Only in nmap-4.76: Makefile
diff -urp nmap-4.76-new/NmapOps.h nmap-4.76/NmapOps.h
--- nmap-4.76-new/NmapOps.h	2008-07-30 02:15:57.000000000 +0200
+++ nmap-4.76/NmapOps.h	2008-12-02 15:11:31.000000000 +0100
@@ -287,6 +287,7 @@ class NmapOps {
   int fragscan; /* 0 or MTU (without IPv4 header size) */
   int ackscan;
   int bouncescan;
+  int proxyscan;
   int connectscan;
   int finscan;
   int idlescan;
Only in nmap-4.76: config.log
Only in nmap-4.76: config.status
diff -urp nmap-4.76-new/global_structures.h nmap-4.76/global_structures.h
--- nmap-4.76-new/global_structures.h	2008-07-15 22:07:25.000000000 +0200
+++ nmap-4.76/global_structures.h	2008-12-02 13:25:41.000000000 +0100
@@ -163,6 +163,13 @@ struct ftpinfo {
   int sd; /* socket descriptor */
 };
 
+struct proxyinfo {
+ char host[MAXHOSTNAMELEN + 1];
+ struct in_addr server;
+ u16 port;
+ int sd;
+};
+
 struct AVal {
   char *attribute;
   char value[128];
@@ -241,6 +248,6 @@ struct scan_lists {
 	int prot_count;
 };
 
-typedef enum { STYPE_UNKNOWN, HOST_DISCOVERY, ACK_SCAN, SYN_SCAN, FIN_SCAN, XMAS_SCAN, UDP_SCAN, CONNECT_SCAN, NULL_SCAN, WINDOW_SCAN, RPC_SCAN, MAIMON_SCAN, IPPROT_SCAN, PING_SCAN, PING_SCAN_ARP, IDLE_SCAN, BOUNCE_SCAN, SERVICE_SCAN, OS_SCAN, SCRIPT_SCAN, TRACEROUTE, REF_TRACEROUTE}stype;
+typedef enum { STYPE_UNKNOWN, HOST_DISCOVERY, ACK_SCAN, SYN_SCAN, FIN_SCAN, XMAS_SCAN, UDP_SCAN, CONNECT_SCAN, NULL_SCAN, WINDOW_SCAN, RPC_SCAN, MAIMON_SCAN, IPPROT_SCAN, PING_SCAN, PING_SCAN_ARP, IDLE_SCAN, BOUNCE_SCAN, SERVICE_SCAN, OS_SCAN, SCRIPT_SCAN, TRACEROUTE, REF_TRACEROUTE, PROXY_SCAN}stype;
 
 #endif /*GLOBAL_STRUCTURES_H */
Only in nmap-4.76/libdnet-stripped: Makefile
Only in nmap-4.76/libdnet-stripped: config.log
Only in nmap-4.76/libdnet-stripped: config.status
Only in nmap-4.76/libdnet-stripped/include: Makefile
Only in nmap-4.76/libdnet-stripped/include: config.h
Only in nmap-4.76/libdnet-stripped/include/dnet: Makefile
Only in nmap-4.76/libdnet-stripped/include: stamp-h1
Only in nmap-4.76/libdnet-stripped: libtool
Only in nmap-4.76/libdnet-stripped/src: Makefile
Only in nmap-4.76/libpcap: Makefile
Only in nmap-4.76/libpcap: bpf_filter.c
Only in nmap-4.76/libpcap: config.h
Only in nmap-4.76/libpcap: config.log
Only in nmap-4.76/libpcap: config.status
Only in nmap-4.76/libpcap: version.h
Only in nmap-4.76/libpcre: .deps
Only in nmap-4.76/libpcre: Makefile
Only in nmap-4.76/libpcre: config.h
Only in nmap-4.76/libpcre: config.log
Only in nmap-4.76/libpcre: config.status
Only in nmap-4.76/libpcre: pcre-config
Only in nmap-4.76/libpcre: stamp-h1
Only in nmap-4.76/nbase: Makefile
Only in nmap-4.76/nbase: config.log
Only in nmap-4.76/nbase: config.status
Only in nmap-4.76/nbase: nbase_config.h
diff -urp nmap-4.76-new/nmap.cc nmap-4.76/nmap.cc
--- nmap-4.76-new/nmap.cc	2008-09-10 20:32:35.000000000 +0200
+++ nmap-4.76/nmap.cc	2008-12-08 10:44:09.000000000 +0100
@@ -177,6 +177,19 @@ static int parse_scanflags(char *arg) {
   return flagval;
 }
 
