linux命令netcat nc命令总结
一. 概述
Netcat
用于从TCP/UDP
连接中读取或发送网络数据。cat
是Linux
中查看或连接文件的命令,所以netcat
本意为从网络上查看文件内容。而Netcat
的作者Hobbit
为它添加了非常丰富的功能,使它几乎能够完成网络操作中各式各样的操作,所以Netcat
在网络安全领域被称作TCP/IP
的瑞士军刀(Swiss-army knife forTCP/IP
)。
Netcat
稳定版1.10
由Hobbit
在1996
年3
月发布(开源软件),之后作者没有再对其进行维护,但该工具十多年来依然在被广泛地使用,而且基于Netcat的各种衍生工具也层出不穷,他们在很多方面增强或扩展了Netcat
的功能。
二. 参数
$ nc -h
OpenBSD netcat (Debian patchlevel 1.187-1ubuntu0.1)
usage: nc [-46CDdFhklNnrStUuvZz] [-I length] [-i interval] [-M ttl]
[-m minttl] [-O length] [-P proxy_username] [-p source_port]
[-q seconds] [-s source] [-T keyword] [-V rtable] [-W recvlimit] [-w timeout]
[-X proxy_protocol] [-x proxy_address[:port]] [destination] [port]
Command Summary:
-4 Use IPv4
-6 Use IPv6
-b Allow broadcast
-C Send CRLF as line-ending
-D Enable the debug socket option
-d Detach from stdin
-F Pass socket fd
-h This help text
-I length TCP receive buffer length
-i interval Delay interval for lines sent, ports scanned
-k Keep inbound sockets open for multiple connects
-l Listen mode, for inbound connects
-M ttl Outgoing TTL / Hop Limit
-m minttl Minimum incoming TTL / Hop Limit
-N Shutdown the network socket after EOF on stdin
-n Suppress name/port resolutions
-O length TCP send buffer length
-P proxyuser Username for proxy authentication
-p port Specify local port for remote connects
-q secs quit after EOF on stdin and delay of secs
-r Randomize remote ports
-S Enable the TCP MD5 signature option
-s source Local source address
-T keyword TOS value
-t Answer TELNET negotiation
-U Use UNIX domain socket
-u UDP mode
-V rtable Specify alternate routing table
-v Verbose
-W recvlimit Terminate after receiving a number of packets
-w timeout Timeout for connects and final net reads
-X proto Proxy protocol: "4", "5" (SOCKS) or "connect"
-x addr[:port] Specify proxy address and port
-Z DCCP mode
-z Zero-I/O mode [used for scanning]
Port numbers can be individual or ranges: lo-hi [inclusive]
三. 场景
端口扫描
$ 扫描一个TCP端口
nc -nvz -w2 172.16.131.29 22
$ 扫描多个TCP端口
nc -nvz -w2 172.16.131.29 22-25
$ 如果是UDP端口扫描,使用-u参数即可
nc -nvz -w2 -u 172.16.131.29 22
实时展示对端的输入
$ A端(A端IP为172.16.131.29)
nc -l -p 3333
where are you from!
haha
$ B端
nc -nv 172.16.131.29 3333
where are you from!
haha
将A服务器上的目录结构传输到B服务器上
$ B端(B端IP为172.16.128.98)
nc -l -p 3333 > a_directory.txt
$ A端
tree / | nc -nv 172.16.128.98 3333
传输文本
$ 接收端(IP为172.16.131.29)
nc -lp 3333 > passwd.txt
$ 发送端
nc -nv 172.16.131.29 3333 < /etc/passwd
传输目录
$ 发送端
tar -cvf - Downloads/ | nc -lp 3333
$ 接收端
nc -nv 172.16.131.29 3333 | tar -xvf -
运行bash命令
$ 被控制端
nc -lp 3333 -c bash
$ 控制中心
nc 172.16.131.29 3333
ls -l
total 0
drwxr-xr-x. 2 work work 6 Dec 24 15:35 Desktop
drwxr-xr-x. 2 work work 22 Dec 25 19:57 Documents
drwxr-xr-x. 3 work work 76 Dec 31 17:02 Downloads
drwxr-xr-x. 2 work work 6 Dec 24 15:35 Music
-rw-rw-r--. 1 work work 0 Dec 31 16:55 passwd.txt
drwxr-xr-x. 2 work work 6 Dec 24 15:35 Pictures
drwxr-xr-x. 2 work work 6 Dec 24 15:35 Public
drwxr-xr-x. 2 work work 6 Dec 24 15:35 Templates
drwxr-xr-x. 2 work work 6 Dec 24 15:35 Videos
- 参考资料
Netcat nc工具详细介绍