summaryrefslogtreecommitdiffstats
path: root/ncat/docs/ncat.1
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--ncat/docs/ncat.1787
1 files changed, 787 insertions, 0 deletions
diff --git a/ncat/docs/ncat.1 b/ncat/docs/ncat.1
new file mode 100644
index 0000000..7fbc5b5
--- /dev/null
+++ b/ncat/docs/ncat.1
@@ -0,0 +1,787 @@
+'\" t
+.\" Title: Ncat
+.\" Author: [see the "Authors" section]
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 05/17/2023
+.\" Manual: Ncat Reference Guide
+.\" Source: Ncat
+.\" Language: English
+.\"
+.TH "NCAT" "1" "05/17/2023" "Ncat" "Ncat Reference Guide"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+ncat \- Concatenate and redirect sockets
+.SH "SYNOPSIS"
+.HP \w'\fBncat\fR\ 'u
+\fBncat\fR [\fIOPTIONS\fR...] [\fIhostname\fR] [\fIport\fR]
+.SH "DESCRIPTION"
+.PP
+Ncat is a feature\-packed networking utility which reads and writes data across networks from the command line\&. Ncat was written for the Nmap Project and is the culmination of the currently splintered family of Netcat incarnations\&. It is designed to be a reliable back\-end tool to instantly provide network connectivity to other applications and users\&. Ncat will not only work with IPv4 and IPv6 but provides the user with a virtually limitless number of potential uses\&.
+.PP
+Among Ncat\*(Aqs vast number of features there is the ability to chain Ncats together; redirection of TCP, UDP, and SCTP ports to other sites; SSL support; and proxy connections via SOCKS4, SOCKS5 or HTTP proxies (with optional proxy authentication as well)\&. Some general principles apply to most applications and thus give you the capability of instantly adding networking support to software that would normally never support it\&.
+.SH "OPTIONS SUMMARY"
+.PP
+.if n \{\
+.RS 4
+.\}
+.nf
+Ncat 7\&.94 ( https://nmap\&.org/ncat )
+Usage: ncat [options] [hostname] [port]
+
+Options taking a time assume seconds\&. Append \*(Aqms\*(Aq for milliseconds,
+\*(Aqs\*(Aq for seconds, \*(Aqm\*(Aq for minutes, or \*(Aqh\*(Aq for hours (e\&.g\&. 500ms)\&.
+ \-4 Use IPv4 only
+ \-6 Use IPv6 only
+ \-U, \-\-unixsock Use Unix domain sockets only
+ \-\-vsock Use vsock sockets only
+ \-C, \-\-crlf Use CRLF for EOL sequence
+ \-c, \-\-sh\-exec <command> Executes the given command via /bin/sh
+ \-e, \-\-exec <command> Executes the given command
+ \-\-lua\-exec <filename> Executes the given Lua script
+ \-g hop1[,hop2,\&.\&.\&.] Loose source routing hop points (8 max)
+ \-G <n> Loose source routing hop pointer (4, 8, 12, \&.\&.\&.)
+ \-m, \-\-max\-conns <n> Maximum <n> simultaneous connections
+ \-h, \-\-help Display this help screen
+ \-d, \-\-delay <time> Wait between read/writes
+ \-o, \-\-output <filename> Dump session data to a file
+ \-x, \-\-hex\-dump <filename> Dump session data as hex to a file
+ \-i, \-\-idle\-timeout <time> Idle read/write timeout
+ \-p, \-\-source\-port port Specify source port to use
+ \-s, \-\-source addr Specify source address to use (doesn\*(Aqt affect \-l)
+ \-l, \-\-listen Bind and listen for incoming connections
+ \-k, \-\-keep\-open Accept multiple connections in listen mode
+ \-n, \-\-nodns Do not resolve hostnames via DNS
+ \-t, \-\-telnet Answer Telnet negotiations
+ \-u, \-\-udp Use UDP instead of default TCP
+ \-\-sctp Use SCTP instead of default TCP
+ \-v, \-\-verbose Set verbosity level (can be used several times)
+ \-w, \-\-wait <time> Connect timeout
+ \-z Zero\-I/O mode, report connection status only
+ \-\-append\-output Append rather than clobber specified output files
+ \-\-send\-only Only send data, ignoring received; quit on EOF
+ \-\-recv\-only Only receive data, never send anything
+ \-\-no\-shutdown Continue half\-duplex when receiving EOF on stdin
+ \-\-allow Allow only given hosts to connect to Ncat
+ \-\-allowfile A file of hosts allowed to connect to Ncat
+ \-\-deny Deny given hosts from connecting to Ncat
+ \-\-denyfile A file of hosts denied from connecting to Ncat
+ \-\-broker Enable Ncat\*(Aqs connection brokering mode
+ \-\-chat Start a simple Ncat chat server
+ \-\-proxy <addr[:port]> Specify address of host to proxy through
+ \-\-proxy\-type <type> Specify proxy type ("http", "socks4", "socks5")
+ \-\-proxy\-auth <auth> Authenticate with HTTP or SOCKS proxy server
+ \-\-proxy\-dns <type> Specify where to resolve proxy destination
+ \-\-ssl Connect or listen with SSL
+ \-\-ssl\-cert Specify SSL certificate file (PEM) for listening
+ \-\-ssl\-key Specify SSL private key (PEM) for listening
+ \-\-ssl\-verify Verify trust and domain name of certificates
+ \-\-ssl\-trustfile PEM file containing trusted SSL certificates
+ \-\-ssl\-ciphers Cipherlist containing SSL ciphers to use
+ \-\-ssl\-servername Request distinct server name (SNI)
+ \-\-ssl\-alpn ALPN protocol list to use
+ \-\-version Display Ncat\*(Aqs version information and exit
+
+See the ncat(1) manpage for full options, descriptions and usage examples
+.fi
+.if n \{\
+.RE
+.\}
+.sp
+.SH "CONNECT MODE AND LISTEN MODE"
+.PP
+Ncat operates in one of two primary modes: connect mode and listen mode\&. Other modes, such as the HTTP proxy server, act as special cases of these two\&. In connect mode, Ncat works as a client\&. In listen mode it is a server\&.