+static int parse_proxy_url(struct proxyinfo *proxy,const char *url){
+
+        char *p = strdup(url),*s;
+ 	
+	s = strchr(p,':');
+	*s++ = '\0';
+	proxy->port = atoi(s);
+	
+	strncpy(proxy->host,p,MAXHOSTNAMELEN - 1);
+	free(p);	
+	return 0;
+}
+
 /* parse a URL stype ftp string of the form user:pass@server:portno */
 static int parse_bounce_argument(struct ftpinfo *ftp, char *url) {
   char *p = url,*q, *s;
@@ -315,6 +328,7 @@ printf("%s %s ( %s )\n"
        "  --unprivileged: Assume the user lacks raw socket privileges\n"
        "  -V: Print version number\n"
        "  -h: Print this help summary page.\n"
+       "  --proxy <host:port> Scanning through HTTP proxy server.\n"
        "EXAMPLES:\n"
        "  nmap -v -A scanme.nmap.org\n"
        "  nmap -v -sP 192.168.0.0/16 10.0.0.0/8\n"
@@ -531,6 +545,7 @@ int nmap_main(int argc, char *argv[]) {
   struct hostent *target = NULL;
   char **fakeargv;
   Target *currenths;
+  struct proxyinfo proxy;
   vector<Target *> Targets;
   char *portlist = NULL; /* Ports list specified by user */
   int sourceaddrwarning = 0; /* Have we warned them yet about unguessable
@@ -538,6 +553,7 @@ int nmap_main(int argc, char *argv[]) {
   unsigned int ideal_scan_group_sz = 0;
   char hostname[MAXHOSTNAMELEN + 1] = "";
   const char *spoofmac = NULL;
+  const char *proxyh = NULL;
   time_t timep;
   char mytime[128];
   struct sockaddr_storage ss;
@@ -642,6 +658,7 @@ int nmap_main(int argc, char *argv[]) {
       {"noninteractive", no_argument, 0, 0},
       {"spoof_mac", required_argument, 0, 0},
       {"spoof-mac", required_argument, 0, 0},
+      {"proxy",required_argument, 0, 0},
       {"thc", no_argument, 0, 0},  
       {"badsum", no_argument, 0, 0},  
       {"ttl", required_argument, 0, 0}, /* Time to live */
@@ -804,6 +821,8 @@ int nmap_main(int argc, char *argv[]) {
 	/* I need to deal with this later, once I'm sure that I have output
 	   files set up, --datadir, etc. */
 	spoofmac = optarg;
+      } else if (optcmp(long_options[option_index].name, "proxy") == 0) {
+	proxyh = optarg;
       } else if (strcmp(long_options[option_index].name, "allports") == 0) {
         o.override_excludeports = 1;
       } else if (optcmp(long_options[option_index].name, "version-intensity") == 0) {
@@ -1363,6 +1382,17 @@ int nmap_main(int argc, char *argv[]) {
 	  error("WARNING: raw IP (rather than raw ethernet) packet sending attempted on Windows. This probably won't work.  Consider --send-eth next time.\n");
   }
 #endif
+
+  if(proxyh){
+	if(getuid() == 0){
+		o.synscan--;
+	}else{
+		o.connectscan--;
+	}
+	o.proxyscan++;
+	parse_proxy_url(&proxy,proxyh);
+  }
+
   if (spoofmac) {
     u8 mac_data[6];
     int pos = 0; /* Next index of mac_data to fill in */
@@ -1557,7 +1587,9 @@ int nmap_main(int argc, char *argv[]) {
     PortList::initializePortMap(IPPROTO_TCP, ports.tcp_ports, ports.tcp_count);
   if (o.UDPScan())
     PortList::initializePortMap(IPPROTO_UDP, ports.udp_ports, ports.udp_count);
-  
+  if (o.proxyscan)
+    PortList::initializePortMap(IPPROTO_TCP, ports.tcp_ports, ports.tcp_count);
+ 
   if  (randomize) {
     if (ports.tcp_count) {
       shortfry(ports.tcp_ports, ports.tcp_count); 
@@ -1767,7 +1799,6 @@ int nmap_main(int argc, char *argv[]) {
     
     if (o.connectscan)
       ultra_scan(Targets, &ports, CONNECT_SCAN);
-    
     if (o.ipprotscan)
       ultra_scan(Targets, &ports, IPPROT_SCAN);
     
