proxycheck(1)						      General Commands Manual						     proxycheck(1)

NAME

       proxycheck -- open proxy server checker

SYNOPSYS

       proxycheck options host[:proto_port_spec]...

DESCRIPTION

       proxycheck  is a simple open proxy checking tool which is capable to quickly discovery open proxy servers on many hosts.  It's primary goal
       is to detect an open proxy server in order to prevent it's abuse by various "bad guys", mostly spammers.  Having a wide-open proxy  service
       running	on  a publicaly accessible network is a very bad idea nowadays, and proxycheck may be used to find such system in order to be able
       to either secure a system, or to refuse servicing it until it will be secured properly.

       In order to determine if a given host is running an open proxy service, proxycheck tries to connect to a given  destination  system  via  a
       host  and perform some actions, trying to talk with the destination system.  If a talk is successeful, proxycheck assumes the proxy service
       is running and wide-open.

       proxycheck supports all commonly used proxy protocols, namely, HTTP CONNECT method, SOCKS versions 4  and  5,  and  Wingate  "telnet"-style
       proxies.  In future, support for more protocols may be added.

       Please  note  that with current number of various trojan horses cicrulating around, each opening a proxy on a random port, it is not really
       enouth to probe for standard (in whatever reason) ports built into the proxycheck.  Instead, it is highly recommended to use a list of cur-
       rently active ports maintained by several people on the 'net.

OPTIONS

       The following command-line options are recognized:

       -h     print a short help and exit.

       -v     increase the verbosity level.  All debugging messages will go to standard error stream.

       -d deshost:destport (required)
	      try to establish a proxied connection to the given dsthost, port dstport.  This option is required.

       -c check[:params] (required)
	      the  "method"  proxycheck  will  use when talking to a destination system to determine if a proxy is open or not.  Interpretation of
	      params is check-dependant.  This option is required.  Several methods are available:

	      chat:sendstr:expectstr
		     Try to perform simple "chat" with the destination system: send the string given as sendstr and wait for expectstr on  output.
		     If sendstr is empty, proxycheck will send the proxy parameters in the form
			protocol:ip-address:portnumber
		     to the remote system.  Proxy assumed to be open if expectstr is found.

	      dsbl   (no parameters accepted)
		     try  to  submit  all  found  proxies  to the DSBL.org-like system, see http://dsbl.org/ for more details.	All the parameters
		     required (username, password, recipient address, cookie server, ...) are expected to be found in environment variables.   Run
		     proxycheck with -h option to see a list of recognized variables and their default values.	By default, proxycheck will anoni-
		     mously submit all found proxies to unconfirmed.dsbl.org (which isn't very useful).  For trusted DSBL user, at least DSBL_USER
		     and DSBL_PASS variables should be set properly.

       -p proto_port_spec
	      specifies protocol and ports to connect to.  If not given, proxycheck will try it's built-in default list.  This option may be spec-
	      ified more than once.   See below for proto_port_spec.  If proto_port_spec is specified for a single host to check,  it  applies	to
	      that host only, and no protocols/ports in default list will be checked for that host.

       -D     do not reset default port list when using -p option, but prepend new ports to it instead.

       -a     use  more  "advanced"  ports/protocols.	The  more -a's given, the more ports/protocols will be probed.	For a complete list of all
	      ports and protocols and their level, execute proxycheck with -h option.

       -t timeout
	      a timeout, in secounds, for every operation.  Default value is 30 secounds.  The timer starts at the connection attempt to the proxy
	      itself, after sending the "connect" command to the proxy and so on.

       -m maxconn
	      Do  not  attempt	to make more than maxconn parallel connections.  By default, maximum number of parallel connections limited by the
	      operating system and on most systems it is around 1000.

       -M maxhconn
	      Do not make more than maxhconn parallel connections to the same host (default is unlimited).  This  may  be  useful  for	overloaded
	      proxies  which  can't  handle  many  parallel connections using different ports/protocols, but may significantly slow down the whole
	      process.

       -s     when an open proxy is found on a given IP, stop probing for other ports/protocols for this IP.  Best used when many IPs are  tested,
	      and/or  with  -M	option.   This	is because currently, proxycheck will not make any new connections to such host, but will wait for
	      already active connections to complete.

