netcat(nc) command
linux의 nc or netcat 명령어(CLI)는 임의의 TCP 또는 UDP 연결 및 리스닝하는 명령어 입니다.
기본 사용법
# TCP Listening
$> nc -l 9999
# UDP Listening
$> nc -l -u 9999
# Client 연결
$> nc 127.0.0.1 9999
# Port 스캔
$> nc -v -n 127.0.0.1 1-100
127.0.0.1 22 (ssh) open
SSH-2.0-OpenSSH_9.4
...
# 데이터 쓰기
$> echo "Test" | nc 127.0.0.1 9999
# 연결을 통해서 사용중인 프로그램의 버전을 찾을 수도 있습니다.
$> echo "Test" | nc 127.0.0.1 22
SSH-2.0-OpenSSH_9.4
Invalid SSH identification string.
help nc
nc 옵션은 하이픈 하나(-)로 시작하는 short 형식과 하이픈 두개(–)로 시작하는 long 형식의 옵션이 있습니다.
$> nc --help
GNU netcat 0.7.1, a rewrite of the famous networking tool.
Basic usages:
connect to somewhere: nc [options] hostname port [port] ...
listen for inbound: nc -l -p port [options] [hostname] [port] ...
tunnel to somewhere: nc -L hostname:port -p port [options]
Mandatory arguments to long options are mandatory for short options too.
Options:
-c, --close close connection on EOF from stdin
-e, --exec=PROGRAM program to exec after connect
-g, --gateway=LIST source-routing hop point[s], up to 8
-G, --pointer=NUM source-routing pointer: 4, 8, 12, ...
-h, --help display this help and exit
-i, --interval=SECS delay interval for lines sent, ports scanned
-l, --listen listen mode, for inbound connects
-L, --tunnel=ADDRESS:PORT forward local port to remote address
-n, --dont-resolve numeric-only IP addresses, no DNS
-o, --output=FILE output hexdump traffic to FILE (implies -x)
-p, --local-port=NUM local port number
-r, --randomize randomize local and remote ports
-s, --source=ADDRESS local source address (ip or hostname)
-t, --tcp TCP mode (default)
-T, --telnet answer using TELNET negotiation
-u, --udp UDP mode
-v, --verbose verbose (use twice to be more verbose)
-V, --version output version information and exit
-x, --hexdump hexdump incoming and outgoing traffic
-w, --wait=SECS timeout for connects and final net reads
-z, --zero zero-I/O mode (used for scanning)
Remote port number can also be specified as range. Example: '1-1024'
TLDR
$> tldr nc
nc
Netcat is a versatile utility for redirecting IO into a network stream.
More information: https://manned.org/man/nc.1.
- Start a listener on the specified TCP port and send a file into it:
nc -l -p port < filename
- Connect to a target listener on the specified port and receive a file from it:
nc host port > received_filename
- Scan the open TCP ports of a specified host:
nc -v -z -w timeout_in_seconds host start_port-end_port
- Start a listener on the specified TCP port and provide your local shell access to the connected party (this is dangerous and can be abused):
nc -l -p port -e shell_executable
- Connect to a target listener and provide your local shell access to the remote party (this is dangerous and can be abused):
nc host port -e shell_executable
- Act as a proxy and forward data from a local TCP port to the given remote host:
nc -l -p local_port | nc host remote_port
- Send an HTTP GET request:
echo -e "GET / HTTP/1.1\nHost: host\n\n" | nc host 80