@@ -1787,6 +1818,12 @@ int nmap_main(int argc, char *argv[]) {
 	if (ftp.sd > 0) bounce_scan(currenths, ports.tcp_ports, 
 				    ports.tcp_count, &ftp);
       }
+      if (o.proxyscan){
+	o.current_scantype = PROXY_SCAN;
+	keyWasPressed();
+	if(proxy.sd <= 0) proxy_connect(&proxy);
+	if(proxy.sd >0 ) proxy_scan(currenths, ports.tcp_ports, ports.tcp_count, &proxy);
+      }
     }
 
     if (o.servicescan) {
@@ -2608,6 +2645,43 @@ int ftp_anon_connect(struct ftpinfo *ftp
   return sd;
 }
 
+int proxy_connect(struct proxyinfo *proxy){
+	int sd;
+	struct sockaddr_in sock;
+	int res;
+	char recvbuf[2048];
+
+	if(o.verbose || o.debugging)
+		log_write(LOG_STDOUT,"Attempting connection to proxy: %s:%d\n",proxy->host,proxy->port);
+
+	if((sd = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP)) <0){
+		gh_perror("Couldn't create %s socket",__func__);
+		return 0;
+	}
+
+	sock.sin_family = AF_INET;
+	sock.sin_addr.s_addr = proxy->server.s_addr;
+	sock.sin_port = htons(proxy->port);
+	res = connect(sd, (struct sockaddr *)&sock,sizeof(struct sockaddr_in));
+	if(res < 0) {
+		fatal("Your proxy server won't talk to us!\n");
+	}
+	if(o.verbose || o.debugging) log_write(LOG_STDOUT,"Connected:");
+	while((res = recvtime(sd,recvbuf,sizeof(recvbuf) - 1,7,NULL))>0)
+		if(o.debugging || o.verbose){
+			recvbuf[res] = '\0';
+			log_write(LOG_STDOUT,"%s",recvbuf);
+		}
+	if(res < 0){
+		pfatal("recv problem from proxy server");
+	}
+	
+	if (o.verbose) log_write(LOG_STDOUT,"Sucessfully connected to proxy server!\n");
+	proxy->sd = sd;
+	return sd;
+}
+
+
 #ifndef WIN32
 
 void reaper(int signo) {
diff -urp nmap-4.76-new/nmap.h nmap-4.76/nmap.h
--- nmap-4.76-new/nmap.h	2008-09-12 07:58:06.000000000 +0200
+++ nmap-4.76/nmap.h	2008-12-02 13:37:22.000000000 +0100
@@ -403,6 +403,8 @@ void printinteractiveusage();
 
 int ftp_anon_connect(struct ftpinfo *ftp);
 
+int proxy_connect(struct proxyinfo *proxy);
+
 /* port manipulators */
 void getpts(const char *expr, struct scan_lists * ports); /* someone stole the name getports()! */
 void getpts_simple(const char *origexpr, int range_type,
Only in nmap-4.76: nmap_config.h
Only in nmap-4.76/nsock/src: Makefile
Only in nmap-4.76/nsock/src: config.log
Only in nmap-4.76/nsock/src: config.status
Only in nmap-4.76/nsock/src: nsock_config.h
diff -urp nmap-4.76-new/portlist.cc nmap-4.76/portlist.cc
--- nmap-4.76-new/portlist.cc	2008-08-15 05:30:34.000000000 +0200
+++ nmap-4.76/portlist.cc	2008-12-04 10:08:58.000000000 +0100
@@ -420,7 +420,7 @@ int PortList::addPort(u16 portno, u8 pro
     fatal("%s: attempt to add port number %d with illegal state %d\n", __func__, portno, state);
 
   assert(protocol!=IPPROTO_IP || portno<256);
-
+  
   current = getPortEntry(portno, protocol);
   if (current) {
     /* We must discount our statistics from the old values.  Also warn
@@ -554,6 +554,7 @@ Port *PortList::getPortEntry(u16 portno,
   int mapped_pno;
 
   assert(protocol!=IPPROTO_IP || portno<256);
+  
   if(port_map[proto]==NULL || port_list[proto]==NULL)
     fatal("%s(%i,%i): you're trying to access uninitialized protocol", __func__, portno, protocol);
   mapped_pno = port_map[proto][portno];
Only in nmap-4.76: proxy.patch
diff -urp nmap-4.76-new/scan_engine.cc nmap-4.76/scan_engine.cc
--- nmap-4.76-new/scan_engine.cc	2008-09-08 17:53:32.000000000 +0200
+++ nmap-4.76/scan_engine.cc	2008-12-09 11:20:12.000000000 +0100
@@ -1049,6 +1049,7 @@ static int scantype_no_response_means(st
   case NULL_SCAN:
   case FIN_SCAN:
   case MAIMON_SCAN:
+  case PROXY_SCAN:
   case XMAS_SCAN:
     return PORT_OPENFILTERED;
   case PING_SCAN:
@@ -5001,6 +5002,8 @@ void bounce_scan(Target *target, u16 *po
   return;
 }
 
