Fredrik Fornwall
9 years ago
2 changed files with 556 additions and 0 deletions
@ -0,0 +1,18 @@ |
|||
TERMUX_PKG_HOMEPAGE=http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/nc.1 |
|||
TERMUX_PKG_DESCRIPTION="Utility for reading from and writing to connections using TCP or UDP" |
|||
TERMUX_PKG_VERSION=1.103 |
|||
_COMMIT=b023a43765b15f0b0fd5b52b7d8021f515c59c23 |
|||
TERMUX_PKG_SRCURL=https://github.com/android/platform_external_netcat/archive/${_COMMIT}.zip |
|||
TERMUX_PKG_FOLDERNAME=platform_external_netcat-$_COMMIT |
|||
|
|||
termux_step_make () { |
|||
return |
|||
} |
|||
|
|||
termux_step_make_install () { |
|||
cd $TERMUX_PKG_SRCDIR |
|||
CFLAGS+=" -DANDROID=1" |
|||
$CC $CFLAGS $LDFLAGS *.c -o $TERMUX_PREFIX/bin/nc |
|||
|
|||
cp $TERMUX_PKG_BUILDER_DIR/nc.1 $TERMUX_PREFIX/share/man/man1/ |
|||
} |
|||
@ -0,0 +1,538 @@ |
|||
.\" $OpenBSD: nc.1,v 1.60 2012/02/07 12:11:43 lum Exp $ |
|||
.\" |
|||
.\" Copyright (c) 1996 David Sacerdote |
|||
.\" All rights reserved. |
|||
.\" |
|||
.\" Redistribution and use in source and binary forms, with or without |
|||
.\" modification, are permitted provided that the following conditions |
|||
.\" are met: |
|||
.\" 1. Redistributions of source code must retain the above copyright |
|||
.\" notice, this list of conditions and the following disclaimer. |
|||
.\" 2. Redistributions in binary form must reproduce the above copyright |
|||
.\" notice, this list of conditions and the following disclaimer in the |
|||
.\" documentation and/or other materials provided with the distribution. |
|||
.\" 3. The name of the author may not be used to endorse or promote products |
|||
.\" derived from this software without specific prior written permission |
|||
.\" |
|||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
|||
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
|||
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
|||
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
|||
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|||
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
|||
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
|||
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
|||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|||
.\" |
|||
.Dd $Mdocdate: February 7 2012 $ |
|||
.Dt NC 1 |
|||
.Os |
|||
.Sh NAME |
|||
.Nm nc |
|||
.Nd arbitrary TCP and UDP connections and listens |
|||
.Sh SYNOPSIS |
|||
.Nm nc |
|||
.Bk -words |
|||
.Op Fl 46bCDdhklnrStUuvZz |
|||
.Op Fl I Ar length |
|||
.Op Fl i Ar interval |
|||
.Op Fl O Ar length |
|||
.Op Fl P Ar proxy_username |
|||
.Op Fl p Ar source_port |
|||
.Op Fl q Ar seconds |
|||
.Op Fl s Ar source |
|||
.Op Fl T Ar toskeyword |
|||
.Op Fl V Ar rtable |
|||
.Op Fl w Ar timeout |
|||
.Op Fl X Ar proxy_protocol |
|||
.Oo Xo |
|||
.Fl x Ar proxy_address Ns Oo : Ns |
|||
.Ar port Oc |
|||
.Xc Oc |
|||
.Op Ar destination |
|||
.Op Ar port |
|||
.Ek |
|||
.Sh DESCRIPTION |
|||
The |
|||
.Nm |
|||
(or |
|||
.Nm netcat ) |
|||
utility is used for just about anything under the sun involving TCP, |
|||
UDP, or |
|||
.Ux Ns -domain |
|||
sockets. |
|||
It can open TCP connections, send UDP packets, listen on arbitrary |
|||
TCP and UDP ports, do port scanning, and deal with both IPv4 and |
|||
IPv6. |
|||
Unlike |
|||
.Xr telnet 1 , |
|||
.Nm |
|||
scripts nicely, and separates error messages onto standard error instead |
|||
of sending them to standard output, as |
|||
.Xr telnet 1 |
|||
does with some. |
|||
.Pp |
|||
Common uses include: |
|||
.Pp |
|||
.Bl -bullet -offset indent -compact |
