Netcat（nc）命令教程及示例

Netcat is a simple but useful tool used for TCP, UDP, Unix-domain sockets. Netcat can listen or connect specified sockets easily. Netcat is a platform-independent command supported by Linux, Unix, Windows, BSD, macOS, etc. Common use cases for Netcat are;

Netcat是用于TCP，UDP，Unix域套接字的简单但有用的工具。 Netcat可以轻松监听或连接指定的套接字。 Netcat是Linux，Unix，Windows，BSD，macOS等支持的独立于平台的命令。

• Simple TCP proxy
  简单的TCP代理
• Shell script-based HTTP clients and Servers
  基于Shell脚本的HTTP客户端和服务器
• Network daemon testing
  网络守护程序测试
• A SOCKS or HTTP ProxyCommand for ssh
  ssh的SOCKS或HTTP ProxyCommand

netcat命令语法 (netcat Command Syntax)

We will use the following syntax for `nc` command.

我们将对`nc`命令使用以下语法。

netcat OPTIONS DESTINATION PORT

• OPTIONS used to set some special behavior like timeout, help, jumbo frame, etc.

  OPTIONS用于设置一些特殊行为，例如超时，帮助，巨型帧等。

• DESTINATION is used to specify remote system IP or Hostname.

  DESTINATION用于指定远程系统IP或主机名。

• PORT is the remote system port number.

  PORT是远程系统的端口号。

If we will use netcat as server the following syntax is valid.

如果我们将netcat用作服务器，则以下语法有效。

nc OPTIONS PORT

• OPTIONS used to set some special behavior like timeout, help, jumbo
  用于设置一些特殊行为的选项，例如超时，帮助，巨型
• PORT is the port number the server will listen
  PORT是服务器将监听的端口号

netcat命令帮助(netcat Command Help)

nc or netcat command has a lot of different options. Help and information about these options can get or printed with the -h option like below.

nc或netcat命令有很多不同的选项。 可以使用-h选项获得或打印有关这些选项的帮助和信息，如下所示。

$ nc -h

Help

帮帮我

We can see that netcat command provides a lot of different options.

我们可以看到netcat命令提供了许多不同的选项。

使用netcat命令进行端口扫描 (Port Scan with netcat Command)

Penetration testers generally use port scan techniques for information gathering. Nmap is one of the most popular tools to find open ports. Netcat can provide port scan functionality. The advantage of netcat is simplicity and no library dependency. Single netcat binary is enough for port scan and can be used for all operating systems like Windows, Linux, Unix, MacOS, BSD.

渗透测试人员通常使用端口扫描技术来收集信息。 Nmap是找到开放端口的最受欢迎的工具之一。 Netcat可以提供端口扫描功能。 netcat的优点是简单并且没有库依赖性。 单个netcat二进制文件足以进行端口扫描，并且可用于所有操作系统，例如Windows，Linux，Unix，MacOS，BSD。

We will use -z options for a port scan like below. In this example, we will scan IP address 192.168.122.1 which can be also a domain name like poftut.com . The port range is specified as 1-30 .

我们将使用-z选项进行端口扫描，如下所示。 在此示例中，我们将扫描IP地址192.168.122.1 ，它也可以是域名，例如poftut.com 。 端口范围指定为1-30 。

$ nc -z -v 192.168.122.1 1-30

Port Scan

端口扫描

The screenshot shows detailed output only port 22 is open as we can see. Make the IP scan faster with the -n option. This will disable the DNS resolutions about the target IP address.

屏幕截图显示了详细的输出，如我们所见，只有端口22打开。 使用-n选项可使IP扫描更快。 这将禁用有关目标IP地址的DNS解析。

$ nc -z -v  192.168.122.1 1-30

使用netcat命令进行详细扫描 (Verbose Scan with netcat Command)

In the previous example, we have scanned our host in a silent mode. Silent mode is the default mode which means only open ports will be printed to the console. There is an option -v that will produce more detailed information. The verbose mode can be also used for banner grabbing purposes. In the following example, we will scan the port range from 1 to 1000.