+.PP
+In connect mode, the
+\fB\fIhostname\fR\fR
+and
+\fB\fIport\fR\fR
+arguments tell what to connect to\&.
+\fB\fIhostname\fR\fR
+is required, and may be a hostname or IP address\&. If
+\fB\fIport\fR\fR
+is supplied, it must be a decimal port number\&. If omitted, it defaults to 31337\&.
+.PP
+In listen mode,
+\fB\fIhostname\fR\fR
+and
+\fB\fIport\fR\fR
+control the address the server will bind to\&. Both arguments are optional in listen mode\&. If
+\fB\fIhostname\fR\fR
+is omitted, it defaults to listening on all available addresses over IPv4 and IPv6\&. If
+\fB\fIport\fR\fR
+is omitted, it defaults to 31337\&.
+.SH "PROTOCOL OPTIONS"
+.PP
+\fB\-4\fR (IPv4 only)
+.RS 4
+Force the use of IPv4 only\&.
+.RE
+.PP
+\fB\-6\fR (IPv6 only)
+.RS 4
+Force the use of IPv6 only\&.
+.RE
+.PP
+\fB\-U\fR, \fB\-\-unixsock\fR (Use Unix domain sockets)
+.RS 4
+Use Unix domain sockets rather than network sockets\&. This option may be used on its own for stream sockets, or combined with
+\fB\-\-udp\fR
+for datagram sockets\&. A description of
+\fB\-U\fR
+mode is in
+the section called \(lqUNIX DOMAIN SOCKETS\(rq\&.
+.RE
+.PP
+\fB\-u\fR, \fB\-\-udp\fR (Use UDP)
+.RS 4
+Use UDP for the connection (the default is TCP)\&.
+.RE
+.PP
+\fB\-\-sctp\fR (Use SCTP)
+.RS 4
+Use SCTP for the connection (the default is TCP)\&. SCTP support is implemented in TCP\-compatible mode\&.
+.RE
+.PP
+\fB\-\-vsock\fR (Use AF_VSOCK sockets)
+.RS 4
+Use AF_VSOCK sockets rather than the default TCP sockets (Linux only)\&. This option may be used on its own for stream sockets or combined with
+\fB\-\-udp\fR
+for datagram sockets\&. A description of
+\fB\-\-vsock\fR
+mode is in
+the section called \(lqAF_VSOCK SOCKETS\(rq\&.
+.RE
+.SH "CONNECT MODE OPTIONS"
+.PP
+\fB\-g \fR\fB\fIhop1\fR\fR\fB[,\fIhop2\fR,\&.\&.\&.]\fR (Loose source routing)
+.RS 4
+Sets hops for IPv4 loose source routing\&. You can use
+\fB\-g\fR
+once with a comma\-separated list of hops, use
+\fB\-g\fR
+multiple times with single hops to build the list, or combine the two\&. Hops can be given as IP addresses or hostnames\&.
+.RE
+.PP
+\fB\-G \fR\fB\fIptr\fR\fR (Set source routing pointer)
+.RS 4
+Sets the IPv4 source route
+\(lqpointer\(rq
+for use with
+\fB\-g\fR\&. The argument must be a multiple of 4 and no more than 28\&. Not all operating systems support setting this pointer to anything other than four\&.
