Nmap Development mailing list archives
Re: The issue when using the socks-open-proxy.nse
From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 12 Mar 2015 08:20:55 -0500
Hongyi,
NSE scripts are each governed by a function called the "rule" [1], which
tells when they should run. The rule for socks-open-proxy is:
portrule = shortport.port_or_service({1080, 9050},
{"socks", "socks4", "socks5", "tor-socks"})
This means that the script will run on TCP ports 1080 and 9050, as well as
any port that is assigned the name or detected as "socks", "socks5", etc.
In your case, port 60088 is not assigned a service name by IANA, and you
did not choose to do version detection with -sV, so the script does not
run. Here are a few ideas for how to make this work:
1. Use -sV to detect the socks proxy on the port so that the script can run.
2. Force the script to run on *every* scanned port: `--script
+socks-open-proxy` This is safe to do in cases like this where you are
scanning just one port, and you are certain of the service that is
listening. But this is not usually a good idea when scanning a lot of
ports, especially on unknown systems, since it will result in a lot of data
being sent to every open port.
3. Edit the nmap-services file to add port 60088/tcp as socks5.
Dan
On Thu, Mar 12, 2015 at 2:49 AM, Hongyi Zhao <hongyi.zhao () gmail com> wrote:
Hi all, I try to use the `--script socks-open-proxy' of nmap described here to test some socks5 proxies: http://nmap.org/nsedoc/scripts/socks-open-proxy.html The used socks5 proxies used are selected from http://www.socks- proxy.net/. And the usage of nmap is something as following for my test: -- werner@debian:~$ nmap -p60088 --script=socks-open-proxy --script-args proxy.url=http://130.158.6.87/api/iphone/,proxy.pattern="*vpn_servers"; 195.154.232.48 Starting Nmap 6.47SVN ( http://nmap.org ) at 2015-03-12 15:40 CST Nmap scan report for 195-154-232-48.rev.poneytelecom.eu (195.154.232.48) Host is up (0.47s latency). PORT STATE SERVICE 60088/tcp open unknown Nmap done: 1 IP address (1 host up) scanned in 1.88 seconds -- As you can see, the test give the result is *unknown*, which is not consistent with the description given by the proxy's origin providing webpage. Any hints? Regards -- .: Hongyi Zhao [ hongyi.zhao AT gmail.com ] Free as in Freedom :. _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- The issue when using the socks-open-proxy.nse Hongyi Zhao (Mar 12)
- Re: The issue when using the socks-open-proxy.nse Daniel Miller (Mar 12)
- Re: The issue when using the socks-open-proxy.nse Hongyi Zhao (Mar 12)
- Re: The issue when using the socks-open-proxy.nse Daniel Miller (Mar 12)