Comparing version 0.0.0 to 1.0.0
16
index.js
@@ -1,15 +0,1 @@ | ||
; (function () { | ||
if (typeof exports === 'object') { | ||
module.exports = Factory(); // CommonJS | ||
} else if (typeof define === 'function' && define.amd) { | ||
define(Factory); // AMD | ||
} else { | ||
console.log('RegisterForm.js must be loaded within a AMD loader or node') | ||
} | ||
function Factory() { | ||
return {}; | ||
} | ||
})(); | ||
module.exports = require('./bin/nc') |
{ | ||
"name": "nc", | ||
"version": "0.0.0", | ||
"description": "Do not use this library in production.", | ||
"version": "1.0.0", | ||
"description": "Porting Netcat in Node.js", | ||
"main": "index.js", | ||
"preferGlobal": true, | ||
"bin": { | ||
"nc": "./bin/nc.js" | ||
}, | ||
"scripts": { | ||
"test": "mocha test.js" | ||
"test": "standard && nsp check" | ||
}, | ||
"engines": { | ||
"node": ">=6.0.0" | ||
}, | ||
"repository": { | ||
"type": "git", | ||
"url": "https://github.com/idleman/node-nc.git" | ||
"url": "git+https://github.com/roccomuso/nc.git" | ||
}, | ||
"keywords": [ | ||
"nc" | ||
"nc", | ||
"netcat", | ||
"tcp", | ||
"udp", | ||
"stream", | ||
"socket", | ||
"tool", | ||
"cli", | ||
"node", | ||
"porting", | ||
"pipe" | ||
], | ||
"author": "Rocco Musolino (roccomuso)", | ||
"license": "ISC", | ||
"bugs": { | ||
"url": "https://github.com/roccomuso/nc/issues" | ||
}, | ||
"homepage": "https://github.com/roccomuso/nc#readme", | ||
"devDependencies": { | ||
"mocha": "*" | ||
"nsp": "^2.6.3", | ||
"standard": "^10.0.2" | ||
}, | ||
"author": "Fredrik <evoozer@gmail.com>", | ||
"license": "BSD", | ||
"readmeFilename": "README.md", | ||
"gitHead": "9522a57aff12d6a9f72c633d0610e7f6d70d1377" | ||
"dependencies": { | ||
"debug": "^2.6.6", | ||
"netcat": "^1.2.7", | ||
"yargs": "^8.0.1" | ||
} | ||
} |
165
README.md
@@ -1,2 +0,163 @@ | ||
#Status: In development | ||
Do not use this library in production. | ||
# nc | ||
[![NPM Version](https://img.shields.io/npm/v/nc.svg)](https://www.npmjs.com/package/nc) | ||
![node](https://img.shields.io/node/v/nc.svg) | ||
[![Dependency Status](https://david-dm.org/roccomuso/nc.png)](https://david-dm.org/roccomuso/nc) | ||
[![JavaScript Style Guide](https://img.shields.io/badge/code_style-standard-brightgreen.svg)](https://standardjs.com) | ||
Porting Netcat in Node.js. CLI util. :computer: | ||
To embed it in your Node.js app use the [netcat](https://github.com/roccomuso/netcat) package instead. This is meant to be used as a standalone tool, but it's not fully equal to the original implementation of netcat. | ||
| Linux | Mac OS | Windows | | ||
|-------|--------|---------| | ||
| :white_check_mark: | :white_check_mark: | :white_check_mark: | | ||
## What you can do | ||
- [x] TCP & UDP | ||
- [ ] Backdoor (Reverse Shell) | ||
- [x] Honeypot | ||
- [x] File transfer | ||
- [x] Port forwarding | ||
- [ ] Proxy | ||
- [x] Web Server & HTTP Client | ||
- [x] Port scanning | ||
## Install | ||
$ npm install -g nc | ||
## Usage | ||
$ nc -l -p port [- options] [hostname] [port] | ||
Available options: | ||
``` | ||
-c shell commands as `-e’; use /bin/sh to exec [dangerous!!] | ||
-e filename program to exec after connect [dangerous!!] | ||
-b allow broadcasts | ||
-h this cruft | ||
-i secs delay interval for lines sent, ports scanned | ||
-k set keepalive option on socket | ||
-l listen mode, for inbound connects | ||
-n numeric-only IP addresses, no DNS | ||
-o file hex dump of traffic | ||
-p port local port number | ||
-r randomize local and remote ports | ||
-s addr local source address | ||
-u UDP mode | ||
-U Listen or connect to a UNIX domain socket | ||
-v verbose | ||
-w secs timeout for connects and final net reads (client-side) | ||
