| Field | Value | Copy |
|---|---|---|
| {{ row.label }} | {{ row.value }} |
Netcat command lines describe exactly how to open sockets, negotiate TCP or UDP sessions, and exchange data with a remote host. They capture the binary to call, the role you play (client, listener, or scanner), and the options that influence timeouts, verbosity, address families, and encryption.
Operators reach for these commands to verify ports before maintenance windows, stage lightweight listeners during incident response, pivot data between systems, or script keep-alive probes that confirm firewalls behave. The preset gallery now covers UDP payloads, reverse shell connectors, TLS listeners, and proxy tunnels so you can start from a realistic scenario and adjust as needed.
You specify the target host, port span, transport, execution handler, and TLS posture, then review the generated command before running it in the shell that matches your environment. A layout toggle swaps between single-line and multi-line output, and you can override the binary prefix when runbooks call for sudo or wrapper scripts. An Advanced drawer exposes knobs for send delays, idle timeouts, connection caps, proxy hops, stream logging, and data-direction toggles, so you can satisfy change tickets without memorising every flavour’s switches.
The workflow is deliberate. Pick the netcat flavour installed on your hosts, decide whether the session should dial out or sit in listen mode, and toggle zero-I/O scans when you want to test reachability without transferring payloads. Set idle cut-offs to prevent hung sockets, keep listeners alive with -k where supported, and reserve TLS for the Nmap build that understands those switches.
As a practical example, accepting inbound logs from an appliance can rely on an OpenBSD nc listener bound to a specific interface, running verbose mode so operators see connection attempts, and keeping the socket open between clients with -k. Port sweeps flip the mode to a zero-I/O scan, aim at a defensible range, and respect rate limits imposed by change control.
Be mindful of credentials and post-exploitation techniques. Injecting -e or shell execution flags can expose the host if reused casually, and unverified TLS should be limited to lab work. Confirm policies before binding to privileged ports or broadcasting listeners on shared segments.
Re-run the generator whenever requirements change. Swapping binaries, toggling IPv6 support, or altering the port list recalculates quoting and ordering so the exported command mirrors production reality.
The tool models the family of utilities commonly referred to as netcat: the OpenBSD nc, the traditional netcat, the BusyBox build, and Nmap’s ncat. Each variant exposes different flags, so the generator maps generic intents—listening, connecting, scanning, TLS, execution handlers—to the switches each binary understands and drops unsupported combinations with a warning.
Inputs define the socket role, transport (TCP or UDP), host binding, port span, numeric-only lookups, and execution hooks. The engine validates hostnames, coerces port numbers into the 1–65535 range, ensures scan ranges increase monotonically, and blocks negative values for timeouts or quit delays. Execution requires an explicit command string, and TLS options only survive when Nmap’s ncat is selected because it is the sole variant that honours --ssl, certificate, and verification flags.
Advanced controls extend the model: send delays become -i where classic nc supports pacing, idle timeouts map to --idle-timeout in ncat, listener caps rely on --max-conns, proxies route through -x/-X or --proxy/--proxy-type, logging writes via -o or --output, and direction toggles add --recv-only, --send-only, or -N when the flavour recognises them. Unsupported combinations are acknowledged with warnings so you know which requests were skipped.
Once inputs pass validation, the builder assembles ordered tokens. It records every flag for the summary, emits -l or -z as appropriate, and applies -k, -n, -6, -s, -p, and -w when the chosen implementation documents support. Shell-aware quoting routines format the output for Bash, PowerShell, or Windows CMD, and multi-line blocks use continuation characters where the shell allows them to keep long commands readable.
Derived summaries explain what will run: the resolved target or listening socket, whether TLS is engaged, the effect of timeouts and quit-after-EOF delays, and the number of flags applied. Warnings surface whenever a requested capability (such as TLS on traditional netcat or shell execution on OpenBSD nc) cannot be honoured, making it clear which switches were dropped.
| Field | Constraint | Error or Warning |
|---|---|---|
| Target host | Required for client and scan modes | Missing host stops command generation. |
| Target port / range | 1–65535, end ≥ start | Invalid ranges raise errors; out-of-order ports halt scans. |
| Listen port | 1–65535 | Port outside range prevents listener output. |
| Timeout / quit delay | Non-negative integers | Negative values trigger validation errors. |
| Send delay | ≥ 0 seconds (fractional allowed) | Negative values fail; unsupported flavours warn and skip -i. |
| Idle timeout | ≥ 0 seconds (ncat only) | Negative values fail; other builds warn and skip --idle-timeout. |
| Max connections | ≥ 0 (ncat listeners) | Negative values fail; non-listen modes warn that the limit is ignored. |
| Execution command | Required when execution enabled | Blank command forces you to disable execution first. |
| Proxy host / port | Host required, port 1–65535 | Missing host or out-of-range port stops proxy configuration; unsupported flavours warn. |
| Log file path | Optional string | Unsupported flavours warn and skip -o/--output. |
| Receive / send only | Mutually exclusive, ncat only | Enabling both fails; unsupported flavours warn and skip --recv-only/--send-only. |
| TLS options | Supported only on Nmap’s ncat |
Other builds emit warnings and drop TLS flags. |
The generated artefacts include a colourised command preview, a CSV-ready breakdown of every field, a DOCX export for documentation, and a JSON payload that mirrors the input and derived state for automation. All processing happens in the browser, so sensitive hostnames or execution handlers stay on the workstation.