|||
.It |
|||
simple TCP proxies |
|||
.It |
|||
shell-script based HTTP clients and servers |
|||
.It |
|||
network daemon testing |
|||
.It |
|||
a SOCKS or HTTP ProxyCommand for |
|||
.Xr ssh 1 |
|||
.It |
|||
and much, much more |
|||
.El |
|||
.Pp |
|||
The options are as follows: |
|||
.Bl -tag -width Ds |
|||
.It Fl 4 |
|||
Forces |
|||
.Nm |
|||
to use IPv4 addresses only. |
|||
.It Fl 6 |
|||
Forces |
|||
.Nm |
|||
to use IPv6 addresses only. |
|||
.It Fl b |
|||
Allow broadcast. |
|||
.It Fl C |
|||
Send CRLF as line-ending. |
|||
.It Fl D |
|||
Enable debugging on the socket. |
|||
.It Fl d |
|||
Do not attempt to read from stdin. |
|||
.It Fl h |
|||
Prints out |
|||
.Nm |
|||
help. |
|||
.It Fl I Ar length |
|||
Specifies the size of the TCP receive buffer. |
|||
.It Fl i Ar interval |
|||
Specifies a delay time interval between lines of text sent and received. |
|||
Also causes a delay time between connections to multiple ports. |
|||
.It Fl k |
|||
Forces |
|||
.Nm |
|||
to stay listening for another connection after its current connection |
|||
is completed. |
|||
It is an error to use this option without the |
|||
.Fl l |
|||
option. |
|||
.It Fl l |
|||
Used to specify that |
|||
.Nm |
|||
should listen for an incoming connection rather than initiate a |
|||
connection to a remote host. |
|||
It is an error to use this option in conjunction with the |
|||
.Fl p , |
|||
.Fl s , |
|||
or |
|||
.Fl z |
|||
options. |
|||
Additionally, any timeouts specified with the |
|||
.Fl w |
|||
option are ignored. |
|||
.It Fl n |
|||
Do not do any DNS or service lookups on any specified addresses, |
|||
hostnames or ports. |
|||
.It Fl O Ar length |
|||
Specifies the size of the TCP send buffer. |
|||
.It Fl P Ar proxy_username |
|||
Specifies a username to present to a proxy server that requires authentication. |
|||
If no username is specified then authentication will not be attempted. |
|||
Proxy authentication is only supported for HTTP CONNECT proxies at present. |
|||
.It Fl p Ar source_port |
|||
Specifies the source port |
|||
.Nm |
|||
should use, subject to privilege restrictions and availability. |
|||
.It Fl q Ar seconds |
|||
after EOF on stdin, wait the specified number of seconds and then quit. If |
|||
.Ar seconds |
|||
is negative, wait forever. |
|||
.It Fl r |
|||
Specifies that source and/or destination ports should be chosen randomly |
|||
instead of sequentially within a range or in the order that the system |
|||
assigns them. |
|||
.It Fl S |
|||
Enables the RFC 2385 TCP MD5 signature option. |
|||
.It Fl s Ar source |
|||
Specifies the IP of the interface which is used to send the packets. |
|||
For |
|||
.Ux Ns -domain |
|||
datagram sockets, specifies the local temporary socket file |
|||
to create and use so that datagrams can be received. |
|||
It is an error to use this option in conjunction with the |
|||
.Fl l |
|||
option. |
|||
.It Fl T Ar toskeyword |
|||
Change IPv4 TOS value. |
|||
.Ar toskeyword |
|||
may be one of |
|||
.Ar critical , |
|||
.Ar inetcontrol , |
|||
.Ar lowcost , |
|||
.Ar lowdelay , |
|||
.Ar netcontrol , |
|||
.Ar throughput , |
|||
.Ar reliability , |
|||
or one of the DiffServ Code Points: |
|||
.Ar ef , |
|||
.Ar af11 ... af43 , |
|||
.Ar cs0 ... cs7 ; |
|||
or a number in either hex or decimal. |
|||
.It Fl t |
|||
Causes |
|||
.Nm |
|||
to send RFC 854 DON'T and WON'T responses to RFC 854 DO and WILL requests. |
|||
This makes it possible to use |
|||
.Nm |
|||
to script telnet sessions. |
|||
.It Fl U |
|||
Specifies to use |
|||
