TextBin - Online Text and Code Sharing

New Paste Browse

scanner {
	/*
	 * Unique name of this scanner. This is used further down in the
	 * user {} blocks to decide which users get affected by which
	 * scanners.
	 */
	name = "default";

/*
	 * HTTP CONNECT - very common proxy protocol supported by widely known
	 * software such as Squid and Apache. The most common sort of
	 * insecure proxy and found on a multitude of weird ports too. Offers
	 * transparent two way TCP connections.
	 */
	protocol = HTTP:80;
	protocol = HTTP:8080;
	protocol = HTTP:3128;
	protocol = HTTP:6588;

/*
	 * The SSL/TLS variant of HTTP
	 */
#	protocol = HTTPS:443;
#	protocol = HTTPS:8443;

/*
	 * SOCKS4/5 - well known proxy protocols, probably the second most
	 * common for insecure proxies, also offers transparent two way TCP
	 * connections. Fortunately largely confined to port 1080.
	 */
	protocol = SOCKS4:1080;
	protocol = SOCKS5:1080;

/*
	 * Cisco routers with a default password (yes, it really does happen).
	 * Also pretty much anything else that will let you telnet to anywhere
	 * else on the Internet. Fortunately these are always on port 23.
	 */
	protocol = ROUTER:23;

/*
	 * WinGate is commercial windows proxy software which is now not so
	 * common, but still to be found, and helpfully presents an interface
	 * that can be used to telnet out, on port 23.
	 */
	protocol = WINGATE:23;

/*
	 * Dreambox DVB receivers with a default password allowing
	 * full root access to telnet or install bouncers.
	 */
	protocol = DREAMBOX:23;

/*
	 * The HTTP POST protocol, often dismissed when writing the access
	 * controls for proxies, but sadly can still be used to abused.
	 * Offers only the opportunity to send a single block of data, but
	 * enough of them at once can still make for a devastating flood.
	 * Found on the same ports that HTTP CONNECT proxies inhabit.
	 *
	 * Note that if your ircd has "ping cookies" then clients from HTTP
	 * POST proxies cannot actually ever get onto your network anyway. If
	 * you leave the checks in then you'll still find some (because some
	 * people IRC from boxes that run them), but if you use HOPM purely as
	 * a protective measure and you have ping cookies, you need not scan
	 * for HTTP POST.
	 */
	protocol = HTTPPOST:80;

/*
	 * The SSL/TLS variant of HTTPPOST
	 */
#	protocol = HTTPSPOST:443;
#	protocol = HTTPSPOST:8443;

/*
	 * IP address this scanner will bind to. Use this if you need your scans to
	 * come FROM a particular interface on the machine you run HOPM from.
	 * If you don't understand what this means, please leave this
	 * commented out, as this is a major source of support queries!
	 */
#	vhost = "127.0.0.1";

/*
	 * Maximum file descriptors this scanner can use. Remember that there
	 * will be one FD for each protocol listed above. As this example
	 * scanner has 8 protocols, it requires 8 FDs per user. With a 512 FD
	 * limit, this scanner can be used on 64 users _at the same time_.
	 * That should be adequate for most servers.
	 */
	fd = 512;

/*
	 * Maximum data read from a proxy before considering it closed. Don't
	 * set this too high, some people have fun setting up lots of ports
	 * that send endless data to tie up your scanner. 4KB is plenty for
	 * any known proxy.
	 */
	max_read = 4 kbytes;

/*
	 * Amount of time before a test is considered timed out.
	 * Again, all but the poorest slowest proxies will be detected within
	 * 30 seconds, and this helps keep resource usage low.
	 */
	timeout = 30 seconds;

/*
	 * Target IP to tell the proxy to connect to
	 *
	 * !!! THIS MUST BE CHANGED !!!
	 *
	 * You cannot instruct the proxy to connect to itself! The easiest
	 * thing to do would be to set this to the IP address of your ircd
	 * and then keep the default target_strings.
	 *
	 * Please use an IP address that is publically reachable from anywhere
	 * on the Internet, because you have no way of knowing where the insecure
	 * proxies will be located. Just because you and your HOPM can
	 * connect to your ircd on some private IP address like 192.168.0.1,
	 * does not mean that the insecure proxies out there on the Internet will be
	 * able to. And if they never connect, you will never detect them.
	 *
	 * Remember to change this setting for every scanner you configure.
	 */
	target_ip = "127.0.0.1";

