Netcat

Last updated: 16 april 2019

1. Description

Netcat (often abbreviated to nc) is a computer networking utility for reading from and writing to network connections using TCP or UDP. Netcat is designed to be a dependable back-end that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool, since it can produce almost any kind of connection its user could need and has a number of built-in capabilities.

2. Cheatsheet

Make a connection on a given port. Start the listener on the system that will receive the connection.

# Start the listener on a given [port] and launch /bin/sh shell when a connection is made. nc -lvp [port] -e /bin/sh # Example nc -lvp 4444 -e /bin/sh


Establish a connection to the listening host on the given port.

# Establish connection. nc [IP address] [port] # Example nc 192.168.0.1 4444


Transfer a file

On the receiving end, start the listener on a given port. The connection will output the input from the connection in your specified filename.

# Start the listener on a given [port]. The connection will output the input from the connection in your specified [file]. nc -l -p [port] > [file] # Example nc -l -p 4444 > filename.txt # Example with verbose output nc -lvp 4444 > filename.txt


On the sending end, stablish a connection to the listening port. Input the filename you want to transfer to the destination.

# Establish connection and input the [file] nc -w 3 [destination] [port] < [file] # Example nc -w 3 192.168.0.1 4444 < filename.txt


Simple portscan

The following command will probe port 1 to 100 on a target. Both successful and unsuccessful connections will be displayed.

# Syntax nc -z -v [Target IP] [Port range] # Example nc -z -v localhost 1-100


This will output the following:

... nc: connect to localhost port 51 (tcp) failed: Connection refused nc: connect to localhost port 52 (tcp) failed: Connection refused Connection to localhost 53 port [tcp/domain] succeeded! nc: connect to localhost port 54 (tcp) failed: Connection refused nc: connect to localhost port 55 (tcp) failed: Connection refused nc: connect to localhost port 56 (tcp) failed: Connection refused ... nc: connect to localhost port 77 (tcp) failed: Connection refused nc: connect to localhost port 78 (tcp) failed: Connection refused nc: connect to localhost port 79 (tcp) failed: Connection refused Connection to localhost 80 port [tcp/http] succeeded! nc: connect to localhost port 81 (tcp) failed: Connection refused nc: connect to localhost port 82 (tcp) failed: Connection refused nc: connect to localhost port 83 (tcp) failed: Connection refused ...


To only display successful connections, use the following command:

Note: Only " ... | grep succeeded" will not work. 2>&1 causes stderr of a program to be written to the same file descriptor as stdout. nc writes to stderr by default, pipe will only get stdout hence grep will miss the data.

nc -z -v localhost 1-100 2>&1 | grep succeeded


This outputs only the following:

Connection to localhost 53 port [tcp/domain] succeeded! Connection to localhost 80 port [tcp/http] succeeded!


-l : Specifies Netcat to listen for an incoming connection. (can not be used with: -s, -p and -z)

-v : Specifies Netcat to give more verbose output.

-p : Specifies the source port.

-w : Specifies a timeout period.

-z : Specifies that nc should scan for listening daemons, without sending any data to them. (Can not be used with: -l)

50URC35:

• Netcat Website
• Netcat Wiki
• Netcat Parameters