1NCAT(1)                      Ncat Reference Guide                      NCAT(1)
2
3
4

NAME

6       ncat - Concatenate and redirect sockets
7

SYNOPSIS

9       ncat [OPTIONS...] [hostname] [port]
10

DESCRIPTION

12       Ncat is a feature-packed networking utility which reads and writes data
13       across networks from the command line. Ncat was written for the Nmap
14       Project and is the culmination of the currently splintered family of
15       Netcat incarnations. It is designed to be a reliable back-end tool to
16       instantly provide network connectivity to other applications and users.
17       Ncat will not only work with IPv4 and IPv6 but provides the user with a
18       virtually limitless number of potential uses.
19
20       Among Ncat's vast number of features there is the ability to chain
21       Ncats together; redirection of TCP, UDP, and SCTP ports to other sites;
22       SSL support; and proxy connections via SOCKS4, SOCKS5 or HTTP proxies
23       (with optional proxy authentication as well). Some general principles
24       apply to most applications and thus give you the capability of
25       instantly adding networking support to software that would normally
26       never support it.
27

OPTIONS SUMMARY

29           Ncat 7.70SVN ( https://nmap.org/ncat )
30           Usage: ncat [options] [hostname] [port]
31
32           Options taking a time assume seconds. Append 'ms' for milliseconds,
33           's' for seconds, 'm' for minutes, or 'h' for hours (e.g. 500ms).
34             -4                         Use IPv4 only
35             -6                         Use IPv6 only
36             -U, --unixsock             Use Unix domain sockets only
37                 --vsock                Use vsock sockets only
38             -C, --crlf                 Use CRLF for EOL sequence
39             -c, --sh-exec <command>    Executes the given command via /bin/sh
40             -e, --exec <command>       Executes the given command
41                 --lua-exec <filename>  Executes the given Lua script
42             -g hop1[,hop2,...]         Loose source routing hop points (8 max)
43             -G <n>                     Loose source routing hop pointer (4, 8, 12, ...)
44             -m, --max-conns <n>        Maximum <n> simultaneous connections
45             -h, --help                 Display this help screen
46             -d, --delay <time>         Wait between read/writes
47             -o, --output <filename>    Dump session data to a file
48             -x, --hex-dump <filename>  Dump session data as hex to a file
49             -i, --idle-timeout <time>  Idle read/write timeout
50             -p, --source-port port     Specify source port to use
51             -s, --source addr          Specify source address to use (doesn't affect -l)
52             -l, --listen               Bind and listen for incoming connections
53             -k, --keep-open            Accept multiple connections in listen mode
54             -n, --nodns                Do not resolve hostnames via DNS
55             -t, --telnet               Answer Telnet negotiations
56             -u, --udp                  Use UDP instead of default TCP
57                 --sctp                 Use SCTP instead of default TCP
58             -v, --verbose              Set verbosity level (can be used several times)
59             -w, --wait <time>          Connect timeout
60             -z                         Zero-I/O mode, report connection status only
61                 --append-output        Append rather than clobber specified output files
62                 --send-only            Only send data, ignoring received; quit on EOF
63                 --recv-only            Only receive data, never send anything
64                 --no-shutdown          Continue half-duplex when receiving EOF on stdin
65                 --allow                Allow only given hosts to connect to Ncat
66                 --allowfile            A file of hosts allowed to connect to Ncat
67                 --deny                 Deny given hosts from connecting to Ncat
68                 --denyfile             A file of hosts denied from connecting to Ncat
69                 --broker               Enable Ncat's connection brokering mode
70                 --chat                 Start a simple Ncat chat server
71                 --proxy <addr[:port]>  Specify address of host to proxy through
72                 --proxy-type <type>    Specify proxy type ("http", "socks4", "socks5")
73                 --proxy-auth <auth>    Authenticate with HTTP or SOCKS proxy server
74                 --proxy-dns <type>     Specify where to resolve proxy destination
75                 --ssl                  Connect or listen with SSL
76                 --ssl-cert             Specify SSL certificate file (PEM) for listening
77                 --ssl-key              Specify SSL private key (PEM) for listening
78                 --ssl-verify           Verify trust and domain name of certificates
79                 --ssl-trustfile        PEM file containing trusted SSL certificates
80                 --ssl-ciphers          Cipherlist containing SSL ciphers to use
81                 --ssl-alpn             ALPN protocol list to use.
82                 --version              Display Ncat's version information and exit
83
84           See the ncat(1) manpage for full options, descriptions and usage examples
85
86

