Rapid7 Vulnerability & Exploit Database

Squid Proxy Port Scanner

Back to Search

Squid Proxy Port Scanner



A misconfigured Squid proxy can allow an attacker to make requests on his behalf. This may give the attacker information about devices that he cannot reach but the Squid proxy can. For example, an attacker can make requests for internal IP addresses against a misconfigured open Squid proxy exposed to the Internet, therefore performing an internal port scan. The error messages returned by the proxy are used to determine if the port is open or not. Many Squid proxies use custom error codes so your mileage may vary. The open_proxy module can be used to test for open proxies, though a Squid proxy does not have to be open in order to allow for pivoting (e.g. an Intranet Squid proxy which allows the attack to pivot to another part of the network).


  • willis


Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use auxiliary/scanner/http/squid_pivot_scanning
msf auxiliary(squid_pivot_scanning) > show actions
msf auxiliary(squid_pivot_scanning) > set ACTION < action-name >
msf auxiliary(squid_pivot_scanning) > show options
    ...show and set options...
msf auxiliary(squid_pivot_scanning) > run 

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security