Description
The swiss army knife of pen testing.
| Platform | All |
| Author | |
| License | Free |
| URL |
Usage
[v1.10-46]
connect to somewhere: nc [-options] hostname port[s] [ports] ...
listen for inbound: nc -l -p port [-options] [hostname] [port]
options:
-c shell commands as `-e'; use /bin/sh to exec [dangerous!!]
-e filename program to exec after connect [dangerous!!]
-b allow broadcasts
-g gateway source-routing hop point[s], up to 8
-G num source-routing pointer: 4, 8, 12, ...
-h this cruft
-i secs delay interval for lines sent, ports scanned
-k set keepalive option on socket
-l listen mode, for inbound connects
-n numeric-only IP addresses, no DNS
-o file hex dump of traffic
-p port local port number
-r randomize local and remote ports
-q secs quit after EOF on stdin and delay of secs
-s addr local source address
-T tos set Type Of Service
-t answer TELNET negotiation
-u UDP mode
-v verbose [use twice to be more verbose]
-w secs timeout for connects and final net reads
-C Send CRLF as line-ending
-z zero-I/O mode [used for scanning]
port numbers can be individual or ranges: lo-hi [inclusive];
hyphens in port names must be backslash escaped (e.g. 'ftp\-data').Examples
nc -nzv -w 3 <ip> <port>
This command scans a port to see if it’s open without establishing a full 3-way handshake. It waits for 3 seconds before disconnecting.
┌──(root💀kali)-[/home/kali/proving_grounds/Bratarina]
└─# nc -zv -w 3 192.168.145.71 443
bratarina [192.168.145.71] 443 (https) : Connection timed out
┌──(root💀kali)-[/home/kali/proving_grounds/Bratarina]
└─# nc -zv -w 3 192.168.145.71 25
bratarina [192.168.145.71] 25 (smtp) opennc -nlvp 1337 -e /bin/bash
Starts a back door listener on port 1337 and presents the user with a bash shell when the user connects.
nc -nlvp 1337 < /tmp/file.txt
Sends file.txt over the socket when the user connects. The other side of the connection would look like “nc <ip> 1337 > file.txt”
Additional Details
Blog Posts