proxycheck: Open Proxy checker

Quick links


proxycheck is a simple tool that will work on a reasonable *nix system and may be used to quickly check whenever a given host or set of hosts has open proxy server running (No, I will not adopt it to run on winbloze machine, don't ever ask me about this).

Open proxies of various kinds are (ab)used nowadays for various evil things like sending mass spam, hacking into your machine, making denial of service attacks (DoS) and the like. Every such machine should be either secured properly or turned off permanently, but that's not an option, since in most cases there is either no administrator of such machines exists at all, or he has no clue about what's on that machine, or it's irrelevant for him. I tried to contact with several owners of such open proxy servers, but almost without any success so far. So the only way to stop massive abuse made via such machines is to block them. But before it is possible, one need to know whenever any machine runs such service or not. Also, network administrators (of an ISP for example) are able to warn their clients whenever they are running an insecure proxy services - periodical scanning of client's network may also be a good idea.

This command-line tool, proxycheck, may be used for such purpose. Currently, it understands 3 types of proxy servers: HTTP proxies that allows you to CONNECT to any host:port, SOCKS v4 and v5 proxies (, and wingate "telnet" proxy servers. It makes connections to either a set of given ports or to default ports on a given list of IP addresses and tries to convince a service on the remote side to make another connection to a destination specified on proxycheck's command line. If that will success, proxycheck when runs some specified action - tries to "talk" with a destination system, and if a talk was successeful, it assumes the proxy server is open.

A destination you give to proxycheck will usually be your own machine, with a well-known service running on some port that replies to any connection attempt with a well-known fixed string. Typical example is your own mailserver on port 25: whenever someone connect to this port, an SMTP greething message will be sent to remote. So if you tell proxycheck to attempt to make proxy connection to your own mail server, it will be sufficient to treat that proxy as open if proxycheck will see your smtp server's standard greething message.

proxycheck is able to test many different IP addresses and ports simultaneously, to speed up testing. It will try to open as many connections in parallel as allows by your system's resources, or up to specified limit. So it is possible to scan the whole networks using this tool. But be warned that doing so may be not what owners of those networks likes.

Running proxycheck

Please first follow the download section for the proxycheck source code. Source should be compilable on most modern unix-like system. In particular, Linux, *BSD, Solaris and AIX should be ok. Just type `make' in the downloaded and extracted source directory to build proxycheck program.

proxycheck has detailed manual page inside an archive, read it for more information. Also, option -h (help) gives a short usage information and detailed list of protocols and ports proxycheck understands.

Usage is as follows. In simplest case, specify:

  proxycheck -vv -ddsthost:dstport -c chat::"waitstr" list-of-IPs
where dsthost is the host and dstport is the port number of the destination system, and waitstr is a string to wait from the remote system. If you descide to connect to your own mailserver (which is quite logical, since most proxy abuse nowadays is to send spam to your mailserver), connect to it first using telnet and see which SMTP greething string it prints out upon connection, and use this string as waitstr. For example, if your mailserver is, the following may apply:
  $ telnet 25
  Telnet: trying connected.
  250 ESMTP welcome
In this case, your proxycheck's command line may look as follows:
  proxycheck -vv -d -c chat::"250 ESMTP welcome"  list-of-IPs

Another usage scenario is to automatically submit all open proxies to blocklists. For this, specify -c dsbl, and set up environment variables for dsbl client. $DSBL_USER and $DSBL_PASS are required for non-anonimous DSBL submissions, for anonimous submissions to the defaults are sufficient. To submit a proxy to, set destination to the mail exchanger of domain, currently Example:

  DSBL_USER=username DSBL_PASS=password ./proxycheck -vv -cdsbl proxyhost

Currently, proxycheck's dsbl code is far more reliable than original DSBL tools -- mostly because dsbl-testers uses HTTP/1.1 protocol and uses not-so-widely-understood HTTP CONNECT variant. I've sent many emails about this to the administrators of system, but got no single response about this.


Proxycheck is a free software, it may be used and distributed in terms of General Public License (GPL) version 2 or later.

Recent version of proxycheck source code is 0.45, released 2003-05-11, is available here. Note: changes in protocol names compared with 0.3x releases! See recent changes here. Older versions, and packaged versions of the program may be found here. Note that since version 0.2, I've rewritten the program from scratch, and something was changed in incompatible way (notable, -c/-C/-e and -d options).

This program is written by Michael Tokarev. You may reach me via email at mjt(at)corpit(dot)ru.

Page last modified: Sat, 1 Mar 2003 16:24:18 +0300 by mjt.