Re: Portscanning through HTTP proxy?

["uzy" <uzy () isecurelabs com>]

You could consider using nmap -sT with proxychains. As simple as : 

proxychains nmap -sT -p NN myIP 

Edit proxychains.conf to specify your SOCKS or HTTP proxy. 

http://proxychains.sf.net 

Cheers 

MadHat writes: 

> On Dec 7, 2004, at 2:14 AM, Max wrote:
> > You might have better success with Nessus since it comes with its own 
> > language
>
> Why not just patch nmap?  It has a language too, called C++ ;) 
>
> Fyodor has mention in the source code that there should probably be SOCKS 
> support as well.  Just if no one asks for it, he is going to work on what 
> he feels is most important.  If someone really wants a feature, they can 
> request it, or try and write a patch (the glory of Open Source). 
>
> > M@x 
> >
> >
> > MadHat wrote:
> > > On Dec 6, 2004, at 3:58 PM, Mark Lachniet wrote:
> > > > Is there a decent way, similar to the FTP bounce approach, to do
> > > > portscanning through an insecure HTTP proxy using CONNECT verbs?  For
> > > > example, say I find a dual-homed host that has unrestricted proxy, and 
> > > > am
> > > > too lazy to telnet to the proxy and type: 
> > > >
> > > > 'CONNECT http://10.1.1.1:25 HTTP/1.1' 
> > > >
> > > > and manually iterate it a hundred times.
> > > there is not an easy way right now built into nmap that I know of, but 
> > > it should be easy to make a patch for it.
>  
>
> ---------------------------------------------------------------------
> For help using this (nmap-dev) mailing list, send a blank email to 
> nmap-dev-help () insecure org . List archive: http://seclists.org 



---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org