-z zero-I/O mode [used for scanning] | ||
``` | ||
#### Server: Listen for inbound | ||
$ nc -l -p 2389 | ||
#### Client mode | ||
$ nc localhost 2389 | ||
Opening a raw connection to port `2389`. | ||
#### Transfer file | ||
| Server side | Client side | | ||
|---------------------|------------------------------------| | ||
| `nc -l 2389 > test` | <code>cat testfile | nc localhost 2389</code> | | ||
#### Timeout support | ||
$ nc -w 10 localhost 2389 | ||
Connection above would be terminated after 10 seconds. | ||
#### Force netcat server to stay up | ||
$ nc -kl 2389 | ||
In this way the server remains up even if the client got disconnected. | ||
#### Netcat execute | ||
A far more exciting thing to do is to get a quick shell going on a remote machine by using the `-l` or `listen` option and the `-e` or `execute` option. When a connection is made, Netcat executes the program of your choice and connects the `stdin` and `stdout` of the program to the network connection. | ||
$ nc -l -p 23 -e /bin/sh | ||
#### Retrieve a website Homepage | ||
Let's create a HTTP request file `get.txt` that contains the following line and then a blank | ||
line: | ||
``` | ||
GET / HTTP/1.0 | ||
``` | ||
To use Netcat to retrieve the home page of a web site use: | ||
$ nc -v www.website.com 80 < get.txt | ||
You will see Netcat make a connection to port 80, send the text contained in the file `get.txt`, and then output the web server's response to `stdout`. | ||
#### Configure netcat client to retry on disconnect | ||
In a normal scenario, if the nc client disconnect, it will not retry the connection. | ||
With the `--retry <secs>` or `-R <secs>` param, it will retry the connection after tot seconds. | ||
$ nc -R 5 localhost 2389 | ||
#### Unix socket file | ||
If you have docker, let's try to list our containers' images connecting to the docker unix socket file: | ||
```sh | ||
$ echo -e "GET /images/json HTTP/1.0\r\n" | nc -U /var/run/docker.sock | ||
``` | ||
PS. for this example root permissions are required: `sudo su`. | ||
#### Netcat as a Proxy | ||
```sh | ||
$ mkfifo /tmp/fifo | ||
$ nc -l -k -p 8080 </tmp/fifo | nc website.com 80 >/tmp/fifo | ||
``` | ||
#### Netcat as a simple port scanner | ||
$ nc -z 192.168.1.100 1-255 | ||
#### Dump hex traffic | ||
If you use the `-o` option you can dump all hex traffic. | ||
$ nc 127.0.0.1 4445 -o /tmp/log.txt | ||
#### UDP Protocol | ||
By default all the sockets that nc utility creates are TCP protocols but this utility also works with UDP protocol. To enable UDP protocol the -u flag is used. | ||
| Server side | Client side | | ||
|---------------------|------------------------------------| | ||
| `nc -u -l -p 2389` | `nc -u localhost 2389` | | ||
#### Send a UDP message | ||
$ echo 'message' | nc -w 1 -u 192.168.1.111 514 | ||
Pipe via UDP (-u) with a wait time (-w) of 1 second to `192.168.1.111` on port `514`. | ||
## DEBUG | ||
Debug matches the verbose mode. | ||
You can enable it with the `-v` param or the env var `DEBUG=nc`. This module uses the node implementation of [netcat](https://github.com/roccomuso/netcat) under the hood, to debug both use: `DEBUG=netcat:*,nc`. | ||
## Author | ||
Rocco Musolino ([@roccomuso](https://twitter.com/roccomuso)) |
Sorry, the diff of this file is not supported yet
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Mixed license
License(Experimental) Package contains multiple licenses.
Found 1 instance in 1 package
No bug tracker
MaintenancePackage does not have a linked bug tracker in package.json.
Found 1 instance in 1 package
No License Found
License(Experimental) License information could not be found
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
No website
QualityPackage does not have a website.
