what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

proxyscan.c

proxyscan.c
Posted Nov 17, 2002
Authored by sit0 | Site defcon.one.pl

Multithreaded Proxy Scanner for UNIX v0.7.0. This proxy scanner uses a small PHP script to collect open proxy servers.

tags | tool, scanner, php
systems | unix
SHA-256 | f104e807c621cceb31c16056158d12c795b3dc603408f99872db08030dd301e3

proxyscan.c

Change Mirror Download
/*
* Multithreaded Proxy Scanner for UNIX v0.7.1
* by sit0 <sit0@o2.pl>
* http://defcon.one.pl
*
* returns http variables in format:
* ip:port#REMOTE_ADDR#HTTP_X_FORWARDED_FOR#HTTP_VIA#HTTP_USER_AGENT#[CONNECT]
*
*
* examples:
*
* 61.1.178.95:80#202.54.30.58#213.76.200.91#1.0 cache#fork()#
* this is not anonymous proxy, forwarding not only your IP, but also
* your browser's ID and its version.
*
* 12.21.174.130:80#12.21.174.130###Mozilla 3.01 (compatible ;)#CONNECT
* here you see really great proxy. not only hiding your IP, its version,
* and faking your browser's ID, but also allowing you to make connections to
* any port on any machine! (probably in it's own LAN, too! ;)
* as you probably know, this makes it VERY useful ;]
*
* this code probably contains some bugs - I didn't test it throughoutly...
* if you find any - I'll appreciate if you let me know about it.
*
* if you don't know what to do with the output, I suggest you reading
* `man grep`, `man cut` and probably `man sh` ;]
*
* ok, ok... little hint:
* $ grep "###" outputfile|cut -f1 -d'#'
* Above command will print all highly anonymous proxies in the 'outputfile'...
*/

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <time.h>
#include <string.h>
#include <ctype.h>
#include <fcntl.h>
#include <netdb.h>
#include <signal.h>
#include <errno.h>
#include <sys/wait.h>
#include <sys/select.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <arpa/nameser.h>


const char *version = "0.7.1";

int verbose = 0;
int CHILDREN = 5;
int TIMEOUT = 10;

int wolny(int *tablica, int dlugosc);
int readln(int fd, char *bufor, int max);
int check(char *adres, int port, int output);
void usage();
void info();

/* define, structure and functions stolen from somewhere... */

#ifndef INADDR_NONE
# define INADDR_NONE (in_addr_t)-1
#endif

struct ip_range{
unsigned long start_ip; // IP addresses in _host_ order, not network
unsigned long end_ip;
};

int is_ip(char* string, struct ip_range* range);
int is_range1(char* string, struct ip_range* range);
int next_address(const struct ip_range* range, const struct in_addr* prev_addr,
struct in_addr* next_addr);
int is_range2(char* string, struct ip_range* range);
/* end of stolen part */

int main(int argc, char **argv) {

struct ip_range range;
int PORTY[16];
int ile_portow=0, fd, rng=0, proxy_port, stat, std = 0;
char *LIST=NULL, *OUTPUT=NULL;
char buf[256], *p, *proxy_ip, *tmp;
int *pidy, out, done=0, x, y=0, i, j, status, procesy=0, pid;
pid_t w;

struct sockaddr_in server;
struct hostent *host;
struct in_addr addr, *target;

int opt;

bzero(PORTY,sizeof(PORTY));
if (out!=1) info();
if (argc<2) { usage(); exit(0); }

while((opt = getopt(argc, argv, "l:p:t:r:o:c:svh")) != -1)
{
switch (opt)
{
case 'p':
tmp = (char *) malloc(strlen(optarg)+1);
strcpy(tmp, optarg);
while (tmp != NULL && ile_portow<16) {
PORTY[ile_portow] = atoi(tmp);
ile_portow++;
strsep(&tmp,", \n");
}
break;

case 'l': // plik z lista ipkuf
strtok(optarg," ");
while (optarg[0] == 32) optarg++;
LIST = (char *) malloc(strlen(optarg)+1);
strcpy(LIST, optarg);
break;
case 'r':
if (!(stat = is_range1(optarg, &range)))
stat = is_range2(optarg, &range);
if (!stat) {
usage();
exit(1);
} else rng++;
break;
case 'o': // plik, w ktorym umiescimy wyniki poszukiwan
strtok(optarg," ");
while (optarg[0] == 32) optarg++;
OUTPUT = (char *) malloc(strlen(optarg)+1);
strcpy(OUTPUT, optarg);
break;
case 'c': // ilosc potomkow/jednoczesnie otwieranych polaczen
CHILDREN = atoi(optarg);
if (!CHILDREN) {
printf("[33;1m\nbad number of children.[m\n\n");
exit(0);
}
break;
case 't':
TIMEOUT = atoi(optarg);
if (!TIMEOUT) {
printf("[33;1m\nbad timeout value.[m\n\n");
exit(0);
}
break;
case 's':
std++;
break;
case 'v': // troche wiecej informacji o tym, co sie dzieje...
verbose++;
break;
case 'h':
usage();
exit(0);
break;
default:
usage();
exit(0);
}
} //while

