Netcat is a simple but useful tool used for TCP, UDP, Unix-domain sockets. Netcat can listen or connect specified sockets easily. Netcat is a platform independent command supported by Linux, Unix, Windows, BSD, MacOS etc. Common use cases for netcat are;
- Simple TCP proxy
- Shell script based HTTP clients and Servers
- Network daemon testing
- A SOCKS or HTTP ProxyCommand for ssh
nc [options] [destination] [port]
Help information about netcat can be get with
-h option like below.
$ nc -h
Penetration testers generally uses port scan techniques for information gathering. Nmap is one of the most popular tool to find open ports.
Netcat can provide port scan functionality. The advantage of netcat is simplicity and no library dependency. Single netcat binary is enough for port scan and can be used for all operating systems like Windows, Linux, Unix, MacOS, BSD.
We will use
-z options for port scan like below. In this example we will scan ip address
192.168.122.1 which can be also an domain name like
poftut.com . The port range is specified as
$ nc -z -v 192.168.122.1 1-30
The screenshot shows detailed output only port 22 is open as we can see.
In previous example we have scanned our host in a silent mode. Silent mode is the default mode which means only open ports will be printed to the console. There is option
-v which will produce more detailed information . Verbose mode can be also used for banner grabbing purposes.
Another useful feature of netcat is acting as a TCP server. Netcat can listen for specified TCP port. But as a security measure in Linux systems only privileged users can listen ports between 1-1024 . In this example we will listen TCP ports 30. To give required privileges we use
$ nc -l -p 30
In the example screenshot we see that a client is connected to our server and provided text like
test . This client tool can be telnet or netcat too.
In previous example we have examined the TCP server. Netcat also provides client capabilities. To use netcat as a client we should provide host name or IP address and the port information. There is no special option for this. Use following syntax.
nc hostname port_number
$ nc localhost 22
In this example we have connected to the localhost ssh port number 22. Ssh server sends us some text about it and waiting for response.
Send Files Trough Netcat
Another useful feature of the netcat is file transfer. As we see previous examples netcat can transfer text easily with a server-client architecture. There is no limit about transfer data. This data can be normal program or a movie. But keep in mind the transfer time will change according to data size. In order to transfer we need to setup a server which is the destination. And in the server configuration we will redirect the incoming data into a file name
$ netcat -l -p 4444 > myfile.txt
Now we can send the file from client. We will read file
thefile.txt in the client side by redirecting to the netcat file like below.
$ nc 192.168.122.239 4444 < thefile.txt
After the transfer is completed the both server and client side netcat instances will be closed.
Simple Web Server With Netcat
Netcat have another interesting feature for simple usage. Netcat can be used as a simple web server. Actually web servers are very simple if there is no special configuration requirements. Web servers only send html pages over HTTP protocol. Netcat can also send html code with redirection.
$ nc -l 4444 < index.html
In the client side we will use Google Chrome to navigate IP address
192.168.122.239 with port number
Prevent DNS Lookup
While using DNS lookup can be disabled with option
-n this will make operations more faster.
$ netcat -n google.com 80