/*
	 * Target port to tell the proxy to connect to. This is usually
	 * something like 6667. Basically any client-usable port.
	 */
	target_port = 6667;

/*
	 * Target string we check for in the data read back by the scanner.
	 * This should be some string out of the data that your ircd usually
	 * sends on connect. Multiple target strings are allowed.
	 *
	 * NOTE: Try to keep the number of target strings to a minimum. Two
	 *       should be fine. One for normal connections and one for throttled
	 *       connections. Comment out any others for efficiency.
	 */

/*
	 * Usually first line sent to client on connection to ircd.
	 * If your ircd supports a more specific line (see below),
	 * using it will reduce false positives.
	 */
	target_string = ":irc.example.org NOTICE * :*** Looking up your hostname";

/*
	 * If you try to connect too fast, you'll be throttled by your own
	 * ircd. Here's what a hybrid throttle message looks like:
	 */
	target_string = "ERROR :Your host is trying to (re)connect too fast -- throttled.";
};

scanner {
	name = "extended";

protocol = HTTP:81;
	protocol = HTTP:8000;
																 
																		 
										   
	   
	protocol = HTTP:8001;
	protocol = HTTP:8081;

protocol = HTTPPOST:81;
	protocol = HTTPPOST:6588;
	protocol = HTTPPOST:4480;
	protocol = HTTPPOST:8000;
	protocol = HTTPPOST:8001;
	   
	protocol = HTTPPOST:8080;
	protocol = HTTPPOST:8081;

/*
	 * IRCnet have seen many socks5 on these ports, more than on the
	 * standard ports even.
															  
	 */
	protocol = SOCKS4:4914;
	protocol = SOCKS4:6826;
	protocol = SOCKS4:7198;
	protocol = SOCKS4:7366;
	protocol = SOCKS4:9036;

protocol = SOCKS5:4438;
	protocol = SOCKS5:5104;
	protocol = SOCKS5:5113;
	protocol = SOCKS5:5262;
	protocol = SOCKS5:5634;
	protocol = SOCKS5:6552;
	protocol = SOCKS5:6561;
	protocol = SOCKS5:7464;
	protocol = SOCKS5:7810;
	protocol = SOCKS5:8130;
	protocol = SOCKS5:8148;
	protocol = SOCKS5:8520;
	protocol = SOCKS5:8814;
	protocol = SOCKS5:9100;
	protocol = SOCKS5:9186;
	protocol = SOCKS5:9447;
	protocol = SOCKS5:9578;
																	   
																		 
												  
	   
	protocol = SOCKS5:10000;
 
	  
															  
													  
	   
	protocol = SOCKS5:64101;

/*
	 * These came courtsey of Keith Dunnett from a bunch of public open
	 * proxy lists.
																	  
																	 
																 
	  
																	   
																		 
																		
																		  
																		
					 
	 */
	protocol = SOCKS4:29992;
 
	  
									  
	   
	protocol = SOCKS4:38884;
	protocol = SOCKS4:18844;
	protocol = SOCKS4:17771;
	  
																			   
																		 
																 
																   
	   
						   
 
	  
																		 
	protocol = SOCKS4:31121;

fd = 400;

/*
	 * If required you can add settings such as target_ip here
	 * they will override the defaults set in the first scanner
	 * for this and subsequent scanners defined in the config file
	 * This affects the following options:
	 * fd, vhost, target_ip, target_port, target_string, timeout and
	 * max_read.

Paste Settings

Paste Title : [Optional]

Paste Folder : [Optional]

Syntax Highlighting : [Optional]

Paste Expiration : [Optional]

Paste Status : [Optional]

Password : [Optional]

Description: [Optional]

Tags: [Optional]

Encrypt Paste (?)

You are currently not logged in, this means you can not edit or delete anything you paste. Sign Up or Login

Paste Settings

Site Languages