if (LIST && std || LIST && rng || std && rng) { usage(); exit(0); }

if (std) fd = 0;
else
if (LIST) {
fd = open(LIST,O_RDONLY);
if (fd<0) { printf("[33;1m\nCouldn't open input file '%s'.[m\n\n",LIST)
;exit(0); }
}
else
if (!rng)
{
printf("\n[33;1mNo targets source specified (no -l, -s or -r option).[m
\n\n");
exit(0);
}

if (rng && !ile_portow)
{
printf("\n[33;1mNo ports to scan.[m\n\n");
exit(0);
}

if (ile_portow && !rng)
{
printf("\n[33;1mPorts specified, but no range to scan.[m\n\n");
exit(0);
}

if (OUTPUT) {
if ( (out = open(OUTPUT, O_CREAT|O_WRONLY,0644))<0) {
sprintf(buf,"\n[33;1mCouldn't create output file");
perror(buf);
printf("[m\n");
exit(0);
}
} else out=1;

pidy = (int *) malloc(CHILDREN * sizeof(int));
bzero(pidy, CHILDREN * sizeof(int));

if (rng) {
target = (struct in_addr*)malloc(sizeof(struct in_addr));
bzero(target, sizeof(struct in_addr));
next_address(&range,0,target);
}


while (!done) {
if ( (i=wolny(pidy,CHILDREN)) >= 0)
{
bzero(buf,sizeof(buf));
if (rng) {
if (y>=ile_portow) {
y=0;
if (!next_address(&range, target, target)) done=1;
}
sprintf(buf,"%s:%d\n",inet_ntoa(*target),PORTY[y++]);
} else if (readln(fd, buf, sizeof(buf))<0) done=1;
p = buf; //for strsep...
switch (pid=fork()) { //fork is sooooo 1337
case 0:
alarm(TIMEOUT);
proxy_ip = strsep(&p, ":");
if (p!=NULL) {
proxy_port = atoi(p);
if (proxy_port>0) {
if (inet_aton(proxy_ip, &addr)==1)
{
check(proxy_ip,proxy_port,out);
}
else
{
host = gethostbyname(proxy_ip);
if (host != NULL) {
memcpy (&addr.s_addr, *host->h_addr_list, sizeof(&addr.
s_addr));
check(inet_ntoa(addr),proxy_port,out);
} else
if (verbose) printf("%s - host not found.\n",proxy_ip);
}
}
}
exit(0);
break;
case -1:
perror("fork error");
break;
default:
pidy[i]=pid;
break;
} // switch
} else {
usleep(250);
for (x=0; x<CHILDREN; ++x) {
w = waitpid(pidy[x], &status, WNOHANG);
if (w > 0 && !WEXITSTATUS(status))
pidy[x]=0;
}
}
}

close(fd);
close(out);
while (wait(&status)!=-1);
return 0;
}

int wolny(int *tablica, int len) {
int i=0;
while (tablica[i]!=0 && i<len) i++;
if (i<len) return i; else return -1;
}

int readln(int fd, char *buffer, int max) {
int i=0, stat;
char c;
read(fd,&c,1);
while (i<max && c!=10)
{
buffer[i++]=c;
stat=read(fd,&c,1);
}
if (stat>0) return i;
else return -1;
}

int check(char *adres, int port, int output) {
int orig_sock, len, flags;
int fd;
char buf[1024], buf2[512], *p, *tok, *remote=NULL, *x_forward, *via, *user_ag
ent; //my buffers are lame, I know, but who cares?
struct sockaddr_in server;

fd = socket(AF_INET, SOCK_STREAM, 0);

bzero(&server, sizeof(server));
server.sin_family = AF_INET;
inet_pton(AF_INET, adres, &server.sin_addr);
server.sin_port = htons(port);

if((connect(fd, (struct sockaddr *) &server, sizeof(server))) < 0) {
if (verbose)
{
sprintf(buf,"%s:%d",adres,port);
perror(buf);
}
} else
{
/*
this refers to the php script on my server. you can leave it as is or provide
url to following file on your server:

<? echo "\1$GLOBALS[REMOTE_ADDR]\1$GLOBALS[HTTP_X_FORWARDED_FOR]\1$GLOBALS[HTTP
_
VIA]\1$GLOBALS[HTTP_USER_AGENT]\1" ?>
*/
sprintf(buf,"GET http://defcon.one.pl/EnvCheck HTTP/1.0\nUser-Agent: fo
rk()\n\n");
write(fd,buf,sizeof(buf));

bzero(buf,sizeof(buf));
read(fd,buf,sizeof(buf));

