Nmap-hackers,
As mentioned earlier, Google are sponsoring University students over summer to
work with mentoring organisations, in my case, Nmap!
My name is Chris Gibson. I am a 2nd year Computer Science student at the
University of Manchester, UK.
It is my job over summer (and for continued development in the future.) to bring
you a new re-interpretation of Netcat, a piece of software originally written by
Hobbit in ~1995 for shuffling network data around over the command-line. I will
also be developing a compact packet crafter that will be something similar to
hping2.
Some of the new Ncat features are to include:
* Enhanced Security with SSL support, password-protected encrypted channels,
incoming IP address restrictions.
* Support for IPv6.
* Connection forwarding, Connection Redirection.
* HTTP proxy and SOCKS proxy (chained) client support.
* Connection brokering. This will allow a proxied communication between hosts
that are each behind a NAT and thus can't connect directly.
* ASCII and Hex session dumps for various logging and replay functionality.
I've appended a copy of the initial documentation for Ncat, which is basically
the initial formation of the man page.
I would be extremely greatful for any constructive criticism, ideas about the
interface, features or basically anything anyone can think of that would make
Ncat better.
The manpage is still relatively rough and arguments and general usage, options,
etc are still open to interpretation. I am also aware that the list of switches
does not go in alphabetical order. I'm in the process of fixing this issue :)
Thanks,
Chris.
Ncat(1) Ncat(1)
NAME
Ncat - The Netcat Swiss Army Knife.
USAGE
Connect to `foobar' on port `8080'
ncat foobar 8080
Listen for connections on port `8080'
ncat -l 8080
Redirect TCP `8080' on the local machine to host `foobar'
on port 80.
ncat -l 8080 --exec "ncat foobar 80"
Bind to port `8081' and attach /bin/bash for all to access
freely.
ncat --exec /bin/bash -l 8081
Bind a shell to port `8081', restrict access based on IP
address, encrypt the connection and require a passphrase
to connect:
ncat --exec /bin/bash --allow 192.168.0.0/24 --secure -l
8081
Proxy incoming connections on port `8081' through proxy-
host.com on port 1080 to otherhost.net on port `9899' using
the user `foobar'
ncat -l 8081 --exec "ncat --socks-proxy proxy-
host.com:1080,otherhost.net:9899 --socks-user foobar"
Send a file over port `9899', which is encrypted &
requires a passphrase to connect. Ncat is set to shutdown
after the connection goes idle for longer than 8000ms.
HOST1$ ncat --secured -l 9899 > fat_file
HOST2$ ncat --send-only --secured --idle-ms 8000 foobar
9899 < mylargefile
OPTIONS
-6 Force the use of IPv6 only.
-e, --exec [command]
Execute the specified command after a con-
nection has been established. All input
from the remote client will be sent to the
application and responses sent back to the
remote client over the socket. Thus,
effectively instantly making your applica-
tion interactive over a socket. Ncat will
handle multiple simultaneous connections to
your specified port/application rather like
inetd does. Ncat will only accept a maximum
(definable) number of simultaneous connec-
tions. By default this is set to 100.
-h, --help Display help for Ncat and exit. This is a
short set of parameters and some simple
examples of Ncat's uses.
-i, --idle-ms [TIME]
Set the delay interval for lines sent.
Passing this command limits the number of
lines that Ncat will send in the specified
period. This is specified in milliseconds
for maximum flexibility. This may be useful
for low bandwidth sites, or have other uses
such as annoying iptables --limit options?
Minimum fixed value of 500ms.
-n, --no-dns Disable reverse lookup queries for any con-
nections done by Ncat. This applies to
incoming and outgoing connections.
-l, --listen [PORT]
Set the port number to listen on. This
operation will cause Ncat to bind to the
port specified in the argument.
-o, --output [FILE]
ASCII text dump with timestamps of protocol
chatter from your session.
-x, --hex-dump [FILE]
Hexdump of the session. (I think?) This can
be used by other applications to 'replay'
the session.
-t, --idle-timeout [TIME]
Set a fixed timeout for idle connections.
If the idle timeout is reached, the connec-
tion is terminated & Ncat shutsdown. The
time is taken in seconds. One potential use
for this is demonstrated in the "USAGE"
section of this file.
-r, --recv-only
If this option is passed, Ncat will only
receive data and will not try to send any-
thing.
-a, --address [HOST]
Set the address for Ncat to bind to
locally.
-s, --secure Set Ncat into secure mode. When connecting
to another Ncat process, you will be
prompted to enter a passphrase (fiddle
termios settings to disabled echo) that
Ncat will use to authenticate you into an
encrypted connection with the other secured
Ncat process. --secure also works with lis-
ten mode, where you will be prompted for a
one-time password, which is then required
of any client before connecting.
--send-only If this option is passed, then Ncat will
only send data and will ignore anything
received.
--socks-server Used in conjunction with the --listen
option to cause Ncat to spawn a SOCKS
server on the port specified by --listen.
--socks-proxy [SOCKS-PROXY-HOST]:[SOCKS-PROXY-
PORT],[HOST]:[PORT]
This option makes Ncat proxy through a
SOCKS4 host (SOCKS-PROXY-HOST) running on
the specified port (SOCKS-PROXY-PORT) and
uses your login name as the default user-
name for SOCKS connection.
--socks-user [NAME]
Set the SOCKS4 username you wish to supply
during a --socks-proxy based connection.
Without this option the default will be to
supply your login username during the
SOCKS4 connection.
--ssl Use in conjunction with your normal socket
operations (either --listen or --connect)
to cause Ncat to either connect using SSL
or to listen on a port as an SSL server.
--broker <[PORT],[PORT],[PORT],...>
Not sure how this is going to work yet. So
this space is intentionally left blank:
--ssl-cert [FILE]
Specifies the SSL certificate to use.
--deny <[HOST],[HOST],[HOST],...>
Issue Ncat with a list of hosts that will
not be allowed to connect to the listening
Ncat process. Hosts in this range will
have their connection silently dropped if
they try to connect.
--denyfile [FILE]
This is the same functionality as the
--deny option, except that excluded hosts
are provided in a new-line delimited deny
file, rather than directly on the command
line.
--allow <[HOST],[HOST],[HOST],...>
The list of hosts specified will be the
only hosts allowed to connect to the Ncat
process. All other connection attempts
will be silently dropped.
--allowfile <[HOST],[HOST],[HOST],...>
This has the same functionality as the
--allow option, except that the allowed
hosts are provided in a new-line delimited
allow file, rather than directly on the
command line.
-u, --udp Use UDP for the connection. (Default is
TCP.)
-v, --verbose Ncat will be verbose and display all kinds
of connection based information. If you
issue this twice (-vv) then you will get
all the code debugging information. Three
times (-vvv) and you get the connection
information AND the code debugging informa-
tion.
--version This displays the Ncat version, release
information and any additional build infor-
mation and then exits.
BUGS
If you find any bugs or have patches you would like to
submit to the Ncat project then email them to Chris Gibson
<chris_at_linuxops.net>
AUTHORS
Chris Gibson <chris_at_linuxops.net>
Ncat(1)
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Received on Jul 12 2005
Intro