CONNECT MODE AND LISTEN MODE

88       Ncat operates in one of two primary modes: connect mode and listen
89       mode. Other modes, such as the HTTP proxy server, act as special cases
90       of these two. In connect mode, Ncat works as a client. In listen mode
91       it is a server.
92
93       In connect mode, the hostname and port arguments tell what to connect
94       to.  hostname is required, and may be a hostname or IP address. If port
95       is supplied, it must be a decimal port number. If omitted, it defaults
96       to 31337.
97
98       In listen mode, hostname and port control the address the server will
99       bind to. Both arguments are optional in listen mode. If hostname is
100       omitted, it defaults to listening on all available addresses over IPv4
101       and IPv6. If port is omitted, it defaults to 31337.
102

PROTOCOL OPTIONS

104       -4 (IPv4 only)
105           Force the use of IPv4 only.
106
107       -6 (IPv6 only)
108           Force the use of IPv6 only.
109
110       -U, --unixsock (Use Unix domain sockets)
111           Use Unix domain sockets rather than network sockets. This option
112           may be used on its own for stream sockets, or combined with --udp
113           for datagram sockets. A description of -U mode is in the section
114           called “UNIX DOMAIN SOCKETS”.
115
116       -u, --udp (Use UDP)
117           Use UDP for the connection (the default is TCP).
118
119       --sctp (Use SCTP)
120           Use SCTP for the connection (the default is TCP). SCTP support is
121           implemented in TCP-compatible mode.
122
123       --vsock (Use AF_VSOCK sockets)
124           Use AF_VSOCK sockets rather than the default TCP sockets (Linux
125           only). This option may be used on its own for stream sockets or
126           combined with --udp for datagram sockets. A description of --vsock
127           mode is in the section called “AF_VSOCK SOCKETS”.
128

CONNECT MODE OPTIONS

130       -g hop1[,hop2,...] (Loose source routing)
131           Sets hops for IPv4 loose source routing. You can use -g once with a
132           comma-separated list of hops, use -g multiple times with single
133           hops to build the list, or combine the two. Hops can be given as IP
134           addresses or hostnames.
135
136       -G ptr (Set source routing pointer)
137           Sets the IPv4 source route “pointer” for use with -g. The argument
138           must be a multiple of 4 and no more than 28. Not all operating
139           systems support setting this pointer to anything other than four.
140
141       -p port, --source-port port (Specify source port)
142           Set the port number for Ncat to bind to.
143
144       -s host, --source host (Specify source address)
145           Set the address for Ncat to bind to.
146