在前面的示例中，我们以静默方式扫描了主机。 静默模式是默认模式，这意味着仅打开的端口将被打印到控制台。 有一个选项-v将产生更详细的信息。 详细模式也可以用于横幅广告目的。 在下面的示例中，我们将扫描从1到1000的端口范围。

$ nc -z -v -n 192.168.122.1 1-1000

Verbose Scan

详细扫描

启动Netcat TCP服务器(Start Netcat TCP Server)

Another useful feature of netcat is acting as a TCP server. Netcat can listen to the specified TCP port. But as a security measure in Linux systems only privileged users can listen to ports between 1-1024 . In this example, we will listen to TCP ports 30. To give required privileges we use sudo command.

netcat另一个有用功能是充当TCP服务器。 Netcat可以侦听指定的TCP端口。 但是，作为Linux系统中的一项安全措施，只有特权用户才能侦听1-1024之间的端口。 在此示例中，我们将侦听TCP端口30。要赋予所需的特权，我们使用sudo命令。

$ sudo nc -l -p 30

TCP Server

TCP服务器

In the example screenshot, we see that a client is connected to our server and provided text like ls and test . This client tool can be telnet or netcat too. If we do not provide the sudo command to get root privileges we will get an error like Permission denied.

在示例屏幕截图中，我们看到客户端已连接到我们的服务器，并提供了ls和test类的文本。 该客户端工具也可以是telnet或netcat 。 如果我们不提供sudo命令来获得root特权，我们将得到诸如Permission denied的错误。

连接Netcat TCP服务器 (Connect Netcat TCP Server)

In the previous example, we have examined the TCP server. Netcat also provides client capabilities. To use netcat as a client we should provide hostname or IP address and the port information. There is no special option for this.

在前面的示例中，我们检查了TCP服务器。 Netcat还提供客户端功能。 要将netcat用作客户端，我们应提供主机名或IP地址以及端口信息。 对此没有特殊选择。

$ nc localhost 30

Connect Netcat TCP Server

连接Netcat TCP服务器

In this example, we have connected to the localhost ssh port number 22. SSH server sends us some text about it and waiting for the response.

在此示例中，我们已连接到localhost ssh端口号22。SSH服务器向我们发送有关该端口的文本并等待响应。

LEARN MORE  How To Direct and Reverse Ip Look Up With Nslookup In Linux and Windows?

了解更多信息如何在Linux和Windows中使用Nslookup定向和反向IP查找？

通过Netcat发送文件 (Send Files Trough Netcat)

Another useful feature of the netcat is file transfer. As we see previous examples netcat can transfer text easily with server-client architecture. There is no limit on transfer data. This data can be a normal program or a movie. But keep in mind the transfer time will change according to data size. In order to transfer we need to set up a server which is the destination. And in the server configuration, we will redirect the incoming data into a filename myfile.txt

netcat另一个有用功能是文件传输。 正如我们看到的先前示例一样， netcat可以使用服务器-客户端体系结构轻松传输文本。 传输数据没有限制。 该数据可以是普通节目或电影。 但是请记住，传输时间将根据数据大小而变化。 为了进行传输，我们需要设置一个服务器作为目的地。 在服务器配置中，我们会将传入的数据重定向到文件名myfile.txt

$ netcat -l -p 4444 > myfile.txt

Now we can send the file from the client. We will read file thefile.txt in the client-side by redirecting to the netcat file like below.

现在我们可以从客户端发送文件了。 我们将通过重定向到如下所示的netcat文件在客户端读取文件thefile.txt 。

$ nc 192.168.122.239 4444 < thefile.txt

After the transfer is completed both server and client-side netcat instances will be closed.

传输完成后，服务器和客户端netcat实例都将关闭。

使用Netcat命令的简单Web服务器 (Simple Web Server With Netcat Command)

Netcat has another interesting feature for simple usage. Netcat can be used as a simple web server. Actually, web servers are very simple if there are no special configuration requirements. Web servers only send HTML pages over HTTP protocol. Netcat can also send HTML code with redirection.