.Ux Ns -domain |
|||
sockets. |
|||
.It Fl u |
|||
Use UDP instead of the default option of TCP. |
|||
For |
|||
.Ux Ns -domain |
|||
sockets, use a datagram socket instead of a stream socket. |
|||
If a |
|||
.Ux Ns -domain |
|||
socket is used, a temporary receiving socket is created in |
|||
.Pa /tmp |
|||
unless the |
|||
.Fl s |
|||
flag is given. |
|||
.It Fl V Ar rtable |
|||
Set the routing table to be used. |
|||
The default is 0. |
|||
.It Fl v |
|||
Have |
|||
.Nm |
|||
give more verbose output. |
|||
.It Fl w Ar timeout |
|||
Connections which cannot be established or are idle timeout after |
|||
.Ar timeout |
|||
seconds. |
|||
The |
|||
.Fl w |
|||
flag has no effect on the |
|||
.Fl l |
|||
option, i.e.\& |
|||
.Nm |
|||
will listen forever for a connection, with or without the |
|||
.Fl w |
|||
flag. |
|||
The default is no timeout. |
|||
.It Fl X Ar proxy_protocol |
|||
Requests that |
|||
.Nm |
|||
should use the specified protocol when talking to the proxy server. |
|||
Supported protocols are |
|||
.Dq 4 |
|||
(SOCKS v.4), |
|||
.Dq 5 |
|||
(SOCKS v.5) |
|||
and |
|||
.Dq connect |
|||
(HTTPS proxy). |
|||
If the protocol is not specified, SOCKS version 5 is used. |
|||
.It Xo |
|||
.Fl x Ar proxy_address Ns Oo : Ns |
|||
.Ar port Oc |
|||
.Xc |
|||
Requests that |
|||
.Nm |
|||
should connect to |
|||
.Ar destination |
|||
using a proxy at |
|||
.Ar proxy_address |
|||
and |
|||
.Ar port . |
|||
If |
|||
.Ar port |
|||
is not specified, the well-known port for the proxy protocol is used (1080 |
|||
for SOCKS, 3128 for HTTPS). |
|||
.It Fl Z |
|||
DCCP mode. |
|||
.It Fl z |
|||
Specifies that |
|||
.Nm |
|||
should just scan for listening daemons, without sending any data to them. |
|||
It is an error to use this option in conjunction with the |
|||
.Fl l |
|||
option. |
|||
.El |
|||
.Pp |
|||
.Ar destination |
|||
can be a numerical IP address or a symbolic hostname |
|||
(unless the |
|||
.Fl n |
|||
option is given). |
|||
In general, a destination must be specified, |
|||
unless the |
|||
.Fl l |
|||
option is given |
|||
(in which case the local host is used). |
|||
For |
|||
.Ux Ns -domain |
|||
sockets, a destination is required and is the socket path to connect to |
|||
(or listen on if the |
|||
.Fl l |
|||
option is given). |
|||
.Pp |
|||
.Ar port |
|||
can be a single integer or a range of ports. |
|||
Ranges are in the form nn-mm. |
|||
In general, |
|||
a destination port must be specified, |
|||
unless the |
|||
.Fl U |
|||
option is given. |
|||
.Sh CLIENT/SERVER MODEL |
|||
It is quite simple to build a very basic client/server model using |
|||
.Nm . |
|||
On one console, start |
|||
.Nm |
|||
listening on a specific port for a connection. |
|||
For example: |
|||
.Pp |
|||
.Dl $ nc -l 1234 |
|||
.Pp |
|||
.Nm |
|||
is now listening on port 1234 for a connection. |
|||
On a second console |
|||
.Pq or a second machine , |
|||
connect to the machine and port being listened on: |
|||
.Pp |
|||
.Dl $ nc 127.0.0.1 1234 |
|||
.Pp |
|||
There should now be a connection between the ports. |
|||
Anything typed at the second console will be concatenated to the first, |
|||
and vice-versa. |
|||
After the connection has been set up, |
|||
.Nm |
|||
does not really care which side is being used as a |
|||
.Sq server |
|||
and which side is being used as a |
|||
.Sq client . |
|||
The connection may be terminated using an |
|||
.Dv EOF |
|||
.Pq Sq ^D . |
|||
.Pp |
|||
There is no |
|||
.Fl c |
|||
or |
|||
.Fl e |
|||
option in this netcat, but you still can execute a command after connection |