+.RE
+.PP
+\fB\-p \fR\fB\fIport\fR\fR, \fB\-\-source\-port \fR\fB\fIport\fR\fR (Specify source port)
+.RS 4
+Set the port number for Ncat to bind to\&.
+.RE
+.PP
+\fB\-s \fR\fB\fIhost\fR\fR, \fB\-\-source \fR\fB\fIhost\fR\fR (Specify source address)
+.RS 4
+Set the address for Ncat to bind to\&.
+.RE
+.SH "LISTEN MODE OPTIONS"
+.PP
+See
+the section called \(lqACCESS CONTROL OPTIONS\(rq
+for information on limiting the hosts that may connect to the listening Ncat process\&.
+.PP
+\fB\-l\fR, \fB\-\-listen\fR (Listen for connections)
+.RS 4
+Listen for connections rather than connecting to a remote machine
+.RE
+.PP
+\fB\-m \fR\fB\fInumconns\fR\fR, \fB\-\-max\-conns \fR\fB\fInumconns\fR\fR (Specify maximum number of connections)
+.RS 4
+The maximum number of simultaneous connections accepted by an Ncat instance\&. 100 is the default (60 on Windows)\&.
+.RE
+.PP
+\fB\-k\fR, \fB\-\-keep\-open\fR (Accept multiple connections)
+.RS 4
+Normally a listening server accepts only one connection and then quits when the connection is closed\&. This option makes it accept multiple simultaneous connections and wait for more connections after they have all been closed\&. It must be combined with
+\fB\-\-listen\fR\&. In this mode there is no way for Ncat to know when its network input is finished, so it will keep running until interrupted\&. This also means that it will never close its output stream, so any program reading from Ncat and looking for end\-of\-file will also hang\&.
+.RE
+.PP
+\fB\-\-broker\fR (Connection brokering)
+.RS 4
+Allow multiple parties to connect to a centralised Ncat server and communicate with each other\&. Ncat can broker communication between systems that are behind a NAT or otherwise unable to directly connect\&. This option is used in conjunction with
+\fB\-\-listen\fR, which causes the
+\fB\-\-listen\fR
+port to have broker mode enabled\&.
+.RE
+.PP
+\fB\-\-chat\fR (Ad\-hoc \(lqchat server\(rq)
+.RS 4
+The
+\fB\-\-chat\fR
+option enables chat mode, intended for the exchange of text between several users\&. In chat mode, connection brokering is turned on\&. Ncat prefixes each message received with an ID before relaying it to the other connections\&. The ID is unique for each connected client\&. This helps distinguish who sent what\&. Additionally, non\-printing characters such as control characters are escaped to keep them from doing damage to a terminal\&.
+.RE
+.SH "SSL OPTIONS"
+.PP
+\fB\-\-ssl\fR (Use SSL)
+.RS 4
+In connect mode, this option transparently negotiates an SSL session with an SSL server to securely encrypt the connection\&. This is particularly handy for talking to SSL enabled HTTP servers, etc\&.
+.sp
+In server mode, this option listens for incoming SSL connections, rather than plain untunneled traffic\&.
+.sp
+In UDP mode, this option enables Datagram TLS (DTLS)\&.
+.RE
+.PP
+\fB\-\-ssl\-verify\fR (Verify server certificates)
+.RS 4
+In client mode,
+\fB\-\-ssl\-verify\fR
+is like
+\fB\-\-ssl\fR
+except that it also requires verification of the server certificate\&. Ncat comes with a default set of trusted certificates in the file
+ca\-bundle\&.crt\&.
+Some operating systems provide a default list of trusted certificates; these will also be used if available\&. Use
+\fB\-\-ssl\-trustfile\fR
+to give a custom list\&. Use
+\fB\-v\fR
+one or more times to get details about verification failures\&.
+Ncat does not check for revoked certificates\&.
+.sp
+This option has no effect in server mode\&.
+.RE
+.PP
+\fB\-\-ssl\-cert \fR\fB\fIcertfile\&.pem\fR\fR (Specify SSL certificate)
+.RS 4
+This option gives the location of a PEM\-encoded certificate files used to authenticate the server (in listen mode) or the client (in connect mode)\&. Use it in combination with
+\fB\-\-ssl\-key\fR\&.
+.RE
+.PP
+\fB\-\-ssl\-key \fR\fB\fIkeyfile\&.pem\fR\fR (Specify SSL private key)
+.RS 4
+This option gives the location of the PEM\-encoded private key file that goes with the certificate named with
+\fB\-\-ssl\-cert\fR\&.
+.RE
+.PP
+\fB\-\-ssl\-trustfile \fR\fB\fIcert\&.pem\fR\fR (List trusted certificates)
+.RS 4
+This option sets a list of certificates that are trusted for purposes of certificate verification\&. It has no effect unless combined with
+\fB\-\-ssl\-verify\fR\&. The argument to this option is the name of a PEM
+file containing trusted certificates\&. Typically, the file will contain certificates of certification authorities, though it may also contain server certificates directly\&. When this option is used, Ncat does not use its default certificates\&.