Netcat具有另一个有趣的功能，可简化使用。 Netcat可以用作简单的Web服务器。 实际上，如果没有特殊配置要求，则Web服务器非常简单。 Web服务器仅通过HTTP协议发送HTML页面。 Netcat还可以通过重定向发送HTML代码。

$ nc -l 4444 < index.html

Simple Web Server With Netcat

带有Netcat的简单Web服务器

In the client-side, we will use Google Chrome to navigate IP address 192.168.122.239 with port number 4444 

在客户端，我们将使用Google Chrome浏览器导航IP地址192.168.122.239 ，端口号为4444

Simple Web Server With Netcat

带有Netcat的简单Web服务器

防止DNS查找(Prevent DNS Lookup)

While using DNS lookup can be disabled with the option -n this will make operations faster.

使用选项-n可以禁用DNS查找时，这将使操作更快。

$ netcat -n google.com 80

客户端断开连接后继续收听 (Continue Listening After Client Has Disconnected)

By default, netcat will stop listening on the specified port and IP address after a client has ended its connection. This means netcat works as server listener. We can provide the -k option which will continue listening given port and IP address even the remote client ends its connection.

默认情况下，客户端终止连接后， netcat将停止侦听指定的端口和IP地址。 这意味着netcat充当服务器侦听器。 我们可以提供-k选项，即使远程客户端结束其连接，该选项也将继续侦听给定的端口和IP地址。

$ nc -k -l 4444

指定netcat连接超时 (Specify Timeout For netcat Connection)

After establishing a connection to the remote netcat server we transfer some data. If there is no transfer for during the specified time which is called timeout we can drop or close the connection. We will use -w option with the timeout value we want to set. In this example, we will set a timeout value as120.

与远程netcat服务器建立连接后，我们传输一些数据。 如果在指定的时间内没有传输(称为timeout我们可以断开或关闭连接。 我们将-w选项与我们要设置的超时值一起使用。 在此示例中，我们将超时值设置为120 。

$ nc -w 120 192.168.1.10 8888

仅将IPv4与netcat命令一起使用 (Use IPv4 Only with netcat Command)

netcat is a tool that supports both IPv4 and IPv6 and in some cases, we may want to only enable the IPv4 protocol. This is especially useful for listening to a specific port. We will use -4 as an option to enable only IPv4.

netcat是同时支持IPv4和IPv6的工具，在某些情况下，我们可能只希望启用IPv4协议。 这对于侦听特定端口特别有用。 我们将使用-4作为仅启用IPv4的选项。

$ nc -k -4 -l 4444

仅将IPv6与netcat命令一起使用 (Use IPv6 Only with netcat Command)

On the other side, we can also enable only IPv6.This is a very rare case but may be useful in some rare situations. We can enable only IPv6 with the -6 option like below.

另一方面，我们也只能启用IPv6，这是非常罕见的情况，但在某些罕见情况下可能有用。 我们只能使用-6选项启用IPv6，如下所示。

$ nc -k -6 -l 4444

使用netcat命令抓横幅 (Banner Grabbing with netcat Command)

netcat or nc can be used to grab banners of different ports like SSH, HTTP, HTTPS, VNC, FTP etc. Netcat will initiate a connection to the remote system specified port and print returned response as text to the console with the echo command.

netcat或nc可用于抓取不同端口(如SSH，HTTP，HTTPS，VNC，FTP等)的横幅。Netcat将启动与远程系统指定端口的连接，并使用echo命令将返回的响应作为文本打印到控制台。

$ nc 172.104.31.121 443

Then we will issue the following HTTP command in order to make a request to the remote HTTP server. The server will respond to this with the information or banner of itself.

然后，我们将发出以下HTTP命令，以便向远程HTTP服务器发出请求。 服务器将使用其自身的信息或横幅对此作出响应。

GET / HTTP 2.0

Banner Grabbing

横幅抢

翻译自: https://www.poftut.com/netcat-nc-command-tutorial-examples/