netcat - DeveloPassion

# netcat netcat (often abbreviated to `nc`) is a versatile command-line networking utility for reading from and writing to network connections using TCP or UDP. Often called the "Swiss Army knife" of networking tools, it's used for debugging, testing, and transferring data. Originally written by *Hobbit* (a pseudonym) in 1995. ## Key Features - **TCP/UDP connections**: Both client and server modes - **Port scanning**: Discover open ports on hosts - **File transfer**: Send and receive files over network - **Banner grabbing**: Retrieve service information - **Proxying**: Forward connections between hosts - **Shell access**: Create reverse and bind shells - **Simple and lightweight**: Minimal dependencies ## Common Variants | Variant | Description | |---------|-------------| | **nc** | Original netcat | | **ncat** | Nmap project's netcat (more features, SSL support) | | **netcat-openbsd** | OpenBSD version (commonly on Debian/Ubuntu) | | **netcat-traditional** | Original GNU netcat | | **socat** | More powerful alternative (see [[socat]]) | ## Basic Usage ### Client Mode (Connect) ```bash # Connect to a server nc example.com 80 # Send HTTP request echo -e "GET / HTTP/1.1\r\nHost: example.com\r\n\r\n" | nc example.com 80 ``` ### Server Mode (Listen) ```bash # Listen on port 8080 nc -l 8080 # Listen and keep accepting connections nc -lk 8080 ``` ### Port Scanning ```bash # Scan ports 20-100 nc -zv example.com 20-100 # Quick TCP scan nc -zv -w1 example.com 22 80 443 ``` ### File Transfer ```bash # Receiver (server) nc -l 9999 > received_file.txt # Sender (client) nc server.com 9999 < file_to_send.txt ``` ### Chat Between Two Machines ```bash # Machine A (listen) nc -l 1234 # Machine B (connect) nc machine-a.com 1234 ``` ## Common Options | Option | Description | |--------|-------------| | `-l` | Listen mode (server) | | `-p PORT` | Specify local port | | `-u` | UDP mode (default is TCP) | | `-v` | Verbose output | | `-z` | Zero-I/O mode (scanning) | | `-w SECS` | Timeout for connections | | `-k` | Keep listening after disconnect | | `-n` | Skip DNS resolution | | `-e CMD` | Execute command on connect (dangerous!) | ## Use Cases ### Network Debugging Test if a port is open and accepting connections. ### Service Testing Manually interact with protocols (HTTP, SMTP, etc.). ### Simple Data Transfer Quick file transfers without setting up FTP/SCP. ### Security Testing Port scanning and banner grabbing during assessments. ### Scripting Automate network interactions in shell scripts. ## Security Warning ⚠️ The `-e` flag (execute) can create security vulnerabilities: ```bash # DANGEROUS: Creates a backdoor shell nc -l -p 4444 -e /bin/bash ``` Many distributions disable this flag by default. ## netcat vs socat For more advanced use cases, consider [[socat]] which offers: - SSL/TLS support built-in - Unix domain sockets - Serial port access - More address types and options - Better scripting capabilities See [[socat]] for details and [[Gerhard Rieger]] (socat's creator). ## Installation ```bash # Debian/Ubuntu sudo apt install netcat-openbsd # or sudo apt install netcat-traditional # Arch Linux sudo pacman -S openbsd-netcat # macOS (pre-installed, or via Homebrew) brew install netcat # Red Hat/CentOS sudo yum install nc ``` ## Related - [[socat]] - More powerful alternative - [[Gerhard Rieger]] - Creator of socat - Nmap - Network scanner (includes ncat) ## References - Wikipedia: https://en.wikipedia.org/wiki/Netcat - Ncat (Nmap): https://nmap.org/ncat/ - OpenBSD nc man page: https://man.openbsd.org/nc