+.RE
+.PP
+\fB\-\-ssl\-ciphers \fR\fB\fIcipherlist\fR\fR (Specify SSL ciphersuites)
+.RS 4
+This option sets the list of ciphersuites that Ncat will use when connecting to servers or when accepting SSL connections from clients\&. The syntax is described in the OpenSSL ciphers(1) man page, and defaults to
+ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!MD5:@STRENGTH
+.RE
+.PP
+\fB\-\-ssl\-servername \fR\fB\fIname\fR\fR (Request distinct server name)
+.RS 4
+In client mode, this option sets the TLS SNI (Server Name Indication) extension, which tells the server the name of the logical server Ncat is contacting\&. This is important when the target server hosts multiple virtual servers at a single underlying network address\&. If the option is not provided, the TLS SNI extension will be populated with the target server hostname\&.
+.RE
+.PP
+\fB\-\-ssl\-alpn \fR\fB\fIALPN list\fR\fR (Specify ALPN protocol list)
+.RS 4
+This option allows you to specify a comma\-separated list of protocols to send via the Application\-Layer Protocol Negotiation (ALPN) TLS extension\&. Not supported by all versions of OpenSSL\&.
+.RE
+.SH "PROXY OPTIONS"
+.PP
+\fB\-\-proxy \fR\fB\fIhost\fR\fR\fB[:\fIport\fR]\fR (Specify proxy address)
+.RS 4
+Requests proxying through
+\fIhost\fR:\fIport\fR, using the protocol specified by
+\fB\-\-proxy\-type\fR\&.
+.sp
+If no port is specified, the proxy protocol\*(Aqs well\-known port is used (1080 for SOCKS and 3128 for HTTP)\&. When specifying an IPv6 HTTP proxy server using the IP address rather than the hostname, the square\-bracket notation (for example [2001:db8::1]:8080) MUST be used to separate the port from the IPv6 address\&. If the proxy requires authentication, use
+\fB\-\-proxy\-auth\fR\&.
+.RE
+.PP
+\fB\-\-proxy\-type \fR\fB\fIproto\fR\fR (Specify proxy protocol)
+.RS 4
+In connect mode, this option requests the protocol
+\fIproto\fR
+to connect through the proxy host specified by
+\fB\-\-proxy\fR\&. In listen mode, this option has Ncat act as a proxy server using the specified protocol\&.
+.sp
+The currently available protocols in connect mode are
+http
+(CONNECT),
+socks4
+(SOCKSv4), and
+socks5
+(SOCKSv5)\&. The only server currently supported is
+http\&. If this option is not used, the default protocol is
+http\&.
+.RE
+.PP
+\fB\-\-proxy\-auth \fR\fB\fIuser\fR\fR\fB[:\fIpass\fR]\fR (Specify proxy credentials)
+.RS 4
+In connect mode, gives the credentials that will be used to connect to the proxy server\&. In listen mode, gives the credentials that will be required of connecting clients\&. For use with
+\fB\-\-proxy\-type http\fR
+or
+\fB\-\-proxy\-type socks5\fR, the form should be username:password\&. For
+\fB\-\-proxy\-type socks4\fR, it should be a username only\&.
+.sp
+These credentials can be alternatively passed onto Ncat by setting environment variable
+\fBNCAT_PROXY_AUTH\fR, which reduces the risk of the credentials being captured in process logs\&. (Option
+\fB\-\-proxy\-auth\fR
+takes precedence\&.)
+.RE
+.PP
+\fB\-\-proxy\-dns \fR\fB\fItype\fR\fR (Specify where to resolve proxy destination)
+.RS 4
+In connect mode, it provides control over whether proxy destination hostnames are resolved by the remote proxy server or locally, by Ncat itself\&. Possible values for
+\fItype\fR
+are:
+.sp
+local
+\- Hostnames are resolved locally on the Ncat host\&. Ncat exits with error if the hostname cannot be resolved\&.
+.sp
+remote
+\- Hostnames are passed directly onto the remote proxy server\&. This is the default behavior\&.
+.sp
+both
+\- Hostname resolution is first attempted on the Ncat host\&. Unresolvable hostnames are passed onto the remote proxy server\&.
+.sp
+none
+\- Hostname resolution is completely disabled\&. Only a literal IPv4 or IPv6 address can be used as the proxy destination\&.
+.sp
+Local hostname resolution generally respects IP version specified with options
+\fB\-4\fR
+or
+\fB\-6\fR, except for SOCKS4, which is incompatible with IPv6\&.