       -b bindaddr
	      use bindaddr as a source address for all outgoing connections.

       -n     write a line about definitely closed proxies to stdout in additional to writing about open proxies, in a form
		 127.0.0.1 http:8080 closed

       -x     print extended proxy information (proxy-agent and the like) if available.  This will be on the same "open"  (or  "closed"  with  -n)
	      line, last, enclosed in square brackets [].

       -i filename
	      read list of hosts to check from a given file filename (in addition to command line), or from stdin if filename if `-'.

   Protocol and Port specification
       Proxy protocols and ports to try (proto_port_spec) specified using the following syntax:
	     [proto:][port,port,port]
       like:
	     hc:3128,8080 (http protocol on ports 3128 and 8080)
	     hc:    (default list of ports for http protocol)
	     3128   (try http protocol on standard http port 3128)
	     1234   (try all protocols on non-standard port 1234)

       Run proxycheck -h to see a list of supported protocols and default ports.

USAGE

       Simplest  usage	of proxycheck is to try to connect to e.g.  your own mailserver with chat check method.  First, connect to your mailserver
       on port 25 to see which line it outputs upon connection (SMTP greething line), and use it with chat:

	 proxycheck -d yourmailserver.example.org:25 
	   -c chat::greething ip.add.re.ss...

       proxycheck will write a single line for every proto:port it finds to be open on stdout, in the form:
	 127.0.0.3 hc:80 open
       where 127.0.0.3 is an IP address of a host being tested, hc is the protocol name (HTTP CONNECT, consult proxycheck -h for a  full  list	of
       protocols) and 80 is a port number where the proxy service is running.

       In  addition, if proxycheck is able to guess outgoing IP address of a proxy as seen by a destination system, and if that address is differ-
       ent from input proxycheck is connecting to, it will print this information too on the same line, like:
	 127.0.0.2 hc:80 open 127.0.0.3
       where 127.0.0.3 is outgoing IP addres of a multihomed/cascaded proxy as reported by the destination system.  This IP address is hint  only,
       there is no simple and reliable way currently exists for proxycheck to determine that information.  Proxycheck is able to parse a line sent
       by remote system in -c chat mode -- in this mode, proxycheck skips all printable characters after expstr it found and searches for  opening
       `[',  when  tries  to  find  closing  ']' and interpret digits and dots in between as an IP address which gets printed like above.  If your
       mailserver's initial reply contains remote system's IP, or if your mailserver replies with remote system's IP address to HELO/EHLO command,
       this feature may be useful (in the last case, HELO command should be specified in chat).

       When  -n  option is specified, for proto:ports which aren't running open proxy service, and for which proxycheck is able to strongly deter-
       mine this, a line in the following format will be written:
	 127.0.0.4 hc:80 closed
       Note however that in most cases there is no way to reliable determine whenever a given service is not open:  for  example,  an  open  proxy
       server  may be overloaded and refusing connections.  In most cases, proxycheck assumes proxy is in unknown state, only a few codes are rec-
       ognized as real indication of "closed" state.

       When -x option is specified, there will be additional proxy info written on the same line (if available), like:
	 127.0.0.2 hc:80 open 127.0.0.3 [AnalogX 3.1415926]
	 127.0.0.3 hc:80 open [AnalogX 3.1415926]
	 127.0.0.4 hc:80 closed [AnalogX 3.1415926]

       One may see some detail of proxycheck's operations giving sufficient number of -v options in  the  command  line.   Verbosity  level  of  5
       (-vvvvv) will show almost everything.  All the debugging output will go to the standard error stream and thus will not affect normal opera-
       tions (when you process proxycheck's output using some script).

EXIT CODE

       proxycheck will exit with code 100 if at least one open proxy server was found.	In case of incorrect usage, it will exit with code 1.	If
       no open proxies where found, proxycheck will return 0.

LICENSE

       This program is free software.  It may be used and distributed in the terms of General Public License (GPL) version 2 or later.

AUTHOR

       proxycheck  written  by	Michael  Tokarev  <mjt@corpit.ru>.  Latest version of this utlilty may be found at http://www.corpit.ru/mjt/proxy-
       check.html.

																     proxycheck(1)