GlypeAhead - Port Scan through Glype Proxies

Using weaknesses in the Glype proxy script, GlypeAhead is able to perform portscans of targets with reasonable accuracy. Furthermore, the true location of the user is never revealed to the target since all scanning is performed by the remote Glype proxy script.

header

quick links

Home -> SensePost Labs -> Tools we've built -> Pentesting Tools -> GlypeAhead - Port Scan through Glype Proxies

sensepost glypeahead

author

Junaid Loonat

cost

Free

license, version, release, recent changes

License : GPL
Version : 1.1
Release Date : 2010-04-13
Recent Changes : None (Initial Release)

what is glypeahead ?

By default, the Glype proxy script has few restrictions on what hosts / ports can be accessed through it.

In addition, the proxy script normally displays all cURL-related error messages.

Using these apparent weaknesses, GlypeAhead is able to perform portscans of targets with reasonable accuracy.

Furthermore, the true location of the user is never revealed to the target since all scanning is performed by the remote Glype proxy script.

who should use it ?

Penetration testers and security professionals

requirements

PHP interpreter (with the cURL extension)

quick comparison with nmap

Nmap Nmap scan of a Target (ports 22, 25 and 80)

Glype Proxy GlypeAhead scan of a Target (ports 22, 25 and 80)

more details

Please refer to the blog post regarding the tool's release, here.

Downloads:

Content links:

Neighbouring sections

For more information please contact us...

Copyright © SensePost Pty Ltd