+.RE
+.SH "COMMAND EXECUTION OPTIONS"
+.PP
+\fB\-e \fR\fB\fIcommand\fR\fR, \fB\-\-exec \fR\fB\fIcommand\fR\fR (Execute command)
+.RS 4
+Execute the specified command after a connection has been established\&. The command must be specified as a full pathname\&. All input from the remote client will be sent to the application and responses sent back to the remote client over the socket, thus making your command\-line application interactive over a socket\&. Combined with
+\fB\-\-keep\-open\fR, Ncat will handle multiple simultaneous connections to your specified port/application like inetd\&. Ncat will only accept a maximum, definable, number of simultaneous connections controlled by the
+\fB\-m\fR
+option\&. By default this is set to 100 (60 on Windows)\&.
+.RE
+.PP
+\fB\-c \fR\fB\fIcommand\fR\fR, \fB\-\-sh\-exec \fR\fB\fIcommand\fR\fR (Execute command via sh)
+.RS 4
+Same as
+\fB\-e\fR, except it tries to execute the command via
+/bin/sh\&. This means you don\*(Aqt have to specify the full path for the command, and shell facilities like environment variables are available\&.
+.RE
+.PP
+\fB\-\-lua\-exec \fR\fB\fIfile\fR\fR (Execute a \&.lua script)
+.RS 4
+Runs the specified file as a Lua script after a connection has been established, using a built\-in interpreter\&. Both the script\*(Aqs standard input and the standard output are redirected to the connection data streams\&.
+.RE
+.PP
+All exec options add the following variables to the child\*(Aqs environment:
+.PP
+\fBNCAT_REMOTE_ADDR\fR, \fBNCAT_REMOTE_PORT\fR
+.RS 4
+The IP address and port number of the remote host\&. In connect mode, it\*(Aqs the target\*(Aqs address; in listen mode, it\*(Aqs the client\*(Aqs address\&.
+.RE
+.PP
+\fBNCAT_LOCAL_ADDR\fR, \fBNCAT_LOCAL_PORT\fR
+.RS 4
+The IP address and port number of the local end of the connection\&.
+.RE
+.PP
+\fBNCAT_PROTO\fR
+.RS 4
+The protocol in use: one of
+TCP,
+UDP, and
+SCTP\&.
+.RE
+.SH "ACCESS CONTROL OPTIONS"
+.PP
+\fB\-\-allow \fR\fB\fIhost\fR\fR\fB[,\fIhost\fR,\&.\&.\&.]\fR (Allow connections)
+.RS 4
+The list of hosts specified will be the only hosts allowed to connect to the Ncat process\&. All other connection attempts will be disconnected\&. In case of a conflict between
+\fB\-\-allow\fR
+and
+\fB\-\-deny\fR,
+\fB\-\-allow\fR
+takes precedence\&. Host specifications follow the same syntax used by Nmap\&.
+.RE
+.PP
+\fB\-\-allowfile \fR\fB\fIfile\fR\fR (Allow connections from file)
+.RS 4
+This has the same functionality as
+\fB\-\-allow\fR, except that the allowed hosts are provided in a new\-line delimited allow file, rather than directly on the command line\&.
+.RE
+.PP
+\fB\-\-deny \fR\fB\fIhost\fR\fR\fB[,\fIhost\fR,\&.\&.\&.]\fR (Deny connections)
+.RS 4
+Issue Ncat with a list of hosts that will not be allowed to connect to the listening Ncat process\&. Specified hosts will have their session silently terminated if they try to connect\&. In case of a conflict between
+\fB\-\-allow\fR
+and
+\fB\-\-deny\fR,
+\fB\-\-allow\fR
+takes precedence\&. Host specifications follow the same syntax used by Nmap\&.
+.RE
+.PP
+\fB\-\-denyfile \fR\fB\fIfile\fR\fR (Deny connections from file)
+.RS 4
+This is the same functionality as
+\fB\-\-deny\fR, except that excluded hosts are provided in a new\-line delimited deny file, rather than directly on the command line\&.
+.RE
+.SH "TIMING OPTIONS"
+.PP
+These options accept a
+time
+parameter\&. This is specified in seconds by default, though you can append
+ms,
+s,
+m, or
+h
+to the value to specify milliseconds, seconds, minutes, or hours\&.
+.PP
+\fB\-d \fR\fB\fItime\fR\fR, \fB\-\-delay \fR\fB\fItime\fR\fR (Specify line delay)
+.RS 4
+Set the delay interval for lines sent\&. This effectively limits the number of lines that Ncat will send in the specified period\&. This may be useful for low\-bandwidth sites, or have other uses such as coping with annoying
+\fBiptables \-\-limit\fR
+options\&.
+.RE
+.PP
+\fB\-i \fR\fB\fItime\fR\fR, \fB\-\-idle\-timeout \fR\fB\fItime\fR\fR (Specify idle timeout)
+.RS 4
+Set a fixed timeout for idle connections\&. If the idle timeout is reached, the connection is terminated\&.
