ncat工具详细介绍

ncat使用语法及参数ncat [OPTIONS...] [hostname] [port]root@lalays:~# ncat -hNcat 7.01 ( [color=white !important][size=1em]https://nmap.org/ncat)Usage: ncat [options] [hostname] [port]Options taking a time assume seconds. Append 'ms' for milliseconds,'s' for seconds, 'm' for minutes, or 'h' for hours (e.g. 500ms).  -4                         Use IPv4 only  -6                         Use IPv6 only  -U, --unixsock             Use Unix domain sockets only  -C, --crlf                 Use CRLF for EOL sequence  -c, --sh-exec <command>    Executes the given command via /bin/sh  -e, --exec <command>       Executes the given command      --lua-exec <filename>  Executes the given Lua script  -g hop1[,hop2,...]         Loose source routing hop points (8 max)  -G <n>                     Loose source routing hop pointer (4, 8, 12, ...)  -m, --max-conns <n>        Maximum <n> simultaneous connections  -h, --help                 Display this help screen  -d, --delay <time>         Wait between read/writes  -o, --output <filename>    Dump session data to a file  -x, --hex-dump <filename>  Dump session data as hex to a file  -i, --idle-timeout <time>  Idle read/write timeout  -p, --source-port port     Specify source port to use  -s, --source addr          Specify source address to use (doesn't affect -l)  -l, --listen               Bind and listen for incoming connections  -k, --keep-open            Accept multiple connections in listen mode  -n, --nodns                Do not resolve hostnames via DNS  -t, --telnet               Answer Telnet negotiations  -u, --udp                  Use UDP instead of default TCP      --sctp                 Use SCTP instead of default TCP  -v, --verbose              Set verbosity level (can be used several times)  -w, --wait <time>          Connect timeout      --append-output        Append rather than clobber specified output files      --send-only            Only send data, ignoring received; quit on EOF      --recv-only            Only receive data, never send anything      --allow                Allow only given hosts to connect to Ncat      --allowfile            A file of hosts allowed to connect to Ncat      --deny                 Deny given hosts from connecting to Ncat      --denyfile             A file of hosts denied from connecting to Ncat      --broker               Enable Ncat's connection brokering mode      --chat                 Start a simple Ncat chat server      --proxy <addr[:port]>  Specify address of host to proxy through      --proxy-type <type>    Specify proxy type ("http" or "socks4" or "socks5")      --proxy-auth <auth>    Authenticate with HTTP or SOCKS proxy server      --ssl                  Connect or listen with SSL      --ssl-cert             Specify SSL certificate file (PEM) for listening      --ssl-key              Specify SSL private key (PEM) for listening      --ssl-verify           Verify trust and domain name of certificates      --ssl-trustfile        PEM file containing trusted SSL certificates      --ssl-ciphers          Cipherlist containing SSL ciphers to use      --version              Display Ncat's version information and exitSee the ncat(1) manpage for full options, descriptions and usage examples

-u    使用udp连接（不适用-u的话默认是使用tcp连接）-v    输出详细的连接产生的日志-n    不解析域名-l    绑定并侦听传入的连接（一般用于服务端）-c    通过/bin/sh 执行客户端参数过来的指令（通常使用方法为 -c bash）-w    设置连接超时时间--ssl    传输过程中使用ssl加密（服务端和客户端都要使用这个参数）

1）连接目标端口ncat lybbn.cn 80（2）端口转发ncat --sh-exec  "www.lybbn.cn 80" -l 8080 --keep-open（3）使用代理（使用socks4代理连接邮件服务器）ncat --proxy  www.lybbn.cn  --proxy-type socks4 --proxy-auth user smtphost 25（4）创建本地HTTP代理ncat -l --proxy-type http localhost 8888（5）文件传输（可以反向传输）服务端root@lalays:~# ncat -lv 333 > lybbn.txt注意：服务端的文件可以不用存在，传输时会自动创建客户端C:&gt;ncat -nv 172.16.0.182 333 < lybbnclient.txt（6）客户端使用ncat加密连接服务器服务端root@lalays:~# ncat -nvl 333 -c bash --ssl客户端C:&gt; ncat -nv 172.16.0.182 333 --ssl