#!/usr/bin/perl
#
# Squid can be used to proxy and also portscan
# if set up as a httpd accelerator (reverse proxy).
#
#        Affected: Redhat 7.0
#          Author: Paul Nasrat <pnasrat@uk.now.com>
#            Date: 7 July 2001 
#
$|++;
require LWP::UserAgent;
use Getopt::Std;

getopts('b:P:t:L:H:',\%args);

if ($args{t} eq "") {                   # Specify a port for tomcat 
  print_help();
  exit 0;
}

$low = $args{L} || 1;
$high = $args{H} || 8192;
$proxy = $args{b};
$proxy_port = $args{P} || 80;
$target = $args{t};

$ua = LWP::UserAgent->new;
$ua->proxy(['http', 'ftp'], "http://$proxy:$proxy_port/");
print "squidmap $version scanning $target via http://$proxy:$proxy_port\n";
print "Port\tState\t\tService\t\tResponse\n";
# for loop hard coded - fixme
for ($port=$low;$port<=$high;$port++) {
  $request = HTTP::Request->new('CONNECT', "http://$target:$port");
  my $res = $ua->request($request);
  my $service = getservbyport($port, tcp);

  # Check the outcome of the response
  if ($res->is_success) {
    print "$port\topen\t\t", $service, "\t\t", $res->content, "\n";
  } 
}

sub print_help {
  print 'Usage: squidmap <options> where options:',"\n";
  print '-b host  HTTP proxy via host',"\n";  
  print '-P ##    HTTP proxy port (default: 80)',"\n";
  print '-L ##    low end/start of range (default: 1)',"\n";
  print '-H ##    high end/end of range (default: 8192)',"\n";
  print '-t host  target to attempt to scan',"\n";
}