LISTEN MODE OPTIONS

148       See the section called “ACCESS CONTROL OPTIONS” for information on
149       limiting the hosts that may connect to the listening Ncat process.
150
151       -l, --listen (Listen for connections)
152           Listen for connections rather than connecting to a remote machine
153
154       -m numconns, --max-conns numconns (Specify maximum number of
155       connections)
156           The maximum number of simultaneous connections accepted by an Ncat
157           instance. 100 is the default (60 on Windows).
158
159       -k, --keep-open (Accept multiple connections)
160           Normally a listening server accepts only one connection and then
161           quits when the connection is closed. This option makes it accept
162           multiple simultaneous connections and wait for more connections
163           after they have all been closed. It must be combined with --listen.
164           In this mode there is no way for Ncat to know when its network
165           input is finished, so it will keep running until interrupted. This
166           also means that it will never close its output stream, so any
167           program reading from Ncat and looking for end-of-file will also
168           hang.
169
170       --broker (Connection brokering)
171           Allow multiple parties to connect to a centralised Ncat server and
172           communicate with each other. Ncat can broker communication between
173           systems that are behind a NAT or otherwise unable to directly
174           connect. This option is used in conjunction with --listen, which
175           causes the --listen port to have broker mode enabled.
176
177       --chat (Ad-hoc “chat server”)
178           The --chat option enables chat mode, intended for the exchange of
179           text between several users. In chat mode, connection brokering is
180           turned on. Ncat prefixes each message received with an ID before
181           relaying it to the other connections. The ID is unique for each
182           connected client. This helps distinguish who sent what.
183           Additionally, non-printing characters such as control characters
184           are escaped to keep them from doing damage to a terminal.
185

SSL OPTIONS

187       --ssl (Use SSL)
188           In connect mode, this option transparently negotiates an SSL
189           session with an SSL server to securely encrypt the connection. This
190           is particularly handy for talking to SSL enabled HTTP servers, etc.
191
192           In server mode, this option listens for incoming SSL connections,
193           rather than plain untunneled traffic.
194
195           In UDP connect mode, this option enables Datagram TLS (DTLS). This
196           is not supported in server mode.
197
198       --ssl-verify (Verify server certificates)
199           In client mode, --ssl-verify is like --ssl except that it also
200           requires verification of the server certificate. Ncat comes with a
201           default set of trusted certificates in the file ca-bundle.crt.
202           Some operating systems provide a default list of trusted
203           certificates; these will also be used if available. Use
204           --ssl-trustfile to give a custom list. Use -v one or more times to
205           get details about verification failures.  Ncat does not check for
206           revoked certificates.
207
208           This option has no effect in server mode.
209
210       --ssl-cert certfile.pem (Specify SSL certificate)
211           This option gives the location of a PEM-encoded certificate files
212           used to authenticate the server (in listen mode) or the client (in
213           connect mode). Use it in combination with --ssl-key.
214
215       --ssl-key keyfile.pem (Specify SSL private key)
216           This option gives the location of the PEM-encoded private key file
217           that goes with the certificate named with --ssl-cert.
218
219       --ssl-trustfile cert.pem (List trusted certificates)
220           This option sets a list of certificates that are trusted for
221           purposes of certificate verification. It has no effect unless
222           combined with --ssl-verify. The argument to this option is the name
223           of a PEM file containing trusted certificates. Typically, the file
224           will contain certificates of certification authorities, though it
225           may also contain server certificates directly. When this option is
226           used, Ncat does not use its default certificates.
227
228       --ssl-ciphers cipherlist (Specify SSL ciphersuites)
229           This option sets the list of ciphersuites that Ncat will use when
230           connecting to servers or when accepting SSL connections from
231           clients. The syntax is described in the OpenSSL ciphers(1) man
232           page, and defaults to
233           ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!MD5:@STRENGTH
234
235       --ssl-alpn ALPN list (Specify ALPN protocol list)
236           This option allows you to specify a comma-separated list of
237           protocols to send via the Application-Layer Protocol Negotiation
238           (ALPN) TLS extension. Not supported by all versions of OpenSSL.
239