+.RE
+.PP
+\fB\-w \fR\fB\fItime\fR\fR, \fB\-\-wait \fR\fB\fItime\fR\fR (Specify connect timeout)
+.RS 4
+Set a fixed timeout for connection attempts\&.
+.RE
+.SH "OUTPUT OPTIONS"
+.PP
+\fB\-o \fR\fB\fIfile\fR\fR, \fB\-\-output \fR\fB\fIfile\fR\fR (Save session data)
+.RS 4
+Dump session data to a file
+.RE
+.PP
+\fB\-x \fR\fB\fIfile\fR\fR, \fB\-\-hex\-dump \fR\fB\fIfile\fR\fR (Save session data in hex)
+.RS 4
+Dump session data in hex to a file\&.
+.RE
+.PP
+\fB\-\-append\-output\fR (Append output)
+.RS 4
+Issue Ncat with
+\fB\-\-append\-ouput\fR
+along with
+\fB\-o\fR
+and/or
+\fB\-x\fR
+and it will append the resulted output rather than truncating the specified output files\&.
+.RE
+.PP
+\fB\-v\fR, \fB\-\-verbose\fR (Be verbose)
+.RS 4
+Issue Ncat with
+\fB\-v\fR
+and it will be verbose and display all kinds of useful connection based information\&. Use more than once (\fB\-vv\fR,
+\fB\-vvv\fR\&.\&.\&.) for greater verbosity\&.
+.RE
+.SH "MISC OPTIONS"
+.PP
+\fB\-C\fR, \fB\-\-crlf\fR (Use CRLF as EOL)
+.RS 4
+This option tells Ncat to convert LF
+line endings to CRLF
+when taking input from standard input\&.
+This is useful for talking to some stringent servers directly from a terminal in one of the many common plain\-text protocols that use CRLF for end\-of\-line\&.
+.RE
+.PP
+\fB\-h\fR, \fB\-\-help\fR (Help screen)
+.RS 4
+Displays a short help screen with common options and parameters, and then exits\&.
+.RE
+.PP
+\fB\-\-recv\-only\fR (Only receive data)
+.RS 4
+If this option is passed, Ncat will only receive data and will not try to send anything\&.
+.RE
+.PP
+\fB\-\-send\-only\fR (Only send data)
+.RS 4
+If this option is passed, then Ncat will only send data and will ignore anything received\&. This option also causes Ncat to close the network connection and terminate after EOF is received on standard input\&.
+.RE
+.PP
+\fB\-\-no\-shutdown\fR (Do not shutdown into half\-duplex mode)
+.RS 4
+If this option is passed, Ncat will not invoke shutdown on a socket after seeing EOF on stdin\&. This is provided for backward\-compatibility with OpenBSD netcat, which exhibits this behavior when executed with its \*(Aq\-d\*(Aq option\&.
+.RE
+.PP
+\fB\-n\fR, \fB\-\-nodns\fR (Do not resolve hostnames)
+.RS 4
+Completely disable hostname resolution across all Ncat options, such as the destination, source address, source routing hops, and the proxy\&. All addresses must be specified numerically\&. (Note that resolution of proxy destinations is controlled separately via option
+\fB\-\-proxy\-dns\fR\&.)
+.RE
+.PP
+\fB\-t\fR, \fB\-\-telnet\fR (Answer Telnet negotiations)
+.RS 4
+Handle DO/DONT WILL/WONT Telnet negotiations\&. This makes it possible to script Telnet sessions with Ncat\&.
+.RE
+.PP
+\fB\-\-version\fR (Display version)
+.RS 4
+Displays the Ncat version number and exits\&.
+.RE
+.SH "UNIX DOMAIN SOCKETS"
+.PP
+The
+\fB\-U\fR
+option (same as
+\fB\-\-unixsock\fR) causes Ncat to use Unix domain sockets rather than network sockets\&. Unix domain sockets exist as an entry in the filesystem\&. You must give the name of a socket to connect to or to listen on\&. For example, to make a connection,
+.PP
+\fBncat \-U ~/unixsock\fR
+.PP
+To listen on a socket:
+.PP
+\fBncat \-l \-U ~/unixsock\fR
+.PP
+Listen mode will create the socket if it doesn\*(Aqt exist\&. The socket will continue to exist after the program ends\&.
+.PP
+Both stream and datagram domain sockets are supported\&. Use
+\fB\-U\fR
+on its own for stream sockets, or combine it with
+\fB\-\-udp\fR
+for datagram sockets\&. Datagram sockets require a source socket to connect from\&. By default, a source socket with a random filename will be created as needed, and deleted when the program ends\&. Use the
+\fB\-\-source\fR
+with a path to use a source socket with a specific name\&.
