| Field | Value | Copy |
|---|---|---|
| {{ row.label }} | {{ row.value }} |
Netcat is the catch-all name many admins and developers use for small socket tools that can connect to a host, wait for inbound traffic, or scan ports without needing a full client program. The idea is simple. The hard part is that nc, netcat, ncat, and BusyBox nc do not share one stable flag set, and shell syntax changes again when the same request moves between Bash, PowerShell, and Windows CMD.
This page turns that last mile into a repeatable build step. You choose a connection role, transport, implementation profile, and shell, then the page assembles a finished command plus a Summary table and JSON state export. Presets cover common starting points such as TCP probes, UDP listeners, port scans, TLS sessions, proxy tunnels, HTTP banner checks, Redis PING tests, SMTP or LDAP STARTTLS attempts, DNS queries, telnet-style console sessions, and a few listener-oriented file or syslog patterns.
The result is most helpful when you already know the job but do not want to reconstruct the exact syntax from memory. A port sweep, a proxy-backed TLS probe, and a one-shot SMTP STARTTLS check can all look close enough at first glance. They stop looking interchangeable once the selected build drops a flag, the shell needs different quoting, or a preset turns on one-way traffic behavior that no longer matches the task.
The page builds text in the browser and does not open the socket or run the finished command for you. That still leaves privacy and safety work on your side. Current field values are mirrored into the page URL, and copied or downloaded artifacts can carry hostnames, proxy credentials, certificate paths, or execution strings. Use placeholders until the command is ready for an authorized test, especially when a preset includes listeners or command execution.
The generator uses a fixed compatibility map rather than trying to detect the exact binary on your machine. It starts with the selected implementation name, validates the role-specific fields, adds the core socket flags, then layers on optional features such as TLS, proxy routing, execution, logging, one-way data flow, and raw extra arguments. Only after that does it render the final token list for Bash or Zsh, PowerShell, or CMD.
The assembly order matters because some choices are structural and others are only safe if earlier choices succeeded. A client or scan needs a target host. A listener needs a valid bind port. Proxy routing needs a host and port of its own. Execution mode needs an actual command string. Receive only and Send only cannot both stay enabled. When any of those conditions fail, the page withholds the command instead of pretending the request was still coherent.
Formatting is a separate pass. Bash or Zsh uses single-quote escaping and can break long commands across lines with backslashes. PowerShell uses single quotes with doubled apostrophes and backtick continuations. Windows CMD is forced to one line. When a path starts with ~/, the renderer rewrites it to $HOME for Unix-like shells, resolves it through Resolve-Path for PowerShell, and maps it to %USERPROFILE% for CMD. Short flags are merged only when you explicitly keep short-form output and the adjacent switches do not need values.
The result views reflect the same underlying state from different angles. Command shows the literal shell text. Summary turns the command back into fields such as implementation, mode, target, timeout, TLS state, proxy route, logging target, data direction, and emitted flags. JSON carries both raw inputs and derived values, then the page can export a script, CSV summary, DOCX summary, or JSON snapshot. Text entered in Extra flags is appended without token-by-token validation, so it deserves a manual read before you paste it into a terminal.
Upstream manuals are not perfectly aligned across releases or vendors. Current OpenBSD documentation includes TLS-related options, and BusyBox builds can expose switches that this page does not model. The compatibility profiles here are deliberately narrower and more predictable than the full ecosystem. When the exact local binary matters, treat the generated line as a draft and compare it against the local manual page or help output before running it.