Found 1 instance in 1 package
12674
7
174
1
0
164
3
2
1
3
+ Addeddebug@^2.6.6
+ Addednetcat@^1.2.7
+ Addedyargs@^8.0.1
+ Addedansi-color@0.2.1(transitive)
+ Addedansi-regex@2.1.13.0.1(transitive)
+ Addedasync-each-series@1.1.0(transitive)
+ Addedcamelcase@4.1.0(transitive)
+ Addedcliui@3.2.0(transitive)
+ Addedcode-point-at@1.1.0(transitive)
+ Addedcross-spawn@5.1.0(transitive)
+ Addeddatagram-stream@1.1.1(transitive)
+ Addeddebug@2.6.94.3.4(transitive)
+ Addeddecamelize@1.2.0(transitive)
+ Addederror-ex@1.3.2(transitive)
+ Addedexeca@0.7.0(transitive)
+ Addedfind-up@2.1.0(transitive)
+ Addedfunction-bind@1.1.2(transitive)
+ Addedget-caller-file@1.0.3(transitive)
+ Addedget-stream@3.0.0(transitive)
+ Addedgraceful-fs@4.2.11(transitive)
+ Addedhasown@2.0.2(transitive)
+ Addedhexer@1.5.0(transitive)
+ Addedhosted-git-info@2.8.9(transitive)
+ Addedinherits@2.0.4(transitive)
+ Addedinvert-kv@1.0.0(transitive)
+ Addedis-arrayish@0.2.1(transitive)
+ Addedis-core-module@2.13.1(transitive)
+ Addedis-fullwidth-code-point@1.0.02.0.0(transitive)
+ Addedis-stream@1.1.0(transitive)
+ Addedisexe@2.0.0(transitive)
+ Addedlcid@1.0.0(transitive)
+ Addedload-json-file@2.0.0(transitive)
+ Addedlocate-path@2.0.0(transitive)
+ Addedlru-cache@4.1.5(transitive)
+ Addedmem@1.1.0(transitive)
+ Addedmimic-fn@1.2.0(transitive)
+ Addedminimist@1.2.8(transitive)
+ Addedms@2.0.02.1.2(transitive)
+ Addednanoid@2.1.11(transitive)
+ Addednetcat@1.5.0(transitive)
+ Addednormalize-package-data@2.5.0(transitive)
+ Addednpm-run-path@2.0.2(transitive)
+ Addednumber-is-nan@1.0.1(transitive)
+ Addedos-locale@2.1.0(transitive)
+ Addedp-finally@1.0.0(transitive)
+ Addedp-limit@1.3.0(transitive)
+ Addedp-locate@2.0.0(transitive)
+ Addedp-try@1.0.0(transitive)
+ Addedparse-json@2.2.0(transitive)
+ Addedpath-exists@3.0.0(transitive)
+ Addedpath-key@2.0.1(transitive)
+ Addedpath-parse@1.0.7(transitive)
+ Addedpath-type@2.0.0(transitive)
+ Addedpify@2.3.0(transitive)
+ Addedprocess@0.10.1(transitive)
+ Addedpseudomap@1.0.2(transitive)
+ Addedread-pkg@2.0.0(transitive)
+ Addedread-pkg-up@2.0.0(transitive)
+ Addedreadable-stream@3.6.2(transitive)
+ Addedrequire-directory@2.1.1(transitive)
+ Addedrequire-main-filename@1.0.1(transitive)
+ Addedresolve@1.22.8(transitive)
+ Addedsafe-buffer@5.2.1(transitive)
+ Addedsemver@5.7.2(transitive)
+ Addedset-blocking@2.0.0(transitive)
+ Addedshebang-command@1.2.0(transitive)
+ Addedshebang-regex@1.0.0(transitive)
+ Addedsignal-exit@3.0.7(transitive)
+ Addedspdx-correct@3.2.0(transitive)
+ Addedspdx-exceptions@2.5.0(transitive)
+ Addedspdx-expression-parse@3.0.1(transitive)
+ Addedspdx-license-ids@3.0.17(transitive)
+ Addedstring-width@1.0.22.1.1(transitive)
+ Addedstring_decoder@1.3.0(transitive)
+ Addedstrip-ansi@3.0.14.0.0(transitive)
+ Addedstrip-bom@3.0.0(transitive)
+ Addedstrip-eof@1.0.0(transitive)
+ Addedsupports-preserve-symlinks-flag@1.0.0(transitive)
+ Addedthrough2@3.0.2(transitive)
+ Addedutil-deprecate@1.0.2(transitive)
+ Addedvalidate-npm-package-license@3.0.4(transitive)
+ Addedwhich@1.3.1(transitive)
+ Addedwhich-module@2.0.1(transitive)
+ Addedwrap-ansi@2.1.0(transitive)
+ Addedxtend@4.0.2(transitive)
+ Addedy18n@3.2.2(transitive)
+ Addedyallist@2.1.2(transitive)
+ Addedyargs@8.0.2(transitive)
+ Addedyargs-parser@7.0.0(transitive)