+
+
 /* I want to reverse the order of all PORT_TESTING entries in
    the scan list -- this way if an intermediate router along the
    way got overloaded and dropped the last X packets, they are
@@ -5347,3 +5350,78 @@ void pos_scan(Target *target, u16 *porta
   }
   return;
 }
+
+/* Proxy Scan engine */
+
+void proxy_scan(Target *target, u16 *portarray,int numports, struct proxyinfo *proxy){
+
+	o.current_scantype = PROXY_SCAN; 
+	
+	time_t starttime;
+	int res, sd = proxy->sd, i=0;
+	const char *t = (const char *)target->v4hostip();
+	int retriesleft = 10; //PROXY_RETRIES; 
+	char recvbuf[2048];
+	char targetstr[20];
+	char command[512];
+	char hostname[1200];
+
+	if (! numports) return;
+
+	Snprintf(targetstr, 20, "%d.%d.%d.%d", UC(t[0]), UC(t[1]), UC(t[2]), UC(t[3]));
+	starttime = time(NULL);
+	if(o.verbose || o.debugging){
+		struct tm *tm = localtime(&starttime);
+		assert(tm);
+		log_write(LOG_STDOUT,"Initiating HTTP PROXY scan against %s at %02d:%02d\n",target->NameIP(hostname,sizeof(hostname)),tm->tm_hour,tm->tm_min);
+	}
+	for(i=0;i<numports;i++){
+		
+		if(target->timedOut(NULL))
+			return;
+		
+		Snprintf(command,512,"CONNECT %s:%i HTTP/1.0\r\n\r\n",targetstr,portarray[i]);
+		if(o.debugging || o.verbose) log_write(LOG_STDOUT,"Attempting command: %s",command);
+		if(send(sd,command,strlen(command),0) < 0){
+			gh_perror("send in %s",__func__);
+			if(o.verbose || o.debugging)
+				log_write(LOG_STDOUT,"Our proxy server hung up on us!  retrying\n");
+				retriesleft--;
+				close(sd);
+				proxy->sd = proxy_connect(proxy);
+				if(proxy->sd < 0) return;
+				sd = proxy->sd;
+				i--;
+		}		
+		res = recvtime(sd,recvbuf,2048,40,NULL);
+		if(res < 0)
+			perror("recv problem from PROXY server");
+
+		if(recvbuf[9] != '2') {
+			recvbuf[0]='\0';
+			if(o.debugging) log_write(LOG_STDOUT,"result of port query on port %i: %s",portarray[i],recvbuf);
+			
+			target->ports.addPort(portarray[i],IPPROTO_TCP,NULL,PORT_CLOSED);
+			close(sd);
+			proxy->sd = proxy_connect(proxy);
+			if(proxy->sd < 0 ) return;
+			sd = proxy->sd;
+		}// if
+		/* Get http 2xx code */
+		if( res != 0 && recvbuf[9] == '2'){
+			recvbuf[0] = '\0';
+			target->ports.addPort(portarray[i],IPPROTO_TCP,NULL,PORT_OPEN);
+			close(sd);
+			proxy->sd = proxy_connect(proxy);
+			if(proxy->sd < 0 ) return;
+			sd = proxy->sd;
+		}
+			
+	} // for
+ 
+  if (o.debugging || o.verbose)
+    log_write(LOG_STDOUT, "Scanned %d ports in %ld seconds via the PROXY scan.\n",
+            numports, (long) time(NULL) - starttime);
+  return;
+
+}
diff -urp nmap-4.76-new/scan_engine.h nmap-4.76/scan_engine.h
--- nmap-4.76-new/scan_engine.h	2008-07-11 08:12:38.000000000 +0200
+++ nmap-4.76/scan_engine.h	2008-12-02 13:34:25.000000000 +0100
@@ -160,6 +160,8 @@ void pos_scan(Target *target, u16 *porta
 void bounce_scan(Target *target, u16 *portarray, int numports,
 		 struct ftpinfo *ftp);
 
+void proxy_scan(Target *target, u16 *portarray,int numports, struct proxyinfo *proxy);
+
 /* Determines an ideal number of hosts to be scanned (port scan, os
    scan, version detection, etc.) in parallel after the ping scan is
    completed.  This is a balance between efficiency (more hosts in
Only in nmap-4.76/zenmap/zenmapCore: Name.pyc
Only in nmap-4.76/zenmap/zenmapCore: Version.pyc
Only in nmap-4.76/zenmap/zenmapCore: __init__.pyc