Netcat is a simple but useful tool used for TCP, UDP, Unix-domain sockets. Netcat can listen or connect specified sockets easily. Netcat is a platform-independent command supported by Linux, Unix, Windows, BSD, macOS, etc. Common use cases for Netcat are;
Netcat是用于TCP,UDP,Unix域套接字的简单但有用的工具。 Netcat可以轻松监听或连接指定的套接字。 Netcat是Linux,Unix,Windows,BSD,macOS等支持的独立于平台的命令。
- Simple TCP proxy 简单的TCP代理
- Shell script-based HTTP clients and Servers基于Shell脚本的HTTP客户端和服务器
- Network daemon testing网络守护程序测试
- A SOCKS or HTTP ProxyCommand for sshssh的SOCKS或HTTP ProxyCommand
netcat命令语法 (netcat Command Syntax)
We will use the following syntax for `nc` command.
我们将对`nc`命令使用以下语法。
netcat OPTIONS DESTINATION PORT
OPTIONS
used to set some special behavior like timeout, help, jumbo frame, etc.OPTIONS
用于设置一些特殊行为,例如超时,帮助,巨型帧等。DESTINATION
is used to specify remote system IP or Hostname.DESTINATION
用于指定远程系统IP或主机名。PORT
is the remote system port number.PORT
是远程系统的端口号。
If we will use netcat
as server the following syntax is valid.
如果我们将netcat
用作服务器,则以下语法有效。
nc OPTIONS PORT
- OPTIONS used to set some special behavior like timeout, help, jumbo 用于设置一些特殊行为的选项,例如超时,帮助,巨型
- PORT is the port number the server will listenPORT是服务器将监听的端口号
netcat命令帮助(netcat Command Help)
nc or netcat command has a lot of different options. Help and information about these options can get or printed with the -h
option like below.
nc或netcat命令有很多不同的选项。 可以使用-h
选项获得或打印有关这些选项的帮助和信息,如下所示。
$ nc -h
We can see that netcat
command provides a lot of different options.
我们可以看到netcat
命令提供了许多不同的选项。
使用netcat命令进行端口扫描 (Port Scan with netcat Command)
Penetration testers generally use port scan techniques for information gathering. Nmap is one of the most popular tools to find open ports. Netcat can provide port scan functionality. The advantage of netcat
is simplicity and no library dependency. Single netcat
binary is enough for port scan and can be used for all operating systems like Windows, Linux, Unix, MacOS, BSD.
渗透测试人员通常使用端口扫描技术来收集信息。 Nmap是找到开放端口的最受欢迎的工具之一。 Netcat可以提供端口扫描功能。 netcat
的优点是简单并且没有库依赖性。 单个netcat
二进制文件足以进行端口扫描,并且可用于所有操作系统,例如Windows,Linux,Unix,MacOS,BSD。
We will use -z
options for a port scan like below. In this example, we will scan IP address 192.168.122.1
which can be also a domain name like poftut.com
. The port range is specified as 1-30
.
我们将使用-z
选项进行端口扫描,如下所示。 在此示例中,我们将扫描IP地址192.168.122.1
,它也可以是域名,例如poftut.com
。 端口范围指定为1-30
。
$ nc -z -v 192.168.122.1 1-30
The screenshot shows detailed output only port 22 is open as we can see. Make the IP scan faster with the -n
option. This will disable the DNS resolutions about the target IP address.
屏幕截图显示了详细的输出,如我们所见,只有端口22打开。 使用-n
选项可使IP扫描更快。 这将禁用有关目标IP地址的DNS解析。
$ nc -z -v 192.168.122.1 1-30
使用netcat命令进行详细扫描 (Verbose Scan with netcat Command)
In the previous example, we have scanned our host in a silent mode. Silent mode is the default mode which means only open ports will be printed to the console. There is an option -v
that will produce more detailed information. The verbose mode can be also used for banner grabbing purposes. In the following example, we will scan the port range from 1 to 1000.
在前面的示例中,我们以静默方式扫描了主机。 静默模式是默认模式,这意味着仅打开的端口将被打印到控制台。 有一个选项-v
将产生更详细的信息。 详细模式也可以用于横幅广告目的。 在下面的示例中,我们将扫描从1到1000的端口范围。
$ nc -z -v -n 192.168.122.1 1-1000
启动Netcat TCP服务器(Start Netcat TCP Server)
Another useful feature of netcat
is acting as a TCP server. Netcat can listen to the specified TCP port. But as a security measure in Linux systems only privileged users can listen to ports between 1-1024 . In this example, we will listen to TCP ports 30. To give required privileges we use sudo
command.
netcat
另一个有用功能是充当TCP服务器。 Netcat可以侦听指定的TCP端口。 但是,作为Linux系统中的一项安全措施,只有特权用户才能侦听1-1024之间的端口。 在此示例中,我们将侦听TCP端口30。要赋予所需的特权,我们使用sudo
命令。
$ sudo nc -l -p 30
In the example screenshot, we see that a client is connected to our server and provided text like ls
and test
. This client tool can be telnet or netcat
too. If we do not provide the sudo
command to get root privileges we will get an error like Permission denied
.
在示例屏幕截图中,我们看到客户端已连接到我们的服务器,并提供了ls
和test
类的文本。 该客户端工具也可以是telnet或netcat
。 如果我们不提供sudo
命令来获得root特权,我们将得到诸如Permission denied
的错误。
连接Netcat TCP服务器 (Connect Netcat TCP Server)
In the previous example, we have examined the TCP server. Netcat also provides client capabilities. To use netcat
as a client we should provide hostname or IP address and the port information. There is no special option for this.
