Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/skyf0l/ncenc
Netcat wrapper to encrypt network traffic with openssl.
https://github.com/skyf0l/ncenc
bash cryptography encryption nc netcat network network-encryption openssl pentest pentest-tool pentesting reverse-shell rsa
Last synced: about 1 month ago
JSON representation
Netcat wrapper to encrypt network traffic with openssl.
- Host: GitHub
- URL: https://github.com/skyf0l/ncenc
- Owner: skyf0l
- Created: 2022-07-21T17:37:46.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2022-07-21T21:06:31.000Z (over 2 years ago)
- Last Synced: 2024-04-24T03:17:02.237Z (7 months ago)
- Topics: bash, cryptography, encryption, nc, netcat, network, network-encryption, openssl, pentest, pentest-tool, pentesting, reverse-shell, rsa
- Language: Shell
- Homepage: https://raw.githubusercontent.com/skyf0l/NcEnc/main/ncenc.sh
- Size: 2.93 KB
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# NcEnc
Netcat wrapper to encrypt network traffic with openssl.
## What is NcEnc?
With netcat/nc, the data is sent over the network in clear text and anyone with too much permission can read it. NcEnc is a wrapper that will encrypt the traffic passing through the netcat tunnel. It doesn't need any package to install, only the default packages in linux: `nc`, `openssl` and `base64`.
## How to use NcEnc?
It's very simple. Just run `ncenc.sh` instead of `nc`.
```bash
# Start listening on port
$ ncenc.sh -vlp
# Connect to on port
$ ncenc.sh -v
```
You can also curl the script and run it directly.
```bash
# Start listening on port
$ (curl -sL https://raw.githubusercontent.com/skyf0l/NcEnc/main/ncenc.sh; cat) | sh -s -- -vlp
# Connect to on port
$ (curl -sL https://raw.githubusercontent.com/skyf0l/NcEnc/main/ncenc.sh; cat) | sh -s -- -v
```
## How encryptions works?
Basically, at start of NcEnc server and client, a RSA key is generated and sent to both sides. The server will use the public key of client to encrypt the data and use its private key to decrypt the data. And back again.
Messages are encrypted and sent over the network line by line. Currently, it is not possible to have a more interactive netcat because of RSA encryption times.
In terms of security, it is impossible for someone to decrypt the communications (e.g. with an MITM attack).
## Todo
- Store RSA keys in memory instead of files (for better privacy)
- Handle and exit on error (currently not handled due to pipe behavior)
- Exchange an AES key and encrypt/decrypt messages with it to speed up encryption (like the SSL protocol).