PROXY OPTIONS

241       --proxy host[:port] (Specify proxy address)
242           Requests proxying through host:port, using the protocol specified
243           by --proxy-type.
244
245           If no port is specified, the proxy protocol's well-known port is
246           used (1080 for SOCKS and 3128 for HTTP). When specifying an IPv6
247           HTTP proxy server using the IP address rather than the hostname,
248           the square-bracket notation (for example [2001:db8::1]:8080) MUST
249           be used to separate the port from the IPv6 address. If the proxy
250           requires authentication, use --proxy-auth.
251
252       --proxy-type proto (Specify proxy protocol)
253           In connect mode, this option requests the protocol proto to connect
254           through the proxy host specified by --proxy. In listen mode, this
255           option has Ncat act as a proxy server using the specified protocol.
256
257           The currently available protocols in connect mode are http
258           (CONNECT), socks4 (SOCKSv4), and socks5 (SOCKSv5). The only server
259           currently supported is http. If this option is not used, the
260           default protocol is http.
261
262       --proxy-auth user[:pass] (Specify proxy credentials)
263           In connect mode, gives the credentials that will be used to connect
264           to the proxy server. In listen mode, gives the credentials that
265           will be required of connecting clients. For use with --proxy-type
266           http or --proxy-type socks5, the form should be username:password.
267           For --proxy-type socks4, it should be a username only.
268
269       --proxy-dns type (Specify where to resolve proxy destination)
270           In connect mode, it provides control over whether proxy destination
271           hostnames are resolved by the remote proxy server or locally, by
272           Ncat itself. Possible values for type are:
273
274           local - Hostnames are resolved locally on the Ncat host. Ncat exits
275           with error if the hostname cannot be resolved.
276
277           remote - Hostnames are passed directly onto the remote proxy
278           server. This is the default behavior.
279
280           both - Hostname resolution is first attempted on the Ncat host.
281           Unresolvable hostnames are passed onto the remote proxy server.
282
283           none - Hostname resolution is completely disabled. Only a literal
284           IPv4 or IPv6 address can be used as the proxy destination.
285
286           Local hostname resolution generally respects IP version specified
287           with options -4 or -6, except for SOCKS4, which is incompatible
288           with IPv6.
289

COMMAND EXECUTION OPTIONS

291       -e command, --exec command (Execute command)
292           Execute the specified command after a connection has been
293           established. The command must be specified as a full pathname. All
294           input from the remote client will be sent to the application and
295           responses sent back to the remote client over the socket, thus
296           making your command-line application interactive over a socket.
297           Combined with --keep-open, Ncat will handle multiple simultaneous
298           connections to your specified port/application like inetd. Ncat
299           will only accept a maximum, definable, number of simultaneous
300           connections controlled by the -m option. By default this is set to
301           100 (60 on Windows).
302
303       -c command, --sh-exec command (Execute command via sh)
304           Same as -e, except it tries to execute the command via /bin/sh.
305           This means you don't have to specify the full path for the command,
306           and shell facilities like environment variables are available.
307
308       --lua-exec file (Execute a .lua script)
309           Runs the specified file as a Lua script after a connection has been
310           established, using a built-in interpreter. Both the script's
311           standard input and the standard output are redirected to the
312           connection data streams.
313
314       All exec options add the following variables to the child's
315       environment:
316
317       NCAT_REMOTE_ADDR, NCAT_REMOTE_PORT
318           The IP address and port number of the remote host. In connect mode,
319           it's the target's address; in listen mode, it's the client's
320           address.
321
322       NCAT_LOCAL_ADDR, NCAT_LOCAL_PORT
323           The IP address and port number of the local end of the connection.
324
325       NCAT_PROTO
326           The protocol in use: one of TCP, UDP, and SCTP.
327

ACCESS CONTROL OPTIONS

329       --allow host[,host,...] (Allow connections)
330           The list of hosts specified will be the only hosts allowed to
331           connect to the Ncat process. All other connection attempts will be
332           disconnected. In case of a conflict between --allow and --deny,
333           --allow takes precedence. Host specifications follow the same
334           syntax used by Nmap.
335
336       --allowfile file (Allow connections from file)
337           This has the same functionality as --allow, except that the allowed
338           hosts are provided in a new-line delimited allow file, rather than
339           directly on the command line.
340
341       --deny host[,host,...] (Deny connections)
342           Issue Ncat with a list of hosts that will not be allowed to connect
343           to the listening Ncat process. Specified hosts will have their
344           session silently terminated if they try to connect. In case of a
345           conflict between --allow and --deny, --allow takes precedence. Host
346           specifications follow the same syntax used by Nmap.
347
348       --denyfile file (Deny connections from file)
349           This is the same functionality as --deny, except that excluded
350           hosts are provided in a new-line delimited deny file, rather than
351           directly on the command line.
352

