Linux Networking Programming

Using Nmap To Scan for Proxy Servers

Nmap Proxy Scan
Written by devendermahto

Hello Readers, i got request to make a tutorial on how to find high quality proxy servers so I decided to write one that will show you how to find and test proxy servers on the internet. You can simply use other proxy websites to get your proxies, like proxydb.

Installing Nmap

Installing Nmap for Windows should be pretty self explanatory. To install this on Ubuntu use the following command:

sudo apt-get -y install nmap

Common Proxy Ports

  • 8080
  • 8181
  • 80
  • 8081
  • 1080
  • 8123
  • 3128
  • 9050
  • 9051

Port numbers are not set in stone. You can pretty much use any port number you want when setting up a proxy server. You can get a good idea of port numbers by looking at proxy sites and getting the common port numbers other proxy servers use. For this article we will just use the ones listed above.

Scanning for Proxy Servers

So it’s pretty basic, you simply scan IP addresses for these open ports. So let’s run a basic Nmap command with these ports and see if we can detect some servers.

nmap -p8080
Nmap Scan for a Proxy

So let’s check the rest of the range for any more.

nmap -p8080 --open

So the scan above seems to have found 212 proxy servers. Whether they can be used or not hasn’t been determined. Just because the port is open and the host is online doesn’t mean we can use it.

Checking a Proxy

So now that we have 212 proxy servers (possibly) we need to check and see if they can be used and how fast they are. If you have a slow connection then your response time will also be slow. I like to use CURL to check my proxies. Below is the command to use a proxy with CURL. The website has a simple way to check your remote IP address.

curl -x socks4://

If the command above returns the same IP of the proxy, you know it’s working. You can use the time command to check how long it takes to return, you can use this time to check the proxy server’s response time.

Checking Proxy Response Time


With all the knowledge we have put in this tutorial you should be able to put something together to scan, check, and output a nice list of proxy servers to use, so let’s do a little bash scripting.

Saving the Proxies

nmap -p8080 --open >proxies

The command above will save the output of the nmap scan to a file named proxies. This file will be the file we can parse from and then check the proxy server latency.

Parsing the Proxies

Since we only scanned for port 8080 we can do something like below (it’s a single line, even if it looks like 2)

grep -Eo '[0-9]{1,3}[.][0-9]{1,3}[.][0-9]{1,3}[.][0-9]{1,3}' proxies 
Grepping the Proxy List

Final Ouput

We can put it all together and make a simple bash script, PHP script, or do something for the Windows kids in C# .NET (gui-ish). I will give you an easy to use bash script that will check for socks4 and socks5 proxies.

Click To Download Mahto Proxy Checker From Github

About the author


Leave a Comment