官方默认的扫描知名端口,但是我这个可以扫描所有端口,而且针对国内代理优化,能干什么,我就不多说了,知道的人自然之道.
另外,因为如果扫描大量的host,那么很容易因为输出太多,过滤麻烦,但是,有工具就不怕了.让他去访问一个PHP文件,PHP文件被访问,就写数据库,写了数据库... 从数据库取出...搞定.
对应的PHP文件也好,怎么都行,具体自己实现.
local proxy = require "proxy"
local shortport = require "shortport"
local stdnse = require "stdnse"
local string = require "string"
local url = require "url"
description=[[
Checks if an open socks proxy is running on the target.
The script attempts to connect to a proxy server and send socks4 and
socks5 payloads. It is considered an open proxy if the script receives
a Request Granted response from the target port.
The payloads try to open a connection to www.baidu.com port 80. A
different test host can be passed as <code>proxy.url</code>
argument.
]]
--@usage
-- nmap --script=socks-china-proxy
-- --script-args proxy.url=<host>,proxy.pattern=<pattern>
-- nmap -sS -p 39370 -v --script socks-china-proxy 120.26.12.58
author = "TaterLi"
license = "None"
categories = {"default", "discovery", "external", "safe"}
--- Performs the default test
-- First: Default google request and checks for Server: gws
-- Second: Request to wikipedia.org and checks for wikimedia pattern
-- Third: Request to computerhistory.org and checks for museum pattern
--
-- If any of the requests is successful, the proxy is considered open.
-- If all requests return the same result, the user is alerted that
-- the proxy might be redirecting his requests (very common on wi-fi
-- connections at airports, cafes, etc.)
--
-- @param host The host table
-- @param port The port table
-- @return status If any request succeeded
-- @return response Table with supported methods
local function default_test(host, port)
local fstatus
local cstatus5
local get_r5
local methods
local response = {}
local test_url = "/submit.php?host="..host.ip.."&port="..port.number.."&status="..port.state
local hostname = "xxx.applinzi.com"
local pattern = "^OK"
fstatus, get_r5, cstatus5 = proxy.test_get(host, port, "socks5", test_url, hostname, pattern)
if(cstatus5) then response[#response+1]="socks5" end
if(fstatus) then return fstatus, response end
if not (cstatus5) then return false, nil end
-- Protocol works, but nothing matches
return "pattern not matched", response
end
portrule = function(host, port)
return true
end
action = function(host, port)
local supported_versions
local fstatus = false
local pattern, test_url
local hostname
local retval = stdnse.output_table()
test_url, pattern = proxy.return_args()
fstatus, supported_versions = default_test(host, port)
-- If any of the tests were OK, then the proxy is potentially open
if fstatus == true then
retval["status"] = "open"
retval["versions"] = supported_versions
return retval
elseif fstatus and supported_versions then
retval["status"] = "close"
retval["versions"] = supported_versions
return retval
end
end
你这个是支持 socks5 还是对 socks5 进行扫描
@rich 你需要先了解下nmap script的使用,这是后者的.