TIMING OPTIONS

354       These options accept a time parameter. This is specified in seconds by
355       default, though you can append ms, s, m, or h to the value to specify
356       milliseconds, seconds, minutes, or hours.
357
358       -d time, --delay time (Specify line delay)
359           Set the delay interval for lines sent. This effectively limits the
360           number of lines that Ncat will send in the specified period. This
361           may be useful for low-bandwidth sites, or have other uses such as
362           coping with annoying iptables --limit options.
363
364       -i time, --idle-timeout time (Specify idle timeout)
365           Set a fixed timeout for idle connections. If the idle timeout is
366           reached, the connection is terminated.
367
368       -w time, --wait time (Specify connect timeout)
369           Set a fixed timeout for connection attempts.
370

OUTPUT OPTIONS

372       -o file, --output file (Save session data)
373           Dump session data to a file
374
375       -x file, --hex-dump file (Save session data in hex)
376           Dump session data in hex to a file.
377
378       --append-output (Append output)
379           Issue Ncat with --append-ouput along with -o and/or -x and it will
380           append the resulted output rather than truncating the specified
381           output files.
382
383       -v, --verbose (Be verbose)
384           Issue Ncat with -v and it will be verbose and display all kinds of
385           useful connection based information. Use more than once (-vv,
386           -vvv...) for greater verbosity.
387

MISC OPTIONS

389       -C, --crlf (Use CRLF as EOL)
390           This option tells Ncat to convert LF line endings to CRLF when
391           taking input from standard input.  This is useful for talking to
392           some stringent servers directly from a terminal in one of the many
393           common plain-text protocols that use CRLF for end-of-line.
394
395       -h, --help (Help screen)
396           Displays a short help screen with common options and parameters,
397           and then exits.
398
399       --recv-only (Only receive data)
400           If this option is passed, Ncat will only receive data and will not
401           try to send anything.
402
403       --send-only (Only send data)
404           If this option is passed, then Ncat will only send data and will
405           ignore anything received. This option also causes Ncat to close the
406           network connection and terminate after EOF is received on standard
407           input.
408
409       --no-shutdown (Do not shutdown into half-duplex mode)
410           If this option is passed, Ncat will not invoke shutdown on a socket
411           after seeing EOF on stdin. This is provided for
412           backward-compatibility with OpenBSD netcat, which exhibits this
413           behavior when executed with its '-d' option.
414
415       -n, --nodns (Do not resolve hostnames)
416           Completely disable hostname resolution across all Ncat options,
417           such as the destination, source address, source routing hops, and
418           the proxy. All addresses must be specified numerically. (Note that
419           resolution of proxy destinations is controlled separately via
420           option --proxy-dns.)
421
422       -t, --telnet (Answer Telnet negotiations)
423           Handle DO/DONT WILL/WONT Telnet negotiations. This makes it
424           possible to script Telnet sessions with Ncat.
425
426       --version (Display version)
427           Displays the Ncat version number and exits.
428

UNIX DOMAIN SOCKETS

430       The -U option (same as --unixsock) causes Ncat to use Unix domain
431       sockets rather than network sockets. Unix domain sockets exist as an
432       entry in the filesystem. You must give the name of a socket to connect
433       to or to listen on. For example, to make a connection,
434
435       ncat -U ~/unixsock
436
437       To listen on a socket:
438
439       ncat -l -U ~/unixsock
440
441       Listen mode will create the socket if it doesn't exist. The socket will
442       continue to exist after the program ends.
443
444       Both stream and datagram domain sockets are supported. Use -U on its
445       own for stream sockets, or combine it with --udp for datagram sockets.
446       Datagram sockets require a source socket to connect from. By default, a
447       source socket with a random filename will be created as needed, and
448       deleted when the program ends. Use the --source with a path to use a
449       source socket with a specific name.
450