|||
being established by redirecting file descriptors. Be cautious here because |
|||
opening a port and let anyone connected execute arbitrary command on your |
|||
site is DANGEROUS. If you really need to do this, here is an example: |
|||
.Pp |
|||
On |
|||
.Sq server |
|||
side: |
|||
.Pp |
|||
.Dl $ rm -f /tmp/f; mkfifo /tmp/f |
|||
.Dl $ cat /tmp/f | /bin/sh -i 2>&1 | nc -l 127.0.0.1 1234 > /tmp/f |
|||
.Pp |
|||
On |
|||
.Sq client |
|||
side: |
|||
.Pp |
|||
.Dl $ nc host.example.com 1234 |
|||
.Dl $ (shell prompt from host.example.com) |
|||
.Pp |
|||
By doing this, you create a fifo at /tmp/f and make nc listen at port 1234 |
|||
of address 127.0.0.1 on |
|||
.Sq server |
|||
side, when a |
|||
.Sq client |
|||
establishes a connection successfully to that port, /bin/sh gets executed |
|||
on |
|||
.Sq server |
|||
side and the shell prompt is given to |
|||
.Sq client |
|||
side. |
|||
.Pp |
|||
When connection is terminated, |
|||
.Nm |
|||
quits as well. Use |
|||
.Fl k |
|||
if you want it keep listening, but if the command quits this option won't |
|||
restart it or keep |
|||
.Nm |
|||
running. Also don't forget to remove the file descriptor once you don't need |
|||
it anymore: |
|||
.Pp |
|||
.Dl $ rm -f /tmp/f |
|||
.Pp |
|||
.Sh DATA TRANSFER |
|||
The example in the previous section can be expanded to build a |
|||
basic data transfer model. |
|||
Any information input into one end of the connection will be output |
|||
to the other end, and input and output can be easily captured in order to |
|||
emulate file transfer. |
|||
.Pp |
|||
Start by using |
|||
.Nm |
|||
to listen on a specific port, with output captured into a file: |
|||
.Pp |
|||
.Dl $ nc -l 1234 \*(Gt filename.out |
|||
.Pp |
|||
Using a second machine, connect to the listening |
|||
.Nm |
|||
process, feeding it the file which is to be transferred: |
|||
.Pp |
|||
.Dl $ nc host.example.com 1234 \*(Lt filename.in |
|||
.Pp |
|||
After the file has been transferred, the connection will close automatically. |
|||
.Sh TALKING TO SERVERS |
|||
It is sometimes useful to talk to servers |
|||
.Dq by hand |
|||
rather than through a user interface. |
|||
It can aid in troubleshooting, |
|||
when it might be necessary to verify what data a server is sending |
|||
in response to commands issued by the client. |
|||
For example, to retrieve the home page of a web site: |
|||
.Bd -literal -offset indent |
|||
$ printf "GET / HTTP/1.0\er\en\er\en" | nc host.example.com 80 |
|||
.Ed |
|||
.Pp |
|||
Note that this also displays the headers sent by the web server. |
|||
They can be filtered, using a tool such as |
|||
.Xr sed 1 , |
|||
if necessary. |
|||
.Pp |
|||
More complicated examples can be built up when the user knows the format |
|||
of requests required by the server. |
|||
As another example, an email may be submitted to an SMTP server using: |
|||
.Bd -literal -offset indent |
|||
$ nc [\-C] localhost 25 \*(Lt\*(Lt EOF |
|||
HELO host.example.com |
|||
MAIL FROM:\*(Ltuser@host.example.com\*(Gt |
|||
RCPT TO:\*(Ltuser2@host.example.com\*(Gt |
|||
DATA |
|||
Body of email. |
|||
\&. |
|||
QUIT |
|||
EOF |
|||
.Ed |
|||
.Sh PORT SCANNING |
|||
It may be useful to know which ports are open and running services on |
|||
a target machine. |
|||
The |
|||
.Fl z |
|||
flag can be used to tell |
|||
.Nm |
|||
to report open ports, |
|||
rather than initiate a connection. Usually it's useful to turn on verbose |
|||
output to stderr by use this option in conjunction with |
|||
.Fl v |
|||
option. |
|||
.Pp |
|||
