Nmap Development mailing list archives
Re: The issue when using the socks-open-proxy.nse
From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 12 Mar 2015 08:20:55 -0500
Hongyi, NSE scripts are each governed by a function called the "rule" [1], which tells when they should run. The rule for socks-open-proxy is: portrule = shortport.port_or_service({1080, 9050}, {"socks", "socks4", "socks5", "tor-socks"}) This means that the script will run on TCP ports 1080 and 9050, as well as any port that is assigned the name or detected as "socks", "socks5", etc. In your case, port 60088 is not assigned a service name by IANA, and you did not choose to do version detection with -sV, so the script does not run. Here are a few ideas for how to make this work: 1. Use -sV to detect the socks proxy on the port so that the script can run. 2. Force the script to run on *every* scanned port: `--script +socks-open-proxy` This is safe to do in cases like this where you are scanning just one port, and you are certain of the service that is listening. But this is not usually a good idea when scanning a lot of ports, especially on unknown systems, since it will result in a lot of data being sent to every open port. 3. Edit the nmap-services file to add port 60088/tcp as socks5. Dan On Thu, Mar 12, 2015 at 2:49 AM, Hongyi Zhao <hongyi.zhao () gmail com> wrote:
Hi all, I try to use the `--script socks-open-proxy' of nmap described here to test some socks5 proxies: http://nmap.org/nsedoc/scripts/socks-open-proxy.html The used socks5 proxies used are selected from http://www.socks- proxy.net/. And the usage of nmap is something as following for my test: -- werner@debian:~$ nmap -p60088 --script=socks-open-proxy --script-args proxy.url=http://130.158.6.87/api/iphone/,proxy.pattern="*vpn_servers" 195.154.232.48 Starting Nmap 6.47SVN ( http://nmap.org ) at 2015-03-12 15:40 CST Nmap scan report for 195-154-232-48.rev.poneytelecom.eu (195.154.232.48) Host is up (0.47s latency). PORT STATE SERVICE 60088/tcp open unknown Nmap done: 1 IP address (1 host up) scanned in 1.88 seconds -- As you can see, the test give the result is *unknown*, which is not consistent with the description given by the proxy's origin providing webpage. Any hints? Regards -- .: Hongyi Zhao [ hongyi.zhao AT gmail.com ] Free as in Freedom :. _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- The issue when using the socks-open-proxy.nse Hongyi Zhao (Mar 12)
- Re: The issue when using the socks-open-proxy.nse Daniel Miller (Mar 12)
- Re: The issue when using the socks-open-proxy.nse Hongyi Zhao (Mar 12)
- Re: The issue when using the socks-open-proxy.nse Daniel Miller (Mar 12)