+.SH "AF_VSOCK SOCKETS"
+.PP
+The
+\fB\-\-vsock\fR
+option causes Ncat to use AF_VSOCK sockets rather than network sockets\&. A CID must be given instead of a hostname or IP address\&. For example, to make a connection to the host,
+.PP
+\fBncat \-\-vsock 2 1234\fR
+.PP
+To listen on a socket:
+.PP
+\fBncat \-l \-\-vsock 1234\fR
+.PP
+Both stream and datagram domain sockets are supported, but socket type availability depends on the hypervisor\&. Use
+\fB\-\-vsock\fR
+on its own for stream sockets, or combine it with
+\fB\-\-udp\fR
+for datagram sockets\&.
+.SH "EXAMPLES"
+.PP
+Connect to example\&.org on TCP port 8080\&.
+.RS 4
+\fBncat example\&.org 8080\fR
+.RE
+.PP
+Listen for connections on TCP port 8080\&.
+.RS 4
+\fBncat \-l 8080\fR
+.RE
+.PP
+Redirect TCP port 8080 on the local machine to host on port 80\&.
+.RS 4
+\fBncat \-\-sh\-exec "ncat example\&.org 80" \-l 8080 \-\-keep\-open\fR
+.RE
+.PP
+Bind to TCP port 8081 and attach /bin/bash for the world to access freely\&.
+.RS 4
+\fBncat \-\-exec "/bin/bash" \-l 8081 \-\-keep\-open\fR
+.RE
+.PP
+Bind a shell to TCP port 8081, limit access to hosts on a local network, and limit the maximum number of simultaneous connections to 3\&.
+.RS 4
+\fBncat \-\-exec "/bin/bash" \-\-max\-conns 3 \-\-allow 192\&.168\&.0\&.0/24 \-l 8081 \-\-keep\-open\fR
+.RE
+.PP
+Connect to smtphost:25 through a SOCKS4 server on port 1080\&.
+.RS 4
+\fBncat \-\-proxy socks4host \-\-proxy\-type socks4 \-\-proxy\-auth joe smtphost 25\fR
+.RE
+.PP
+Connect to smtphost:25 through a SOCKS5 server on port 1080\&.
+.RS 4
+\fBncat \-\-proxy socks5host \-\-proxy\-type socks5 \-\-proxy\-auth joe:secret smtphost 25\fR
+.RE
+.PP
+Create an HTTP proxy server on localhost port 8888\&.
+.RS 4
+\fBncat \-l \-\-proxy\-type http localhost 8888\fR
+.RE
+.PP
+Send a file over TCP port 9899 from host2 (client) to host1 (server)\&.
+.RS 4
+HOST1$
+\fBncat \-l 9899 > outputfile\fR
+.sp
+HOST2$
+\fBncat HOST1 9899 < inputfile\fR
+.RE
+.PP
+Transfer in the other direction, turning Ncat into a \(lqone file\(rq server\&.
+.RS 4
+HOST1$
+\fBncat \-l 9899 < inputfile\fR
+.sp
+HOST2$
+\fBncat HOST1 9899 > outputfile\fR
+.RE
+.SH "EXIT CODE"
+.PP
+The exit code reflects whether a connection was made and completed successfully\&. 0 means there was no error\&. 1 means there was a network error of some kind, for example
+\(lqConnection refused\(rq
+or
+\(lqConnection reset\(rq\&. 2 is reserved for all other errors, like an invalid option or a nonexistent file\&.
+.SH "BUGS"
+.PP
+Like its authors, Ncat isn\*(Aqt perfect\&. But you can help make it better by sending bug reports or even writing patches\&. If Ncat doesn\*(Aqt behave the way you expect, first upgrade to the latest version available from
+\m[blue]\fB\%https://nmap.org\fR\m[]\&. If the problem persists, do some research to determine whether it has already been discovered and addressed\&. Try Googling the error message or browsing the
+nmap\-dev
+archives at
+\m[blue]\fB\%https://seclists.org/\fR\m[]\&.
+
+Read this full manual page as well\&. If nothing comes of this, mail a bug report to
+<dev@nmap\&.org>\&. Please include everything you have learned about the problem, as well as what version of Ncat you are running and what operating system version it is running on\&. Problem reports and Ncat usage questions sent to dev@nmap\&.org are far more likely to be answered than those sent to Fyodor directly\&.
+.PP
+Code patches to fix bugs are even better than bug reports\&. Basic instructions for creating patch files with your changes are available at
+\m[blue]\fB\%https://svn.nmap.org/nmap/HACKING\fR\m[]\&. Patches may be sent to
+nmap\-dev
+(recommended) or to Fyodor directly\&.
