Scan of the week – scan by country scan by continent

Dis+claimer - all this stuff I bring to your attention is for educational purposes only, and what may be fine and ok here and for me can easily get you somewhere else in trouble so use your discretion here . Happy scanning.

"...Don't know much about geography" as the song goes was ok in 1958 but can be embarrassing in our times of globalization. So let's fill the gap using the NMAP . Say you are investigating the issue of negative attitude towards foreigners in Russia , and as part of the research you just have to see active members of the movement(s) in question voicing their opinions. Only that many times access to such forums or messageboards is limited by their admins to Russia's IPs only. So to get there you need a free open Russian proxy. So let's see how to find one.

Round 1-Gimme the addresses.

IP geolocation databases as it is known in the Net , or simply GeoIP databases are compilation of IP ranges per their assigned country. Take it with a bit of salt as accuracy is the issue here. The one of the most known and used free GeoIP source is free database that is updated once per month (good enough for this). The Maxmind database comes as binary proprietary format file you can work with using 3rd party tools or as CSV file I will be using here. Download it as Geolite country , unzip and you have GeoIpCountryCSV.csv . Format of the records in it goes like this -

    "","","16777216","16777471","AP","Asia/Pacific Region"
    "","","20054016","20055039","AP","Asia/Pacific Region"

The purpose here is to :

  1. Find all IP ranges that belong to the country of interest

  2. Reformat found IP ranges into the presentation suitable for the NMAP

awk -F, '/RU/ { gsub(/"/,"",$0); print $1 "-" $2} ' GeoIPCountryWhois.csv >

  • After I found all Russian IPs reformat it to the NMAP eatable form
awk -F\. '{split($4,aaa,"-"); print $1"-"aaa[2]"."$2"-"$5 "." $3"-"$6"."aaa[1]"-"$7}' >

Round 2 - find me some proxy

Here I will use LUA script from NSE repository of the nmap called http-open-proxy

nmap -n -PN -oN proxy-check.grep --script=http-open-proxy -iL -p 8080,3128

That completes this opening article of the Scan of the week united with Awk weekly . Hope you found it educational enough and see you next time.

Follow me on not to miss what I publish on Linkedin, Github, blog, and more.