Understanding Netcat, the Swiss Army Knife for Ethical Hacking
Netcat (usually abbreviated as nc) is a powerful information security tool used for reading from and writing to network connections using the TCP or UDP protocol.
Usamaazad, who has more than four years of cyber security experience and currently teaches people his skills, says that “contrary to most tools, Netcat is capable of performing multiple functionalities, something which has earned it the name of the Swiss army knife for ethical hacking.”
Netcat is a feature-rich tool that is capable of creating nearly any type of connection, which makes it extremely useful for performing network debugging and exploration. Furthermore, it has been designed such that it can function both as a client and a server, which enhances its functionalities to a higher level.
Netcat is available by default on Kali Linux. Here are three of the most common uses of the penetration testing tool:
1. Port Scanning
Netcat can be used to methodically scan a target for open ports—though other advanced tools like Nmap and Scapy provide more detailed outputs. If the ports are established to be open, they can be employed to penetrate the host or launch attacks.
Here is an example of Netcat syntax for port scanning:
#nc -v 192.168.0.1 80
The -v flag informs Netcat to give more verbose output. 192.168.1.1 is the target’s IP address, and 80 indicates the port to be scanned. In this case, port 80, which is an http port, is open.
If you want to scan a range of ports, you can use a - (dash).
Here is an example that scans ports from 10 to 100:
#nc -v 192.168.0.1 10-100
2. Banner Grabbing with Netcat
Netcat can be used to extract helpful details about the target host and the services running on its open ports. As a fingerprinting technique, Netcat banner grabbing can give more details about a host, allowing ethical hackers to effectively take inventory of the systems and the services available on the network.
If Netcat is used to send a banner grabbing request, the response received can be analyzed to know more about the host, such as operating systems, web server, and other services running on the host.
To use Netcat for banner grabbing, you’ll need to first establish a connection to the target host and then send an HTTP request.
Here is a simple example for banner grabbing the google.com server:
3. Transferring Files
Furthermore, Netcat can also be used for transferring files between systems—instead of using FTP or other methods.
To accomplish this, you need to first set up Netcat on the sending end in listen mode. Then, on the receiver’s end, you can establish a connection to the specific IP address of the sending computer and execute the file transfer.
Here is an example of a Netcat syntax to transfer a text file from a Windows computer (listener) to a Linux one (client or recipient).
On the Windows computer:
nc -v -w 30 31337 -l < text.txt
-v—verbose mode; gives feedback on the screen during an operation
-w 30—tells Netcat to wait for 30 seconds before terminating the file transfer process
31337—the port number
-l—the computer is the listener
<text.txt—taking the file and sending it
On the Linux computer:
#nc -v -w 2 192.168.43.1 31337 > text.txt
-w 2—wait two seconds before canceling the transfer, in case of loss of connection
192.168.43.1—IP address of the Windows machine
31337—port of the Windows machine
>text.txt—receiving the output of the Windows machine and putting it in a new text file
This Netcat tutorial just covered the basics of using the powerful tool. To make the most of this tool, you should spend time practicing and playing with it; you’ll realize why it is aptly called the Swiss army knife for penetration testing.
What’s your experience with this amazing cyber security tool? Do you consider it a friend or a foe? Please share your thoughts in the comment section below.