p = buf;
strsep(&p, "\1");
if (p!=NULL) {
remote = p;
strsep(&p, "\1");
if (p!=NULL) {
x_forward = p;
strsep(&p, "\1");
if (p!=NULL) {
via = p;
strsep(&p, "\1"); user_agent = p;
strtok(p, "\1");
p = NULL;
sprintf(buf2,"%s:%d#%s#%s#%s#%s#",adres,port,remote,x_forward,v
ia,user_agent);
close(fd);
fd = socket(AF_INET, SOCK_STREAM, 0);
if(!connect(fd, (struct sockaddr *) &server, sizeof(server))) {
sprintf(buf, "CONNECT microsoft.com:80 HTTP/1.0\n\n");
write(fd, buf, strlen(buf));
bzero(buf,sizeof(buf));
read(fd,buf,sizeof(buf));
if (! (p = strstr(buf,"HTTP/1.0 200"))) p = strstr(buf,"HTTP/1.
1 200");
} //second connect
else
if (verbose)
{
sprintf(buf,"%s:%d",adres,port);
perror(buf);
}

if (!p)
strncat(buf2,"\n",sizeof(buf2));
else
strncat(buf2,"CONNECT\n",sizeof(buf2));
write(output,buf2,strlen(buf2));
}
}
}
close(fd);
}
}

void info() {
printf("[;1mProxy Scanner for UNIX v%s\n\
by [32;1msit0 [;1m<sit0@o2.pl>[m\n", version);
}

void usage() {
printf("[;1m\nOptions:\n\
-r <ip range>\tIP range to scan (i.e. 192.168.0.0/16, 212.20.91.15-190)
-p <ports>\tcomma separated list of ports to check.
-t <secs>\tconnection timeout in seconds (default: %d).
-l <file>\tUse <file> with proxies to check (in host:port format).
-s\t\tAs above, but use stdin instead of file.
-o <file>\tFile to save output. If not specified, stdout will be used.
-c <number>\tNumber of children processes to spawn (default: %d).
-v\t\tIncreases verbosity.
[m\n",TIMEOUT,CHILDREN);
}


/* stolen code (with original comments) starts here... */

/* is_ip checks if supplied string is an ip address in dotted-decimal
notation, and fills both members of range structure with its numerical value
(host byte order)/ Returns 1 on success, 0 on failure */
int is_ip(char* string, struct ip_range* range) {
unsigned long addr;

addr = inet_addr(string);
if(addr != INADDR_NONE) {
range->start_ip = ntohl(addr);
range->end_ip = ntohl(addr);
return 1;
} else return 0;
};

/* is_range1 checks if supplied string is an IP address range in
form xxx.xxx.xxx.xxx/xx (as in 192.168.1.2/24) and fills
range structure with start and end ip addresses of the interval.
Returns 1 on success, 0 on failure */
int is_range1(char* string, struct ip_range* range) {
char* separator;
unsigned long mask;
char* ip;

if((ip = (char *)malloc(strlen(string)+1))==NULL)
{ perror("malloc"); exit(1); }

if (strlen(string)>19) return 0;
if(separator=(char*)strchr(string,'/')) {
separator++;
mask=atoi(separator);
if(mask<0 || mask>32) return 0;
strcpy(ip, string);
ip[abs(string-separator)-1]=0;
if((range->start_ip=inet_addr(ip)) == INADDR_NONE) return 0;
mask=((1<<mask)-1)<<(sizeof(mask)*8-mask);
range->start_ip=ntohl(range->start_ip); // We store ips in host
byte order
range->start_ip &= mask;
range->end_ip = range->start_ip | ( ~ mask);
free(ip);
return 1;
}
free(ip);
return 0;
};


/* next_address function writes next ip address in range after prev_addr to
structure pointed by next_addr. Returns 1 if next ip found and 0 otherwise *
/
int next_address(const struct ip_range* range, const struct in_addr* prev_addr,
struct in_addr* next_addr) {
unsigned long pa; // previous address, host byte order

if(prev_addr) {
pa = ntohl(prev_addr->s_addr);
if(pa < range->end_ip) {
next_addr->s_addr=htonl(++pa);
return 1;
} else return 0;
} else {
next_addr->s_addr=htonl(range->start_ip);
return 1;
};
};

/* is_range2 checks if supplied string is an IP address range in
form xxx.xxx.xxx.xxx-xxx (as in 192.168.1.2-15) and fills
range structure with start and end ip addresses of the interval.
Returns 1 on success, 0 on failure */
int is_range2(char* string, struct ip_range* range) {
unsigned long last_octet; /*last octet of last ip in range*/
char* separator;
unsigned long addr;
char* ip;

if((ip = (char *)malloc(strlen(string)+1))==NULL)
{ perror("malloc"); exit(2); }
strcpy(ip,string);

if(separator = (char*)strchr(ip,'-')) {
*separator=0;
separator++;
last_octet = atoi(separator);
if(last_octet<0 || last_octet > 255) {
free(ip);
return 0;
};
addr = inet_addr(ip);
if(addr == INADDR_NONE) {
free(ip);
return 0;
};
range->start_ip = ntohl(addr);
range->end_ip = (range->start_ip & 0xffffff00) | last_octet;
if (range->end_ip < range->start_ip) {
free(ip);
return 0;
};
free(ip);
return 1;
}
free(ip);
return 0;
};


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close