network netcat nc socat - ghdrako/doc_snipets GitHub Wiki
netcat and socat commands provide efficient and reliable solutions for copying files into remote systems, streamlining file transfer tasks
- Local machine:
nc -nv 192.168.x.xxx 4444 < file_to_transfer
The -n
flag ensures that no DNS resolution is performed for the IP address, 192.168.x.xxx, and -v
provides verbose output about the connection process.
- Remote machine:
nc -nlvp 4444 > file_to_transfer
(remote machine)
socat TCP4-LISTEN:4444,fork file:file_to_transfer
This command sets up a TCP listener on port 4444. When a connection is established to this port, socat reads the content of the local file_to_transfer file and sends it to the connected client.
Local machine
socat TCP4:192.168.x.xxx:4444 file:file_to_transfer,create
Socat offers more advanced capabilities and options, making it suitable for a wider range of networking scenarios, including complex data manipulation, encryption, and proxying.
This command initiates a TCP connection to the remote machine at IP address 192.168.x.xxx on port 4444. Once connected, socat reads the contents of the local file_to_transfer file and sends it to the remote machine. The create option instructs socat to create the shadow.txt file on the remote machine if it doesn’t already exist. After the transfer is complete, the local shadow.txt file is created or overwritten with the received data.
This command sets up a TCP listener on port 4444. When a connection is established to this port, socat reads the content of the local file_to_transfer file and sends it to the connected client. The fork option allows socat to handle multiple incoming connections independently.
If you want to know if a SSH or SMTP daemon is reachable, use netcat to connect to port 22 or 25. Do you get a protocol banner back? Or does something accept the connection but not answer?
$ nc mail.mwl.io 25
220 mail.mwl.io ESMTP Sendmail 8.15.2/8.15.2; Fri, 28
Aug 2020 14:23:09 -0400 (EDT)
If I use netcat to connect to a TLS-wrapped port, you’ll get binary TLS in my text-only client.
nc -l <port_number> # listen for incoming connections on the specified port number
nc <server_ip_address> <port_number> # establish a connection to the server on the specified port number
#server
nc -lk 6379
# klient
printf "test\n" | nc <ip> 6379
nc -z <server_ip_address> <port_range>
nc -l <port_number> > <file_name> # isten for incoming connections on the specified port number and save the incoming data to the specified file name
nc <server_ip_address> <port_number> < <file_name> # establish a connection to the server on the specified port number and send the data from the specified file to the server
nc -znvw <ip> <port> # sprawdzenie czy ruch otwarty
nc [options] host port
-
-z
option will tell nc to only scan for open ports, without sending any data to them -
-v
option to provide more verbose information -
-u
option to establish a UDP connection insted TCP (default) -
-w
specifies a timeout for connection that can not be established. -
-l
option setting the Netcat to listen on a specific port and then establishing a regular TCP connection from the other host and sending the file over it.
command | Description |
---|---|
nc -4 [options] [host] [port] | Use IPv4 addressing only |
nc -6 [options] [host] [port] | Use IPv6 addressing only |
nc -u [options] [host] [port] | UDP instead of TCP |
nc -l [host] [port] | Listen for an incoming connection |
nc -k -l [host] [port] | Continue listening after client has disconnected |
nc -n [host] [port] | No DNS lookups |
nc -p [source port] [host] [port] | Use specific source port |
nc -s [source ip] [host] [port] | Use source IP |
nc -w [timeout] [host] [port] | Apply 'n' second timeout |
nc -v [host] [port] | Verbose output |
command | Description |
---|---|
nc -zv hostname.com 80 | Scan a single TCP port |
nc -zv hostname.com 80-84 | Scan a range of ports |
nc -zv hostname.com 80 84 | Scan multiple ports |
Single use web server listening on port 8080
( echo -ne "HTTP/1.1 200 OK
Content-Length: $(wc -c <index.html)\r\n\r\n" ; cat index.html ) | nc -l 8080
Bash while loop restarts web server after each request
while : ; do ( echo -ne "HTTP/1.1 200 OK\r\nContent-Length: $(wc -c <index.html)\r\n\r\n" ; cat index.html; ) | nc -l -p 8080 ; done
$ while : ; do ( echo -ne "HTTP/1.1 200 OK\r\n" ; cat index.html; ) | nc -l -p 8080 ; done
$cat index.html
<html>
<head>
<title>Test Page</title>
</head>
<body>
<p>Serving this file using Netcat Basic HTTP server!</p>
</body>
</html>
nc "$host" "$port"
nc "localhost" 12345
mknod backpipe p ; nc -l [proxy port] < backpipe \| nc [destination host] [destination port] > pipe
Create a named pipe. Setup an a listener on proxy port. Forward requests from listener to a client which in-turn sends them onto the destination host. The client redirects the response from the destination host into the named pipe. The listener picks up the response from the named pipe and returns it. The named pipe thus allows the proxy to transmit data bi-directionally.
nc –l 5500
nc receiving.host.com 5555 < file_name # send the file
nc -l 5555 > file_name # write output to file
nc -l 5555 | tar xzvf - # extract resived tar file
tar czvf - /path/to/dir | nc receiving.host.com 5555
Listen keep open
nc -lk 6379
Connect
nc -zv 192.168.1.15 22
Python server
python -m SimpleHTTPServer 1337
# Connect
nc -zv <ip> <port>
# Listen
nc -l -p <port> # Listen on port
nc -w3 <ip> <port> # Listen for connection from IP on port
# Search banners
echo | nc -v -n -w1 <ip> <port min>-<port max>
# Port scan
nc –v –n –z –w1 <ip> <port>
Connect to a webserver and get the headers:
nc -v www.microsoft.com 80
Then type your GET request for / with a minimal host header.
GET / HTTP/1.1 [enter]
Host: example.com [enter]
This method can be used for all ports. You can also get the headers for mail servers, ssh servers.
If you only want to know if the port is open, simply use:
nc -vz www.microsoft.com 80
You can also use netcat to verify if UDP ports are open:
nc -vz -u 8.8.8.8 53
And netcat can be used as a port scanner:
nc -vz <hostname or ip address> 1-1000