[NSElib] torsocks5.lua

[Gutek <ange.gutek () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi devs

I'm working on a stress-test script which, among other tricks, uses TOR
features.
For this purpose I needed a lib to handle some TOR-proxified queries,
and this is a derivated
version to deal with your local socks v5 service.
Give it a host, port and payload, and it should return a socks status
along with the answer
from the distant target. Simple.

Joao Correa's work in 2009 was a great help
(http://seclists.org/nmap-dev/2009/q2/att-447/proxy-open-socks.nse).

With all those exploit scripts around, maybe this could be of some help.
Attached are the nselib, and a demo script.

Requirement : TOR socks5 service running on 127.0.0.1:9050
Usage : nmap -p80 --script tor.nse automation.whatismyip.com
This is a PoC and should return your proxyfied IP as seens by this web
service.

- -- @output
- -- 80/tcp open  http
- -- | tor: (Using TOR proxy)
- -- | HTTP/1.1 200 OK
- -- | Connection: close
- -- | Date: Sat, 16 Jul 2011 15:51:41 GMT
- -- | Server: Microsoft-IIS/6.0
- -- | X-Powered-By: ASP.NET
- -- | Content-Length: 13
- -- | Content-Type: text/html
- -- | Set-Cookie: ASPSESSIONIDSCCDQSDD=JCNHHPJAGBNFHDBOEOBLFKBG; path=/
- -- | Cache-control: private
- -- |
- -- |_199.48.147.36

Regards,
A.G.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk4hvbgACgkQ3aDTTO0ha7grJgCfcgQ1TULL9ns3pB02q3pP0rp4
ihAAn0cSbx9Dblq+c4zOdT90K+MG5rpF
=x/Ub
-----END PGP SIGNATURE-----

Attachment: torsocks5.lua
Description:

Attachment: tor.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/