Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
proxycheck(1)		    General Commands Manual		 proxycheck(1)

       proxycheck - open proxy server checker

       proxycheck options host[:proto_port_spec]...

       proxycheck  is  a  simple  open proxy checking tool which is capable to
       quickly discovery open proxy servers on many hosts.  It's primary  goal
       is  to  detect  an  open	proxy server in	order to prevent it's abuse by
       various "bad guys", mostly spammers.  Having a wide-open	proxy  service
       running	on a publicaly accessible network is a very bad	idea nowadays,
       and proxycheck may be used to find such system in order to be  able  to
       either  secure a	system,	or to refuse servicing it until	it will	be se-
       cured properly.

       In order	to determine if	a given	host is	running	an open	proxy service,
       proxycheck  tries  to  connect to a given destination system via	a host
       and perform some	actions, trying	to talk	with the  destination  system.
       If  a talk is successeful, proxycheck assumes the proxy service is run-
       ning and	wide-open.

       proxycheck supports all commonly	used  proxy  protocols,	 namely,  HTTP
       CONNECT	method,	 SOCKS	versions  4  and 5, and	Wingate	"telnet"-style
       proxies.	 In future, support for	more protocols may be added.

       Please note that	with current number of various trojan horses cicrulat-
       ing  around,  each  opening  a proxy on a random	port, it is not	really
       enouth to probe for standard (in	whatever reason) ports built into  the
       proxycheck.   Instead,  it  is highly recommended to use	a list of cur-
       rently active ports maintained by several people	on the 'net.

       The following command-line options are recognized:

       -h     print a short help and exit.

       -v     increase the verbosity level.  All debugging messages will go to
	      standard error stream.

       -d deshost:destport (required)
	      try to establish a proxied connection to the given dsthost, port
	      dstport.	This option is required.

       -c check[:params] (required)
	      the "method" proxycheck will use when talking to	a  destination
	      system  to  determine if a proxy is open or not.	Interpretation
	      of params	is check-dependant.  This option is required.  Several
	      methods are available:

		     Try to perform simple "chat" with the destination system:
		     send the string given as sendstr and wait	for  expectstr
		     on	output.	 If sendstr is empty, proxycheck will send the
		     proxy parameters in the form
		     to	the remote system.  Proxy assumed to be	 open  if  ex-
		     pectstr is	found.

	      dsbl   (no parameters accepted)
		     try to submit all found proxies to	the sys-
		     tem, see for more	details.  All the  pa-
		     rameters required (username, password, recipient address,
		     cookie server, ...) are expected to be found in  environ-
		     ment  variables.	Run proxycheck with -h option to see a
		     list of recognized	variables and  their  default  values.
		     By	 default, proxycheck will anonymously submit all found
		     proxies to (which  isn't  very  use-
		     ful).   For  trusted  DSBL	 user,	at least DSBL_USER and
		     DSBL_PASS variables should	be set properly.

       -p proto_port_spec
	      specifies	protocol and ports to connect to.  If not given, prox-
	      ycheck  will try it's built-in default list.  This option	may be
	      specified	more than once.	  See below for	 proto_port_spec.   If
	      proto_port_spec  is specified for	a single host to check,	it ap-
	      plies to that host only, and no protocols/ports in default  list
	      will be checked for that host.

       -D     do not reset default port	list when using	-p option, but prepend
	      new ports	to it instead.

       -a     use more "advanced" ports/protocols.  The	more -a's  given,  the
	      more ports/protocols will	be probed.  For	a complete list	of all
	      ports and	protocols and their level, execute proxycheck with  -h

       -t timeout
	      a	 timeout,  in secounds,	for every operation.  Default value is
	      30 secounds.  The	timer starts at	the connection attempt to  the
	      proxy  itself,  after sending the	"connect" command to the proxy
	      and so on.

       -m maxconn
	      Do not attempt to	make more than maxconn	parallel  connections.
	      By  default,  maximum  number of parallel	connections limited by
	      the operating system and on most systems it is around 1000.

       -M maxhconn
	      Do not make more than maxhconn parallel connections to the  same
	      host  (default is	unlimited).  This may be useful	for overloaded
	      proxies which can't handle many parallel connections using  dif-
	      ferent  ports/protocols,	but  may  significantly	 slow down the
	      whole process.

       -s     when an open proxy is found on a	given  IP,  stop  probing  for
	      other  ports/protocols for this IP.  Best	used when many IPs are
	      tested, and/or with -M option.  This is because currently, prox-
	      ycheck  will not make any	new connections	to such	host, but will
	      wait for already active connections to complete.

       -b bindaddr
	      use bindaddr as a	source address for all outgoing	connections.

       -n     write a line about definitely closed proxies to stdout in	 addi-
	      tional to	writing	about open proxies, in a form http:8080 closed

       -x     print  extended  proxy information (proxy-agent and the like) if
	      available.  This will be on the same "open"  (or	"closed"  with
	      -n) line,	last, enclosed in square brackets [].

       -i filename
	      read list	of hosts to check from a given file filename (in addi-
	      tion to command line), or	from stdin if filename if `-'.

