netcat/nc/ncat are utilities that sends and receives data using TCP or UDP.

When talking about 'netcat', it can refer to the following projects. Each implementation has similar functionalities, but the command line options may differ.

  1. GNU netcat (which is symlinked to nc on some Linux systems, leading to confusion)
  2. OpenBSD nc
  3. Nmap's ncat (which is also symlinked to nc) with lots of features including SSL support and proxy connections.

Usage[edit | edit source]

For the most part, netcat and ncat are very similar. The older OpenBSD nc has less features.

nc netcat ncat
Listen on a port nc -l -p $port netcat -l $port ncat -l -p $port
Send to a port nc $port netcat $port ncat $port
Send to a port, using a specific source port n/a netcat -p $sport $dest $dport ncat -p $sport $dest $dport

SSL with ncat[edit | edit source]

ncat allows for creating SSL server or client.

Description Command
Connect to a server using SSL ncat -C --ssl <server> 443
Verify a server's SSL ncat -C --ssl-verify <server> 443
Listen using SSL (auto generated) ncat --listen --ssl
Listen using SSL (manual SSL certs) openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

ncat --listen 443 --ssl --ssl-key key.pem --ssl-cert cert.pem

If you're trying to reverse proxy for a SSL server, you should look at socat.

Tasks[edit | edit source]

Create a remote shell[edit | edit source]

With ncat, you can use the --exec option to spawn a program on a new connection.

hostA# ncat --exec /bin/sh -l 8888

hostB# ncat  hostA 8888
## Any command you type goes to /bin/sh on hostA

If you want to do this a bit more securely, you can also:

  • Enable SSL with --ssl.
  • Restrict access to a specific host with --allow $sourceIP.

See also[edit | edit source]

  • Socat which can be used to send/receive data through sockets as well as TCP/UDP protocols