在前面的示例中,我们检查了TCP服务器。 Netcat还提供客户端功能。 要将netcat
用作客户端,我们应提供主机名或IP地址以及端口信息。 对此没有特殊选择。
$ nc localhost 30
In this example, we have connected to the localhost ssh port number 22. SSH server sends us some text about it and waiting for the response.
在此示例中,我们已连接到localhost ssh端口号22。SSH服务器向我们发送有关该端口的文本并等待响应。
通过Netcat发送文件 (Send Files Trough Netcat)
Another useful feature of the netcat
is file transfer. As we see previous examples netcat
can transfer text easily with server-client architecture. There is no limit on transfer data. This data can be a normal program or a movie. But keep in mind the transfer time will change according to data size. In order to transfer we need to set up a server which is the destination. And in the server configuration, we will redirect the incoming data into a filename myfile.txt
netcat
另一个有用功能是文件传输。 正如我们看到的先前示例一样, netcat
可以使用服务器-客户端体系结构轻松传输文本。 传输数据没有限制。 该数据可以是普通节目或电影。 但是请记住,传输时间将根据数据大小而变化。 为了进行传输,我们需要设置一个服务器作为目的地。 在服务器配置中,我们会将传入的数据重定向到文件名myfile.txt
$ netcat -l -p 4444 > myfile.txt
Now we can send the file from the client. We will read file thefile.txt
in the client-side by redirecting to the netcat file like below.
现在我们可以从客户端发送文件了。 我们将通过重定向到如下所示的netcat文件在客户端读取文件thefile.txt
。
$ nc 192.168.122.239 4444 < thefile.txt
After the transfer is completed both server and client-side netcat instances will be closed.
传输完成后,服务器和客户端netcat实例都将关闭。
使用Netcat命令的简单Web服务器 (Simple Web Server With Netcat Command)
Netcat has another interesting feature for simple usage. Netcat can be used as a simple web server. Actually, web servers are very simple if there are no special configuration requirements. Web servers only send HTML pages over HTTP protocol. Netcat can also send HTML code with redirection.
Netcat具有另一个有趣的功能,可简化使用。 Netcat可以用作简单的Web服务器。 实际上,如果没有特殊配置要求,则Web服务器非常简单。 Web服务器仅通过HTTP协议发送HTML页面。 Netcat还可以通过重定向发送HTML代码。
$ nc -l 4444 < index.html
In the client-side, we will use Google Chrome to navigate IP address 192.168.122.239
with port number 4444
在客户端,我们将使用Google Chrome浏览器导航IP地址192.168.122.239
,端口号为4444
防止DNS查找(Prevent DNS Lookup)
While using DNS lookup can be disabled with the option -n
this will make operations faster.
使用选项-n
可以禁用DNS查找时,这将使操作更快。
$ netcat -n google.com 80
客户端断开连接后继续收听 (Continue Listening After Client Has Disconnected)
By default, netcat
will stop listening on the specified port and IP address after a client has ended its connection. This means netcat
works as server listener. We can provide the -k
option which will continue listening given port and IP address even the remote client ends its connection.
默认情况下,客户端终止连接后, netcat
将停止侦听指定的端口和IP地址。 这意味着netcat
充当服务器侦听器。 我们可以提供-k
选项,即使远程客户端结束其连接,该选项也将继续侦听给定的端口和IP地址。
$ nc -k -l 4444
指定netcat连接超时 (Specify Timeout For netcat Connection)
After establishing a connection to the remote netcat
server we transfer some data. If there is no transfer for during the specified time which is called timeout
we can drop or close the connection. We will use -w
option with the timeout value we want to set. In this example, we will set a timeout value as120
.
与远程netcat
服务器建立连接后,我们传输一些数据。 如果在指定的时间内没有传输(称为timeout
我们可以断开或关闭连接。 我们将-w
选项与我们要设置的超时值一起使用。 在此示例中,我们将超时值设置为120
。
$ nc -w 120 192.168.1.10 8888
仅将IPv4与netcat命令一起使用 (Use IPv4 Only with netcat Command)
netcat
is a tool that supports both IPv4 and IPv6 and in some cases, we may want to only enable the IPv4 protocol. This is especially useful for listening to a specific port. We will use -4
as an option to enable only IPv4.
netcat
是同时支持IPv4和IPv6的工具,在某些情况下,我们可能只希望启用IPv4协议。 这对于侦听特定端口特别有用。 我们将使用-4
作为仅启用IPv4的选项。
$ nc -k -4 -l 4444
仅将IPv6与netcat命令一起使用 (Use IPv6 Only with netcat Command)
On the other side, we can also enable only IPv6.This is a very rare case but may be useful in some rare situations. We can enable only IPv6 with the -6
option like below.
另一方面,我们也只能启用IPv6,这是非常罕见的情况,但在某些罕见情况下可能有用。 我们只能使用-6
选项启用IPv6,如下所示。
$ nc -k -6 -l 4444
使用netcat命令抓横幅 (Banner Grabbing with netcat Command)
netcat or nc can be used to grab banners of different ports like SSH, HTTP, HTTPS, VNC, FTP etc. Netcat will initiate a connection to the remote system specified port and print returned response as text to the console with the echo
command.
netcat或nc可用于抓取不同端口(如SSH,HTTP,HTTPS,VNC,FTP等)的横幅。Netcat将启动与远程系统指定端口的连接,并使用echo
命令将返回的响应作为文本打印到控制台。
$ nc 172.104.31.121 443
Then we will issue the following HTTP command in order to make a request to the remote HTTP server. The server will respond to this with the information or banner of itself.
然后,我们将发出以下HTTP命令,以便向远程HTTP服务器发出请求。 服务器将使用其自身的信息或横幅对此作出响应。
GET / HTTP 2.0
翻译自: https://www.poftut.com/netcat-nc-command-tutorial-examples/