| Profile | What the page models well | What the page leaves out or warns about | Paste-time check |
|---|---|---|---|
OpenBSD nc |
Classic connect or listen flows, UDP or TCP, IPv6, keep-open listeners, proxy routing, quit-after-EOF, send delay, shell execution, and -N shutdown behavior. |
This page does not expose TLS, proxy auth, idle timeout, max connection limits, or one-way data flags in this profile. It also treats file logging differently from current upstream OpenBSD manuals. | Good for terse classic syntax, but confirm the local man page when you depend on less common flags. |
Traditional netcat |
Client or listener commands, UDP, zero-I/O scans, numeric-only mode, send delay, quit-after-EOF, program execution, and the older proxy syntax used in this page. | No TLS, no proxy authentication, no idle timeout, no max connection caps, and no one-way direction flags here. | Use it when you need older netcat-style syntax and can live without the newer session controls. |
Nmap ncat |
Long or short flags, TLS, certificate verification toggles, client cert and key paths, proxy auth, idle timeout, max connections, one-way data flow, raw output logging, and both shell and program execution. | Quit-after-EOF and send-delay behaviors are not modeled the same way as the classic profiles. Extra protocol upgrades such as STARTTLS are passed through as raw extra flags. | Pick this profile whenever the request depends on TLS, proxy credentials, or detailed session shaping. |
BusyBox nc |
Compact client or listener commands, UDP, keep-open listeners, program execution, numeric-only mode, zero-I/O scans, and simple delay handling in the page's conservative model. | No TLS, no proxy routing, no proxy auth, no file logging, and no one-way direction controls in this profile here, even though some BusyBox builds document additional switches. | Use it only when small-system compatibility matters more than features, then compare with the target device's help text. |
| Condition | Page behavior | What it means in practice |
|---|---|---|
| Blank target host in client or scan mode | Raises an error and suppresses the command. | The page will not guess where an outbound connection or scan should go. |
| Invalid target, listen, scan, or proxy ports | Raises an error. | All socket endpoints must stay in the 1 to 65535 range, and scan end ports must not be lower than start ports. |
| Negative timeout, delay, idle timeout, or max connections | Raises an error. | The generator treats those timing and count controls as numeric boundaries, not arbitrary text. |
| Execution mode enabled without a command string | Raises an error. | Command execution is never inferred from the preset alone. |
Both Receive only and Send only enabled |
Raises an error. | The page treats those as mutually exclusive one-way modes. |
Long-form flags requested outside ncat |
Builds the command and adds a warning. | The generator falls back to short flags where needed instead of inventing unsupported long names. |
| TLS, proxy auth, idle timeout, max connections, logging, or direction controls unsupported by the selected profile | Builds the command, skips the unsupported flag, and explains the downgrade in warnings. | A warning is not cosmetic here. It means the generated command no longer matches the original request fully. |
Raw text in Extra flags |
Appends the text as-is. | Useful for advanced flags such as STARTTLS, but you own the accuracy and shell safety of that tail segment. |
Choose Implementation and Shell before you fine-tune anything else. Those two selectors change the command more than most of the individual toggles do. A profile switch can remove a whole feature family such as TLS or proxy authentication, while a shell switch changes quoting, path rendering, and whether the final output can be split across lines.
Presets save time because they encode realistic combinations, not just one or two fields. They also deserve review because several of them set direction or execution behavior that may not fit your exact use case. The fastest quality check is the Summary tab, not the finished command string. It is much easier to notice a leftover listener address, output file, proxy route, or one-way mode when each item sits on its own row.
ncat when the job needs TLS, proxy credentials, idle timeout, max connection limits, or explicit --recv-only or --send-only behavior.OpenBSD nc or traditional netcat when the target machine is likely to have older, shorter syntax and the job is a straightforward connect, listen, or scan flow.BusyBox nc when you are aiming at small appliances or embedded systems and want the page to stay conservative about feature assumptions.Custom binary for wrappers such as sudo -E ncat or another exact executable prefix. The page will keep that prefix at the front of the generated line.Extra flags until the end. They bypass the main compatibility checks and are easiest to audit once the rest of the command already looks right.Warnings are not decoration. They often mean a flag you asked for never made it into the emitted command. If a feature is mandatory, a warning should be treated as a stop sign until you switch profile, clear the conflicting option, or compare with the real binary on the destination host.