For example: |
|||
.Bd -literal -offset indent |
|||
$ nc \-zv host.example.com 20-30 |
|||
Connection to host.example.com 22 port [tcp/ssh] succeeded! |
|||
Connection to host.example.com 25 port [tcp/smtp] succeeded! |
|||
.Ed |
|||
.Pp |
|||
The port range was specified to limit the search to ports 20 \- 30, and is |
|||
scanned by increasing order. |
|||
.Pp |
|||
You can also specify a list of ports to scan, for example: |
|||
.Bd -literal -offset indent |
|||
$ nc \-zv host.example.com 80 20 22 |
|||
nc: connect to host.example.com 80 (tcp) failed: Connection refused |
|||
nc: connect to host.example.com 20 (tcp) failed: Connection refused |
|||
Connection to host.example.com port [tcp/ssh] succeeded! |
|||
.Ed |
|||
.Pp |
|||
The ports are scanned by the order you given. |
|||
.Pp |
|||
Alternatively, it might be useful to know which server software |
|||
is running, and which versions. |
|||
This information is often contained within the greeting banners. |
|||
In order to retrieve these, it is necessary to first make a connection, |
|||
and then break the connection when the banner has been retrieved. |
|||
This can be accomplished by specifying a small timeout with the |
|||
.Fl w |
|||
flag, or perhaps by issuing a |
|||
.Qq Dv QUIT |
|||
command to the server: |
|||
.Bd -literal -offset indent |
|||
$ echo "QUIT" | nc host.example.com 20-30 |
|||
SSH-1.99-OpenSSH_3.6.1p2 |
|||
Protocol mismatch. |
|||
220 host.example.com IMS SMTP Receiver Version 0.84 Ready |
|||
.Ed |
|||
.Sh EXAMPLES |
|||
Open a TCP connection to port 42 of host.example.com, using port 31337 as |
|||
the source port, with a timeout of 5 seconds: |
|||
.Pp |
|||
.Dl $ nc -p 31337 -w 5 host.example.com 42 |
|||
.Pp |
|||
Open a UDP connection to port 53 of host.example.com: |
|||
.Pp |
|||
.Dl $ nc -u host.example.com 53 |
|||
.Pp |
|||
Open a TCP connection to port 42 of host.example.com using 10.1.2.3 as the |
|||
IP for the local end of the connection: |
|||
.Pp |
|||
.Dl $ nc -s 10.1.2.3 host.example.com 42 |
|||
.Pp |
|||
Create and listen on a |
|||
.Ux Ns -domain |
|||
stream socket: |
|||
.Pp |
|||
.Dl $ nc -lU /var/tmp/dsocket |
|||
.Pp |
|||
Connect to port 42 of host.example.com via an HTTP proxy at 10.2.3.4, |
|||
port 8080. |
|||
This example could also be used by |
|||
.Xr ssh 1 ; |
|||
see the |
|||
.Cm ProxyCommand |
|||
directive in |
|||
.Xr ssh_config 5 |
|||
for more information. |
|||
.Pp |
|||
.Dl $ nc -x10.2.3.4:8080 -Xconnect host.example.com 42 |
|||
.Pp |
|||
The same example again, this time enabling proxy authentication with username |
|||
.Dq ruser |
|||
if the proxy requires it: |
|||
.Pp |
|||
.Dl $ nc -x10.2.3.4:8080 -Xconnect -Pruser host.example.com 42 |
|||
.Sh SEE ALSO |
|||
.Xr cat 1 , |
|||
.Xr ssh 1 |
|||
.Sh AUTHORS |
|||
Original implementation by *Hobbit* |
|||
.Aq hobbit@avian.org . |
|||
.br |
|||
Rewritten with IPv6 support by |
|||
.An Eric Jackson Aq ericj@monkey.org . |
|||
.br |
|||
Modified for Debian port by Aron Xu |
|||
.Aq aron@debian.org . |
|||
.Sh CAVEATS |
|||
UDP port scans using the |
|||
.Fl uz |
|||
combination of flags will always report success irrespective of |
|||
the target machine's state. |
|||
However, |
|||
in conjunction with a traffic sniffer either on the target machine |
|||
or an intermediary device, |
|||
the |
|||
.Fl uz |
|||
combination could be useful for communications diagnostics. |
|||
Note that the amount of UDP traffic generated may be limited either |
|||
due to hardware resources and/or configuration settings. |
|||
Loading…
Reference in new issue