Scan of the week – scan by country scan by continent


Dis+claimer - all this stuff I bring to your attention is for educational purposes only, and what may be fine and ok here and for me can easily get you somewhere else in trouble so use your discretion here . Happy scanning.

"...Don't know much about geography" as the song goes was ok in 1958 but can be embarrassing in our times of globalization. So let's fill the gap using the NMAP . Say you are investigating the issue of negative attitude towards foreigners in Russia , and as part of the research you just have to see active members of the movement(s) in question voicing their opinions. Only that many times access to such forums or messageboards is limited by their admins to Russia's IPs only. So to get there you need a free open Russian proxy. So let's see how to find one.

Round 1-Gimme the addresses.

IP geolocation databases as it is known in the Net , or simply GeoIP databases are compilation of IP ranges per their assigned country. Take it with a bit of salt as accuracy is the issue here. The one of the most known and used free GeoIP source is Maxmind.com free database that is updated once per month (good enough for this). The Maxmind database comes as binary proprietary format file you can work with using 3rd party tools or as CSV file I will be using here. Download it as Geolite country , unzip and you have GeoIpCountryCSV.csv . Format of the records in it goes like this -

    "1.0.0.0","1.0.0.255","16777216","16777471","AP","Asia/Pacific Region"
    "1.1.1.0","1.1.1.255","16843008","16843263","AU","Australia"
    "1.2.3.0","1.2.3.255","16909056","16909311","AU","Australia"
    "1.50.0.0","1.50.3.255","20054016","20055039","AP","Asia/Pacific Region"

The purpose here is to :

  1. Find all IP ranges that belong to the country of interest

  2. Reformat found IP ranges into the presentation suitable for the NMAP

awk -F, '/RU/ { gsub(/"/,"",$0); print $1 "-" $2} ' GeoIPCountryWhois.csv > IPs.data

    head IPs.data
    62.5.128.0-62.5.255.255
    62.12.80.0-62.12.81.255
    62.16.32.0-62.16.66.255
  • After I found all Russian IPs reformat it to the NMAP eatable form
awk -F\. '{split($4,aaa,"-"); print $1"-"aaa[2]"."$2"-"$5 "." $3"-"$6"."aaa[1]"-"$7}' IPs.data > scan.me
     head scan.me
    62-62.5-5.128-255.0-255
    62-62.12-12.80-81.0-255
    62-62.16-16.32-66.0-255
    62-62.16-16.68-127.0-255
    62-62.32-32.64-95.0-255

Round 2 - find me some proxy

Here I will use LUA script from NSE repository of the nmap called http-open-proxy

nmap -n -PN -oN proxy-check.grep --script=http-open-proxy -iL scan.me -p 8080,3128

That completes this opening article of the Scan of the week united with Awk weekly . Hope you found it educational enough and see you next time.