+.SH "AUTHORS"
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+Chris Gibson
+<chris@linuxops\&.net>
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+Gordon Lyon (Fyodor)<fyodor@nmap\&.org>
+(\m[blue]\fB\%http://insecure.org\fR\m[])
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+Kris Katterjohn
+<katterjohn@gmail\&.com>
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+Mixter
+<mixter@gmail\&.com>
+.RE
+.PP
+The original Netcat was written by *Hobbit*
+<hobbit@avian\&.org>\&. While Ncat isn\*(Aqt built on any code from the
+\(lqtraditional\(rq
+Netcat (or any other implementation), Ncat is most definitely based on Netcat in spirit and functionality\&.
+.SH "LEGAL NOTICES"
+.SS "Ncat Copyright and Licensing"
+.PP
+Ncat is (C) 2005\(en2022 Nmap Software LLC\&. It is distributed as free and open source software under the same license terms as our Nmap software\&. Precise terms and further details are available
+from \m[blue]\fB\%https://nmap.org/man/man-legal.html\fR\m[]\&.
+.SS "Creative Commons License for this Ncat Guide"
+.PP
+This
+Ncat Reference Guide
+is (C) 2005\(en2022 Nmap Software LLC\&. It is hereby placed under version 3\&.0 of the
+\m[blue]\fBCreative Commons Attribution License\fR\m[]\&\s-2\u[1]\d\s+2\&. This allows you redistribute and modify the work as you desire, as long as you credit the original source\&. Alternatively, you may choose to treat this document as falling under the same license as Ncat itself (discussed previously)\&.
+.SS "Source Code Availability and Community Contributions"
+.PP
+Source is provided to this software because we believe users have a right to know exactly what a program is going to do before they run it\&. This also allows you to audit the software for security holes (none have been found so far)\&.
+.PP
+Source code also allows you to port Nmap (which includes Ncat) to new platforms, fix bugs, and add new features\&. You are highly encouraged to send your changes to
+<dev@nmap\&.org>
+for possible incorporation into the main distribution\&. By sending these changes to Fyodor or one of the Insecure\&.Org development mailing lists, it is assumed that you are offering the Nmap Project (Nmap Software LLC) the unlimited, non\-exclusive right to reuse, modify, and relicense the code\&. Nmap will always be available open source,
+but this is important because the inability to relicense code has caused devastating problems for other Free Software projects (such as KDE and NASM)\&. We also occasionally relicense the code to third parties as discussed in the Nmap man page\&. If you wish to specify special license conditions of your contributions, just say so when you send them\&.
+.SS "No Warranty"
+.PP
+This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the Nmap Public Source License for more details at
+\m[blue]\fB\%https://nmap.org/npsl/\fR\m[], or in the
+LICENSE
+file included with Nmap\&.
+.SS "Inappropriate Usage"
+.PP
+Ncat should never be installed with special privileges (e\&.g\&. suid root)\&.
+That would open up a major security vulnerability as other users on the system (or attackers) could use it for privilege escalation\&.
+.SS "Third\-Party Software"
+.PP
+This product includes software developed by the
+\m[blue]\fBApache Software Foundation\fR\m[]\&\s-2\u[2]\d\s+2\&. A modified version of the
+\m[blue]\fBLibpcap portable packet capture library\fR\m[]\&\s-2\u[3]\d\s+2
+is distributed along with Ncat\&. The Windows version of Ncat utilized the Libpcap\-derived
+\m[blue]\fBNpcap library\fR\m[]\&\s-2\u[4]\d\s+2
+instead\&. Certain raw networking functions use the
+\m[blue]\fBLibdnet\fR\m[]\&\s-2\u[5]\d\s+2
+networking library, which was written by Dug Song\&.
+A modified version is distributed with Ncat\&. Ncat can optionally link with the
+\m[blue]\fBOpenSSL cryptography toolkit\fR\m[]\&\s-2\u[6]\d\s+2
+for SSL version detection support\&. All of the third\-party software described in this paragraph is freely redistributable under BSD\-style software licenses\&.
+.SH "NOTES"
+.IP " 1." 4
+Creative Commons Attribution License
+.RS 4
+\%http://creativecommons.org/licenses/by/3.0/
+.RE
+.IP " 2." 4
+Apache Software Foundation
+.RS 4
+\%http://www.apache.org
+.RE
+.IP " 3." 4
+Libpcap portable packet capture library
+.RS 4
+\%http://www.tcpdump.org
+.RE
+.IP " 4." 4
+Npcap library
+.RS 4
+\%https://npcap.com
+.RE
+.IP " 5." 4
+Libdnet
+.RS 4
+\%http://libdnet.sourceforge.net
+.RE
+.IP " 6." 4
+OpenSSL cryptography toolkit
+.RS 4
+\%http://www.openssl.org
+.RE
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-24 19:00:46 +0000