [].
-i filename
read list of hosts to check from a given file filename (in addition to command
line), or from stdin if filename if `-'.
Protocol and Port specification
Proxy protocols and ports to try (proto_port_spec) specified using the following syntax:
[proto:][port,port,port]
like:
hc:3128,8080 (http protocol on ports 3128 and 8080)
hc: (default list of ports for http protocol)
3128 (try http protocol on standard http port 3128)
1234 (try all protocols on non-standard port 1234)
Run proxycheck -h to see a list of supported protocols and default ports.
USAGE
Simplest usage of proxycheck is to try to connect to e.g. your own mailserver with chat
check method. First, connect to your mailserver on port 25 to see which line it outputs
upon connection (SMTP greething line), and use it with chat:
proxycheck -d yourmailserver.example.org:25 \
-c chat::greething ip.add.re.ss...
proxycheck will write a single line for every proto:port it finds to be open on stdout, in
the form:
127.0.0.3 hc:80 open
where 127.0.0.3 is an IP address of a host being tested, hc is the protocol name (HTTP
CONNECT, consult proxycheck -h for a full list of protocols) and 80 is a port number where
the proxy service is running.
In addition, if proxycheck is able to guess outgoing IP address of a proxy as seen by a
destination system, and if that address is different from input proxycheck is connecting
to, it will print this information too on the same line, like:
127.0.0.2 hc:80 open 127.0.0.3
where 127.0.0.3 is outgoing IP addres of a multihomed/cascaded proxy as reported by the
destination system. This IP address is hint only, there is no simple and reliable way
currently exists for proxycheck to determine that information. Proxycheck is able to
parse a line sent by remote system in -c chat mode — in this mode, proxycheck skips all
printable characters after expstr it found and searches for opening `[', when tries to
find closing ']' and interpret digits and dots in between as an IP address which gets
printed like above. If your mailserver's initial reply contains remote system's IP, or if
your mailserver replies with remote system's IP address to HELO/EHLO command, this feature
may be useful (in the last case, HELO command should be specified in chat).
When -n option is specified, for proto:ports which aren't running open proxy service, and
for which proxycheck is able to strongly determine this, a line in the following format
will be written:
127.0.0.4 hc:80 closed
Note however that in most cases there is no way to reliable determine whenever a given
service is not open: for example, an open proxy server may be overloaded and refusing
connections. In most cases, proxycheck assumes proxy is in unknown state, only a few
codes are recognized as real indication of "closed" state.
When -x option is specified, there will be additional proxy info written on the same line
(if available), like:
127.0.0.2 hc:80 open 127.0.0.3 [AnalogX 3.1415926]
127.0.0.3 hc:80 open [AnalogX 3.1415926]
127.0.0.4 hc:80 closed [AnalogX 3.1415926]
One may see some detail of proxycheck's operations giving sufficient number of -v options
in the command line. Verbosity level of 5 (-vvvvv) will show almost everything. All the
debugging output will go to the standard error stream and thus will not affect normal
operations (when you process proxycheck's output using some script).
EXIT CODE
proxycheck will exit with code 100 if at least one open proxy server was found. In case
of incorrect usage, it will exit with code 1. If no open proxies where found, proxycheck
will return 0.
LICENSE
This program is free software. It may be used and distributed in the terms of General
Public License (GPL) version 2 or later.
AUTHOR
proxycheck written by Michael Tokarev <mjt@corpit.ru>. Latest version of this utlilty may
be found at http://www.corpit.ru/mjt/proxycheck.html.
proxycheck(1)