官方默认的扫描知名端口,但是我这个可以扫描所有端口,而且针对国内代理优化,能干什么,我就不多说了,知道的人自然之道.
另外,因为如果扫描大量的host,那么很容易因为输出太多,过滤麻烦,但是,有工具就不怕了.让他去访问一个PHP文件,PHP文件被访问,就写数据库,写了数据库... 从数据库取出...搞定.
对应的PHP文件也好,怎么都行,具体自己实现.
local proxy = require "proxy" local shortport = require "shortport" local stdnse = require "stdnse" local string = require "string" local url = require "url" description=[[ Checks if an open socks proxy is running on the target. The script attempts to connect to a proxy server and send socks4 and socks5 payloads. It is considered an open proxy if the script receives a Request Granted response from the target port. The payloads try to open a connection to www.baidu.com port 80. A different test host can be passed as <code>proxy.url</code> argument. ]] --@usage -- nmap --script=socks-china-proxy -- --script-args proxy.url=<host>,proxy.pattern=<pattern> -- nmap -sS -p 39370 -v --script socks-china-proxy 120.26.12.58 author = "TaterLi" license = "None" categories = {"default", "discovery", "external", "safe"} --- Performs the default test -- First: Default google request and checks for Server: gws -- Second: Request to wikipedia.org and checks for wikimedia pattern -- Third: Request to computerhistory.org and checks for museum pattern -- -- If any of the requests is successful, the proxy is considered open. -- If all requests return the same result, the user is alerted that -- the proxy might be redirecting his requests (very common on wi-fi -- connections at airports, cafes, etc.) -- -- @param host The host table -- @param port The port table -- @return status If any request succeeded -- @return response Table with supported methods local function default_test(host, port) local fstatus local cstatus5 local get_r5 local methods local response = {} local test_url = "/submit.php?host="..host.ip.."&port="..port.number.."&status="..port.state local hostname = "xxx.applinzi.com" local pattern = "^OK" fstatus, get_r5, cstatus5 = proxy.test_get(host, port, "socks5", test_url, hostname, pattern) if(cstatus5) then response[#response+1]="socks5" end if(fstatus) then return fstatus, response end if not (cstatus5) then return false, nil end -- Protocol works, but nothing matches return "pattern not matched", response end portrule = function(host, port) return true end action = function(host, port) local supported_versions local fstatus = false local pattern, test_url local hostname local retval = stdnse.output_table() test_url, pattern = proxy.return_args() fstatus, supported_versions = default_test(host, port) -- If any of the tests were OK, then the proxy is potentially open if fstatus == true then retval["status"] = "open" retval["versions"] = supported_versions return retval elseif fstatus and supported_versions then retval["status"] = "close" retval["versions"] = supported_versions return retval end end
你这个是支持 socks5 还是对 socks5 进行扫描
@rich 你需要先了解下nmap script的使用,这是后者的.