AF_VSOCK SOCKETS

452       The --vsock option causes Ncat to use AF_VSOCK sockets rather than
453       network sockets. A CID must be given instead of a hostname or IP
454       address. For example, to make a connection to the host,
455
456       ncat --vsock 2 1234
457
458       To listen on a socket:
459
460       ncat -l --vsock 1234
461
462       Both stream and datagram domain sockets are supported, but socket type
463       availability depends on the hypervisor. Use --vsock on its own for
464       stream sockets, or combine it with --udp for datagram sockets.
465

EXAMPLES

467       Connect to example.org on TCP port 8080.
468           ncat example.org 8080
469
470       Listen for connections on TCP port 8080.
471           ncat -l 8080
472
473       Redirect TCP port 8080 on the local machine to host on port 80.
474           ncat --sh-exec "ncat example.org 80" -l 8080 --keep-open
475
476       Bind to TCP port 8081 and attach /bin/bash for the world to access
477       freely.
478           ncat --exec "/bin/bash" -l 8081 --keep-open
479
480       Bind a shell to TCP port 8081, limit access to hosts on a local
481       network, and limit the maximum number of simultaneous connections to 3.
482           ncat --exec "/bin/bash" --max-conns 3 --allow 192.168.0.0/24 -l
483           8081 --keep-open
484
485       Connect to smtphost:25 through a SOCKS4 server on port 1080.
486           ncat --proxy socks4host --proxy-type socks4 --proxy-auth joe
487           smtphost 25
488
489       Connect to smtphost:25 through a SOCKS5 server on port 1080.
490           ncat --proxy socks5host --proxy-type socks5 --proxy-auth joe:secret
491           smtphost 25
492
493       Create an HTTP proxy server on localhost port 8888.
494           ncat -l --proxy-type http localhost 8888
495
496       Send a file over TCP port 9899 from host2 (client) to host1 (server).
497           HOST1$ ncat -l 9899 > outputfile
498
499           HOST2$ ncat HOST1 9899 < inputfile
500
501       Transfer in the other direction, turning Ncat into a “one file” server.
502           HOST1$ ncat -l 9899 < inputfile
503
504           HOST2$ ncat HOST1 9899 > outputfile
505

EXIT CODE

507       The exit code reflects whether a connection was made and completed
508       successfully. 0 means there was no error. 1 means there was a network
509       error of some kind, for example “Connection refused” or “Connection
510       reset”. 2 is reserved for all other errors, like an invalid option or a
511       nonexistent file.
512

BUGS

514       Like its authors, Ncat isn't perfect. But you can help make it better
515       by sending bug reports or even writing patches. If Ncat doesn't behave
516       the way you expect, first upgrade to the latest version available from
517       https://nmap.org. If the problem persists, do some research to
518       determine whether it has already been discovered and addressed. Try
519       Googling the error message or browsing the nmap-dev archives at
520       http://seclists.org/.
521
522       Read this full manual page as well. If nothing comes of this, mail a
523       bug report to <dev@nmap.org>. Please include everything you have
524       learned about the problem, as well as what version of Ncat you are
525       running and what operating system version it is running on. Problem
526       reports and Ncat usage questions sent to dev@nmap.org are far more
527       likely to be answered than those sent to Fyodor directly.
528
529       Code patches to fix bugs are even better than bug reports. Basic
530       instructions for creating patch files with your changes are available
531       at https://svn.nmap.org/nmap/HACKING. Patches may be sent to nmap-dev
532       (recommended) or to Fyodor directly.
533

