pwncat v0.1 releases: Netcat on steroids with Firewall/IPS evasion, bind/reverse shell
pwncat
Netcat on steroids with Firewall and IPS evasion, bind and reverse shell, local and remote port-forward.
Motivation
Ever accidentally hit Ctrl+c on your reverse shell and it was gone for good? Ever waited forever for your client to connect back to you, because the Firewall didn’t let it out? Ever had a connection loss because an IPS closed suspicious ports? Ever were in need of port-forwarding, but you didn’t have SSH access?
This one got you covered.
Apart from that the current features of nc, ncat or socat just didn’t feed my needs and I also wanted to have a single tool that works on older and newer machines (hence Python 2+3 compat). Most importantly I wanted to have it in a language that I can understand and provide my own features with. (Wait for it, binary releases for Linux, MacOS, and Windows will come shortly).
⭐ Features
pwncat has many features, below is only a list of outstanding characteristics.
| Feature | Description |
|---|---|
| Bind shell | Create bind shells |
| Reverse shell | Create reverse shells |
| Proxy | Local and remote port forwards without SSH |
| Ctrl+c protect | A reverse shell can reconnect if you accidentally hit Ctrl+c |
| Detect Egress | Scan and report open egress ports on the target |
| Evade FW | Evade egress firewalls by round-robin outgoing ports |
| Evade IPS | Evade Intrusion Prevention Systems by being able to round-robin outgoing ports on connection interrupts |
| UDP rev shell | Try this with the traditional netcat |
| TCP / UDP | Full TCP and UDP support |
| Python 2+3 | Works with Python 2 and Python 3 |
| Cross OS | Should work on Linux, MacOS, and Windows as long as Python is available |
| Compatability | Use the traditional netcat as a client or server together with pwncat |
Changelog v0.1
Fixes
- Fixed UTF-8 char conversion for Python3
- Fixed calculation for socket bytes sent
- Fixed shutdown handling for port scanner
- Fixed false positives for port scanner
- Fixed sending binary data from stdin
- Fixed self-inject mode if remote sends greetings or prefixes: #83
- Fixed remote command to respawn if it crashes due to bad user input
Added
- Implemented signal handler to distribute shutdown signals across threads
- Feature:
--no-shutdownto copy the behaviour of OpenBSD netcat to keep stdin open after EOF - Feature:
--http - Feature:
send-on-eof - CI: Integration tests for inject shell
- CI: Integration tests for different file transfer modes
- Added artwork
Changed
- Changed behaviour to close after EOF on stdin (can be reverted via
--no-shutdown) - Added faster method to validate remote files in CNC mode
