|-h||print a short help and exit.|
|-v||increase the verbosity level. All debugging messages will go to standard error stream.|
|-d deshost:destport (required)||try to establish a proxied connection to the given dsthost, port dstport. This option is required.|
|-c check[:params] (required)||
the "method" proxycheck will use when talking to a destination
system to determine if a proxy is open or not. Interpretation of
params is check-dependant. This option is required.
Several methods are available:
|-p proto_port_spec||specifies protocol and ports to connect to. If not given, proxycheck will try its built-in default list. This option may be specified more than once. See below for proto_port_spec. If proto_port_spec is specified for a single host to check, it applies to that host only, and no protocols/ports in default list will be checked for that host.|
|-D||do not reset default port list when using -p option, but prepend new ports to it instead.|
|-a||use more "advanced" ports/protocols. The more -as given, the more ports/protocols will be probed. For a complete list of all ports and protocols and their level, execute proxycheck with -h option.|
|-t timeout||a timeout, in secounds, for every operation. Default value is 30 secounds. The timer starts at the connection attempt to the proxy itself, after sending the "connect" command to the proxy and so on.|
|-m maxconn||Do not attempt to make more than maxconn parallel connections. By default, maximum number of parallel connections limited by the operating system and on most systems it is around 1000.|
|-M maxhconn||Do not make more than maxhconn parallel connections to the same host (default is unlimited). This may be useful for overloaded proxies which cant handle many parallel connections using different ports/protocols, but may significantly slow down the whole process.|
|-s||when an open proxy is found on a given IP, stop probing for other ports/protocols for this IP. Best used when many IPs are tested, and/or with -M option. This is because currently, proxycheck will not make any new connections to such host, but will wait for already active connections to complete.|
|-b bindaddr||use bindaddr as a source address for all outgoing connections.|
write a line about definitely closed proxies to stdout in additional
to writing about open proxies, in a form
print extended proxy information (proxy-agent and the like) if available.
This will be on the same "open" (or "closed" with -n) line, last, enclosed
in square brackets .
read list of hosts to check from a given file filename (in addition
to command line), or from stdin if filename if -.
Proxy protocols and ports to try (proto_port_spec) specified using the following syntax:
hc:3128,8080 (http protocol on ports 3128 and 8080) hc: (default list of ports for http protocol) 3128 (try http protocol on standard http port 3128) 1234 (try all protocols on non-standard port 1234)
Run proxycheck -h to see a list of supported protocols and default ports.
Simplest usage of proxycheck is to try to connect to e.g. your own mailserver with chat check method. First, connect to your mailserver on port 25 to see which line it outputs upon connection (SMTP greething line), and use it with chat:
proxycheck -d yourmailserver.example.org:25 \ -c chat::greething ip.add.re.ss...
proxycheck will write a single line for every proto:port it finds to be open on stdout, in the form:
127.0.0.3 hc:80 open
where 127.0.0.3 is an IP address of a host being tested, hc is the protocol name (HTTP CONNECT, consult proxycheck -h for a full list of protocols) and 80 is a port number where the proxy service is running.
In addition, if proxycheck is able to guess outgoing IP address of a proxy as seen by a destination system, and if that address is different from input proxycheck is connecting to, it will print this information too on the same line, like:
127.0.0.2 hc:80 open 127.0.0.3
where 127.0.0.3 is outgoing IP addres of a multihomed/cascaded proxy as reported by the destination system. This IP address is hint only, there is no simple and reliable way currently exists for proxycheck to determine that information. Proxycheck is able to parse a line sent by remote system in -c chat mode - in this mode, proxycheck skips all printable characters after expstr it found and searches for opening [, when tries to find closing ] and interpret digits and dots in between as an IP address which gets printed like above. If your mailservers initial reply contains remote systems IP, or if your mailserver replies with remote systems IP address to HELO/EHLO command, this feature may be useful (in the last case, HELO command should be specified in chat).
When -n option is specified, for proto:ports which arent running open proxy service, and for which proxycheck is able to strongly determine this, a line in the following format will be written:
127.0.0.4 hc:80 closed
Note however that in most cases there is no way to reliable determine whenever a given service is not open: for example, an open proxy server may be overloaded and refusing connections. In most cases, proxycheck assumes proxy is in unknown state, only a few codes are recognized as real indication of "closed" state.
When -x option is specified, there will be additional proxy info written on the same line (if available), like:
127.0.0.2 hc:80 open 127.0.0.3 [AnalogX 3.1415926] 127.0.0.3 hc:80 open [AnalogX 3.1415926] 127.0.0.4 hc:80 closed [AnalogX 3.1415926]
One may see some detail of proxychecks operations giving sufficient number of -v options in the command line. Verbosity level of 5 (-vvvvv) will show almost everything. All the debugging output will go to the standard error stream and thus will not affect normal operations (when you process proxychecks output using some script).
proxycheck will exit with code 100 if at least one open proxy server was found. In case of incorrect usage, it will exit with code 1. If no open proxies where found, proxycheck will return 0.
In the simplest case, specify:
proxycheck -vv -ddsthost:dstport -c chat::"waitstr" list-of-IPs
where dsthost is the host and dstport is the port number of the destination system, and waitstr is a string to look for from the remote system. If you decide to connect to your own mailserver (which is quite logical, since most proxy abuse nowadays is to send spam to your mailserver), connect to it first using telnet and see which SMTP greeting string it prints out upon connection, and use this string as waitstr. For example, if your mailserver is mail.example.com, the following may apply:
$ telnet mail.example.com 25 Telnet: trying 127.0.0.1... connected. 250 mail.example.com ESMTP welcome QUIT
In this case, proxychecks command line may look as follows:
proxycheck -vv -d mail.example.com:25 \ -c chat::"250 mail.example.com ESMTP welcome" list-of-IPs
Another usage scenario is to automatically submit all open proxies to DSBL.org-style blocklists. For this, specify -c dsbl and set up environment variables for dsbl client. The variables DSBL_USER and DSBL_PASS are required for non-anonymous DSBL submissions, for anonymous submissions to the unconfirmed.dsbl.org defaults are sufficient. To submit a proxy to DSBL.org, set destination to the mail exchanger of listme.dsbl.org domain, currently mx.listme.dsbl.org. For example:
DSBL_USER=username DSBL_PASS=password ./proxycheck -vv \ -dmx.listme.dsbl.org:25 -cdsbl proxyhost
Additional and updated information may be found at the URL below.
This program is free software. It may be used and distributed in the terms of General Public License (GPL) version 2 or later.
proxycheck written by Michael Tokarev <firstname.lastname@example.org>. Latest version of this utlilty may be found at http://www.corpit.ru/mjt/proxycheck.html.