AUTHORS

535       ·   Chris Gibson <chris@linuxops.net>
536
537       ·   Kris Katterjohn <katterjohn@gmail.com>
538
539       ·   Mixter <mixter@gmail.com>
540
541       ·   Fyodor <fyodor@nmap.org> (http://insecure.org)
542
543       The original Netcat was written by *Hobbit* <hobbit@avian.org>. While
544       Ncat isn't built on any code from the “traditional” Netcat (or any
545       other implementation), Ncat is most definitely based on Netcat in
546       spirit and functionality.
547
549   Ncat Copyright and Licensing
550       Ncat is (C) 2005–2018 Insecure.Com LLC. It is distributed as free and
551       open source software under the same license terms as our Nmap software.
552       Precise terms and further details are available from
553       https://nmap.org/man/man-legal.html.
554
555   Creative Commons License for this Ncat Guide
556       This Ncat Reference Guide is (C) 2005–2018 Insecure.Com LLC. It is
557       hereby placed under version 3.0 of the Creative Commons Attribution
558       License[1]. This allows you redistribute and modify the work as you
559       desire, as long as you credit the original source. Alternatively, you
560       may choose to treat this document as falling under the same license as
561       Ncap itself (discussed previously).
562
563   Source Code Availability and Community Contributions
564       Source is provided to this software because we believe users have a
565       right to know exactly what a program is going to do before they run it.
566       This also allows you to audit the software for security holes (none
567       have been found so far).
568
569       Source code also allows you to port Nmap (which includes Ncat) to new
570       platforms, fix bugs, and add new features. You are highly encouraged to
571       send your changes to <dev@nmap.org> for possible incorporation into the
572       main distribution. By sending these changes to Fyodor or one of the
573       Insecure.Org development mailing lists, it is assumed that you are
574       offering the Nmap Project (Insecure.Com LLC) the unlimited,
575       non-exclusive right to reuse, modify, and relicense the code. Nmap will
576       always be available open source, but this is important because the
577       inability to relicense code has caused devastating problems for other
578       Free Software projects (such as KDE and NASM). We also occasionally
579       relicense the code to third parties as discussed in the Nmap man page.
580       If you wish to specify special license conditions of your
581       contributions, just say so when you send them.
582
583   No Warranty
584       This program is distributed in the hope that it will be useful, but
585       WITHOUT ANY WARRANTY; without even the implied warranty of
586       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
587       General Public License v2.0 for more details at
588       http://www.gnu.org/licenses/gpl-2.0.html, or in the COPYING file
589       included with Nmap.
590
591   Inappropriate Usage
592       Ncat should never be installed with special privileges (e.g. suid
593       root).  That would open up a major security vulnerability as other
594       users on the system (or attackers) could use it for privilege
595       escalation.
596
597   Third-Party Software
598       This product includes software developed by the Apache Software
599       Foundation[2]. A modified version of the Libpcap portable packet
600       capture library[3] is distributed along with Ncat. The Windows version
601       of Ncat utilized the Libpcap-derived Npcap library[4] instead. Certain
602       raw networking functions use the Libdnet[5] networking library, which
603       was written by Dug Song.  A modified version is distributed with Ncat.
604       Ncat can optionally link with the OpenSSL cryptography toolkit[6] for
605       SSL version detection support. All of the third-party software
606       described in this paragraph is freely redistributable under BSD-style
607       software licenses.
608

NOTES

610        1. Creative Commons Attribution License
611           http://creativecommons.org/licenses/by/3.0/
612
613        2. Apache Software Foundation
614           http://www.apache.org
615
616        3. Libpcap portable packet capture library
617           http://www.tcpdump.org
618
619        4. Npcap library
620           https://npcap.org
621
622        5. Libdnet
623           http://libdnet.sourceforge.net
624
625        6. OpenSSL cryptography toolkit
626           http://www.openssl.org
627
628
629
630Ncat                              05/20/2019                           NCAT(1)
Impressum