module
Squid Proxy Port Scanner
| Disclosed | Created |
|---|---|
| 01/01/1970 | 05/30/2018 |
Disclosed
01/01/1970
Created
05/30/2018
Description
A exposed Squid proxy will usually allow an attacker to make requests on
their behalf. If misconfigured, this may give the attacker information
about devices that they cannot normally reach. For example, an attacker
may be able to make requests for internal IP addresses against an open
Squid proxy exposed to the Internet, therefore performing a port scan
against the internal network.
The `auxiliary/scanner/http/open_proxy` module can be used to test for
open proxies, though a Squid proxy does not have to be on the open
Internet in order to allow for pivoting (e.g. an Intranet Squid proxy
which allows the attack to pivot to another part of the internal
network).
This module will not be able to scan network ranges or ports denied by
Squid ACLs. Fortunately it is possible to detect whether a host was up
and the port was closed, or if the request was blocked by an ACL, based
on the response Squid gives. This feedback is provided to the user in
meterpreter `VERBOSE` output, otherwise only open and permitted ports
are printed.
their behalf. If misconfigured, this may give the attacker information
about devices that they cannot normally reach. For example, an attacker
may be able to make requests for internal IP addresses against an open
Squid proxy exposed to the Internet, therefore performing a port scan
against the internal network.
The `auxiliary/scanner/http/open_proxy` module can be used to test for
open proxies, though a Squid proxy does not have to be on the open
Internet in order to allow for pivoting (e.g. an Intranet Squid proxy
which allows the attack to pivot to another part of the internal
network).
This module will not be able to scan network ranges or ports denied by
Squid ACLs. Fortunately it is possible to detect whether a host was up
and the port was closed, or if the request was blocked by an ACL, based
on the response Squid gives. This feedback is provided to the user in
meterpreter `VERBOSE` output, otherwise only open and permitted ports
are printed.
Authors
willis0x44434241
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use auxiliary/scanner/http/squid_pivot_scanning
msf /(g) > show actions
...actions...
msf /(g) > set ACTION < action-name >
msf /(g) > show options
...show and set options...
msf /(g) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.