Custom, then immediately set Shell and Implementation. That locks in quoting style and the compatibility rules the page will use.Connect to remote, Listen, or Port scan, then fill only the endpoint fields that match that role. Outbound modes need a target host. Listener mode needs a bind port. Scan mode needs a valid range.Use UDP, Force IPv6, Verbose output, Zero I/O probe, Numeric only, Timeout, Quit after EOF, and any source address or port override.Advanced before you continue.Errors first and Warnings second. Errors mean the page could not build a usable command at all. Warnings mean it did build one, but some requested behavior was dropped, narrowed, or converted.Command when you need the runnable line, Summary when you want the fastest audit of what the line actually does, and JSON plus exports when you need structured handoff material for notes, tickets, or runbooks.The summary badges at the top answer the first three questions quickly: which shell syntax the page used, which compatibility profile it followed, and whether the request is acting like a client, listener, or scan over TCP or UDP. The host and port badges are useful because they reveal the resolved endpoint even after you have changed presets several times.
The three result views answer different review questions. Command asks, "What exact text will the shell see?" Summary asks, "What did the generator decide this command means?" JSON asks, "What were the raw inputs and what derived flags, metrics, warnings, and errors came out of them?" For most users, the Summary view is the fastest trust check before copying.
Target row is empty in an outbound mode, or the Listener row looks wrong in a server mode, stop there before reading the rest of the command.TLS, Proxy, Logging, or Data direction does not say what you expected, assume the final command also differs from the request you had in mind.Flags row does not include a switch you expected, trust that row over memory. It reflects what the page actually emitted after compatibility checks and warning handling.Extra args row is populated, remember that tail text was appended raw and may not be portable across shells or netcat builds.A preview without warnings means the page produced a self-consistent command under its own rules. It does not prove that the local binary matches the chosen profile perfectly or that the network path is safe or authorized. Those final checks still belong in the actual environment where you plan to run the command.
Start from Proxy tunnel client, keep Implementation on ncat, and point the target at an internal HTTPS service such as intranet.internal on port 443. Fill Proxy host and Proxy port, then keep certificate verification enabled unless you are working in a lab with known test certificates. The Summary rows should show a client connection over TCP, TLS enabled, and a proxy route through the host and port you entered.
This is a good pattern for validating reachability through a corporate proxy without hand-assembling --proxy, --proxy-type, and TLS flags. If proxy auth is required, staying on ncat matters because the other profiles in this page do not emit proxy credentials.
Use Port scan sweep, leave the target on scanme.nmap.org, and keep the range at 20 to 25. With short flags and Combine short flags enabled, the page will compress adjacent one-letter switches where it can, so the command stays compact while still reflecting zero-I/O scanning, numeric output, and the chosen timeout. The summary line becomes Scanning · TCP · scanme.nmap.org:20-25.
That output is useful for quick service reachability checks. It still does not prove the software behind an open port is healthy or that a closed-looking UDP service is really absent. A scan only answers the narrower question the selected flags can ask.
Choose SMTP STARTTLS client, keep ncat, and point the target at a mail host on port 587. The preset turns on TLS-related controls and also places --starttls smtp into Extra flags. Review that raw tail text before copying, because the page appends it without re-parsing it. The Summary table should still show the higher-level result you care about: client mode, TCP transport, TLS enabled, and the selected timeout or idle timeout.
This example shows where the page helps most: it combines the predictable parts of the command with the protocol-specific flag that you still need to keep under your own review. It is faster than composing the whole line from scratch, but it still rewards a final read before execution.
No. It assembles command text and export views only. The network connection happens only if you later run the generated line in your own shell.
Choose ncat. In this page, TLS, certificate verification toggles, client cert and key paths, proxy auth, idle timeout, max connections, and --recv-only or --send-only are all modeled only in the Nmap profile.
A warning means the page could build a syntactically valid command, but it had to drop or change some requested behavior because the chosen compatibility profile does not expose that flag in this model.
nc support a flag this page warns about, or miss one the page emitted?Netcat variants drift across operating systems, package maintainers, and releases. The page follows a fixed compatibility map so its warnings stay predictable. If the exact target binary matters, compare the generated command with the local manual page or help output before use.
In the current preset set, the file receiver and syslog listener examples enable both Receive only and Send only, which the page correctly treats as contradictory. Clear one of those toggles in Advanced and the command will generate again.
Treat them as sensitive. The page mirrors current fields into the URL and can export the same values in copied or downloaded artifacts. Placeholders are safer until the very last run-ready copy step.