   Protocol and	Port specification
       Proxy protocols and ports to try	(proto_port_spec) specified using  the
       following syntax:
	     hc:3128,8080 (http	protocol on ports 3128 and 8080)
	     hc:    (default list of ports for http protocol)
	     3128   (try http protocol on standard http	port 3128)
	     1234   (try all protocols on non-standard port 1234)

       Run  proxycheck	-h  to	see  a list of supported protocols and default

       Simplest	usage of proxycheck is to try to connect  to  e.g.   your  own
       mailserver  with	 chat check method.  First, connect to your mailserver
       on port 25 to see which line it outputs upon connection (SMTP greething
       line), and use it with chat:

	 proxycheck -d \
	   -c chat::greething

       proxycheck will write a single line for every proto:port	it finds to be
       open on stdout, in the form: hc:80 open
       where is an IP	address	of a host being	tested,	hc is the pro-
       tocol name (HTTP	CONNECT, consult proxycheck -h for a full list of pro-
       tocols) and 80 is a port	number where the proxy service is running.

       In addition, if proxycheck is able to guess outgoing IP	address	 of  a
       proxy as	seen by	a destination system, and if that address is different
       from input proxycheck is	connecting to, it will print this  information
       too on the same line, like: hc:80 open
       where is outgoing IP addres of	a multihomed/cascaded proxy as
       reported	by the destination system.  This  IP  address  is  hint	 only,
       there  is no simple and reliable	way currently exists for proxycheck to
       determine that information.  Proxycheck is able to parse	a line sent by
       remote  system  in  -c  chat  mode - in this mode, proxycheck skips all
       printable characters after expstr it found  and	searches  for  opening
       `[',  when  tries  to find closing ']' and interpret digits and dots in
       between as an IP	address	 which	gets  printed  like  above.   If  your
       mailserver's  initial  reply  contains  remote  system's	IP, or if your
       mailserver replies with remote system's IP address  to  HELO/EHLO  com-
       mand, this feature may be useful	(in the	last case, HELO	command	should
       be specified in chat).

       When -n option is specified, for	proto:ports which aren't running  open
       proxy  service,	and for	which proxycheck is able to strongly determine
       this, a line in the following format will be written: hc:80 closed
       Note however that in most cases there is	no way to  reliable  determine
       whenever	a given	service	is not open: for example, an open proxy	server
       may be overloaded and refusing connections.  In most cases,  proxycheck
       assumes	proxy  is in unknown state, only a few codes are recognized as
       real indication of "closed" state.

       When -x option is specified, there will be additional proxy info	 writ-
       ten on the same line (if	available), like: hc:80 open	[AnalogX 3.1415926] hc:80 open [AnalogX 3.1415926] hc:80 closed	[AnalogX 3.1415926]

       One  may	 see  some detail of proxycheck's operations giving sufficient
       number of -v options  in	 the  command  line.   Verbosity  level	 of  5
       (-vvvvv)	will show almost everything.  All the debugging	output will go
       to the standard error stream and	thus will not affect normal operations
       (when you process proxycheck's output using some	script).

       proxycheck  will	 exit  with code 100 if	at least one open proxy	server
       was found.  In case of incorrect	usage, it will exit with code  1.   If
       no open proxies where found, proxycheck will return 0.

       In the simplest case, specify:

	 proxycheck -vv	-ddsthost:dstport -c chat::"waitstr" list-of-IPs

       where  dsthost is the host and dstport is the port number of the	desti-
       nation system, and waitstr is a string to look for from the remote sys-
       tem.  If	 you  decide to	connect	to your	own mailserver (which is quite
       logical,	since most proxy abuse	nowadays  is  to  send	spam  to  your
       mailserver), connect to it first	using telnet and see which SMTP	greet-
       ing string it prints out	upon connection, and use this string as	 wait-
       str.   For example, if your mailserver is, the follow-
       ing may apply:

	 $ telnet 25
	 Telnet: trying connected.
	 250 ESMTP welcome

       In this case, proxycheck's command line may look	as follows:

	 proxycheck -vv	-d \
	  -c chat::"250 ESMTP welcome"	list-of-IPs

       Another usage scenario is to automatically submit all open  proxies  to  blocklists.  For	this, specify -c dsbl and set up envi-
       ronment	variables  for	dsbl  client.	The  variables	DSBL_USER  and
       DSBL_PASS  are  required	for non-anonymous DSBL submissions, for	anony-
       mous submissions	to the defaults  are  sufficient.
       To submit a proxy to, set destination to the mail exchanger of domain, currently  For example:

	 DSBL_USER=username DSBL_PASS=password ./proxycheck -vv	\ -cdsbl proxyhost

       Additional and updated information may be found at the URL below.

       This program is free software.  It may be used and distributed  in  the
       terms of	General	Public License (GPL) version 2 or later.

       proxycheck  written by Michael Tokarev <>.	Latest version
       of  this	 utlilty  may  be  found  at



Want to link to this manual page? Use this URL:

home | help