用于全端口SOCKS5扫描的NMAP NSE文件

/ 2评 / 0

官方默认的扫描知名端口,但是我这个可以扫描所有端口,而且针对国内代理优化,能干什么,我就不多说了,知道的人自然之道.
另外,因为如果扫描大量的host,那么很容易因为输出太多,过滤麻烦,但是,有工具就不怕了.让他去访问一个PHP文件,PHP文件被访问,就写数据库,写了数据库... 从数据库取出...搞定.
对应的PHP文件也好,怎么都行,具体自己实现.

local proxy = require "proxy"
local shortport = require "shortport"
local stdnse = require "stdnse"
local string = require "string"
local url = require "url"
description=[[
Checks if an open socks proxy is running on the target.
The script attempts to connect to a proxy server and send socks4 and
socks5 payloads. It is considered an open proxy if the script receives
a Request Granted response from the target port.
The payloads try to open a connection to www.baidu.com port 80.  A
different test host can be passed as <code>proxy.url</code>
argument.
]]
--@usage
-- nmap --script=socks-china-proxy 
--    --script-args proxy.url=<host>,proxy.pattern=<pattern>
-- nmap -sS -p 39370 -v --script socks-china-proxy 120.26.12.58
author = "TaterLi"
license = "None"
categories = {"default", "discovery", "external", "safe"}
--- Performs the default test
-- First: Default google request and checks for Server: gws
-- Second: Request to wikipedia.org and checks for wikimedia pattern
-- Third: Request to computerhistory.org and checks for museum pattern
--
-- If any of the requests is successful, the proxy is considered open.
-- If all requests return the same result, the user is alerted that
-- the proxy might be redirecting his requests (very common on wi-fi
-- connections at airports, cafes, etc.)
--
-- @param host The host table
-- @param port The port table
-- @return status If any request succeeded
-- @return response Table with supported methods
local function default_test(host, port)
  local fstatus
  local cstatus5
  local get_r5
  local methods
  local response = {}
  local test_url = "/submit.php?host="..host.ip.."&port="..port.number.."&status="..port.state
  local hostname = "xxx.applinzi.com"
  local pattern = "^OK"
  fstatus, get_r5, cstatus5 = proxy.test_get(host, port, "socks5", test_url, hostname, pattern)
  if(cstatus5) then response[#response+1]="socks5" end
  if(fstatus) then return fstatus, response end
  if not (cstatus5) then return false, nil end
  -- Protocol works, but nothing matches
  return "pattern not matched", response
end
portrule = function(host, port)
	return true
end
action = function(host, port)
  local supported_versions
  local fstatus = false
  local pattern, test_url
  local hostname
  local retval = stdnse.output_table()
  test_url, pattern = proxy.return_args()
  fstatus, supported_versions = default_test(host, port)
  -- If any of the tests were OK, then the proxy is potentially open
  if fstatus == true then
    retval["status"] = "open"
    retval["versions"] = supported_versions
    return retval
  elseif fstatus and supported_versions then
    retval["status"] = "close"
    retval["versions"] = supported_versions
    return retval
  end
end

 

  1. rich说道:

    你这个是支持 socks5 还是对 socks5 进行扫描

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注