Download: citrix_pa.zip

Unix tools contain citrix-pa-scan.pl and citrix-pa-proxy.pl.
These tools uses blocking sockets with alarm so they will probably fail in a win32 environment.
Win32 tools contain pas.pl.

This tool should be used to enumerate Citrix published applications.

citrix-pa-scan.pl {IP | file | - | random } [timeout]
where IP is one IP or
file is a one file containing a list with IP or
- is to read IP from standard input or
random to read IP from /dev/urandom.
timeout is the timeout in seconds.

The output if in the following format:
SCANNED IP1|MASTER BROWSER IP1|NO PROXY?|Application1;Application2
SCANNED IP2|MASTER BROWSER IP2|NO PROXY?|Application3;Application4

If the output is redirected to a file called pas.wri it could be supplied to pas.pl.

This tool should be used to enumerate and connect to a published application with the Citrix client when the master browser is non-public.

citrix-pa-proxy.pl IP_to_proxy_to [Local_IP]
Where IP_to_proxy_to is the remote Citrix server.
Local_IP is default Change it to the local IP when running the proxy on a remote host (When running the Citrix client on one host and the proxy on another). 

This tool should be used to connect to the applications reported by citrix-pa-scan.pl.

pas.pl requires the output from citrix-pa-scan.pl to be called pas.wri.
pas.pl asks how the connection went and writes the output to pas_results.wri.

To enable 128 bit encryption add following row under the Published Application section in the template.ica file:

download my Defcon presentation here
citrix-pa-scan.pl, citrix-pa-proxy.pl and pas.pl is written by Ian Vitek.