Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

Nmap Network Scanning

Command Execution Options

-e <command>, --exec <command> (Execute command)

Execute the specified command after a connection has been established. The command must be specified as a full pathname. All input from the remote client will be sent to the application and responses sent back to the remote client over the socket, thus making your command-line application interactive over a socket. Combined with --keep-open, Ncat will handle multiple simultaneous connections to your specified port/application like inetd. Ncat will only accept a maximum, definable, number of simultaneous connections controlled by the -m option. By default this is set to 100 (60 on Windows).

-c <command>, --sh-exec <command> (Execute command via sh)

Same as -e, except it tries to execute the command via /bin/sh. This means you don't have to specify the full path for the command, and shell facilities like environment variables are available.

--lua-exec <file> (Execute a .lua script)

Runs the specified file as a Lua script after a connection has been established, using a built-in interpreter. Both the script's standard input and the standard output are redirected to the connection data streams.

All exec options add the following variables to the child's environment:

NCAT_REMOTE_ADDR, NCAT_REMOTE_PORT

The IP address and port number of the remote host. In connect mode, it's the target's address; in listen mode, it's the client's address.

NCAT_LOCAL_ADDR, NCAT_LOCAL_PORT

The IP address and port number of the local end of the connection.

NCAT_PROTO

The protocol in use: one of TCP, UDP, and SCTP.

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]