cryptcat

[l]isten on a specified [p]ort and print any data received

$ cryptcat -k [password] -l -p [port]

$ cryptcat -k [password] [ip_address] [port]

$ cryptcat -k [password] -w [timeout_in_seconds] [ip_address] [port]

$ cryptcat -v -z [ip_address] [port]

$ cryptcat -k [password] -l -p [local_port] | cryptcat -k [password] [hostname] [remote_port]

cryptcat [options] hostname port
cryptcat [options] -l -p port

-l
    Listen mode.
Instructs cryptcat to listen for an incoming connection rather than initiating one. This makes cryptcat act as a server.

-p <port>
    Port.
Specifies the local port to listen on when in listen mode (-l), or the remote port to connect to when acting as a client.

-k <key>
    Key/Passphrase.
Defines the shared secret key or passphrase used for Blowfish encryption. If this option is not provided, cryptcat will typically prompt the user to enter the key interactively.

-e <program>
    Execute program.
Executes the specified program after a connection is established. This is commonly used to spawn a shell (e.g., -e /bin/bash) or run a script on the remote end upon connection.

-u
    UDP mode.
Forces cryptcat to use UDP (User Datagram Protocol) for communication instead of the default TCP (Transmission Control Protocol).

-v
    Verbose output.
Enables verbose mode, causing cryptcat to print more informative messages about the connection process, errors, and status.

-n
    Numeric-only IP addresses.
Prevents DNS (Domain Name System) lookups for hostnames, forcing cryptcat to use only numeric IP addresses.

-w <timeout>
    Connection timeout.
Specifies a timeout in seconds for connection attempts and for idle connections. If no data is transferred within the timeout period, the connection may be closed.

-z
    Zero-I/O mode.
Performs a port scan without sending any data to the remote host once a connection is established. This is useful for quickly checking if specific ports are open and listening without initiating a full data transfer.

cryptcat is a network utility that extends the functionality of the widely-used netcat command by incorporating symmetric Blowfish encryption. It enables users to establish encrypted network connections for various purposes, such as secure data transfer, encrypted shell sessions, or protected port forwarding.

By requiring a shared passphrase between the communicating parties, cryptcat aims to provide a basic layer of confidentiality for transmitted data, protecting it from passive eavesdropping. It can operate in both client and server modes: as a server, it listens on a specified port, encrypting incoming connections; as a client, it connects to a remote host and port, encrypting outgoing data. While offering a straightforward method for simple encryption, cryptcat is generally considered outdated and insecure for robust protection due to known vulnerabilities in its Blowfish implementation and the absence of proper key exchange mechanisms. Historically, it found use in specific penetration testing scenarios for creating quick, obfuscated network tunnels.

While cryptcat provides a layer of encryption, its security is severely limited and it is not recommended for modern, sensitive communications.
The Blowfish implementation within cryptcat is known to have weaknesses, and there's no robust key exchange mechanism, making it highly susceptible to man-in-the-middle attacks if the shared key isn't securely pre-shared through an out-of-band method.
It offers no authentication beyond the shared key, meaning anyone with the correct key can connect.
For any serious security requirement, SSH or other modern, strong encryption protocols are vastly superior and should always be used instead.

Due to known vulnerabilities in its encryption implementation and the inherent weaknesses of a simple shared-key system without proper key exchange or authentication, cryptcat is not recommended for secure communications in production or sensitive environments. Users should always prefer modern, robust alternatives like SSH for encrypted data transfer and remote access.

cryptcat is essentially a modified version of netcat. It retains most of netcat's options and functionality for network connectivity (listening, connecting, port scanning, executing programs), but adds the encryption layer on top of the raw data stream. This means anything that can be done with netcat can generally be attempted with cryptcat, with the added (though limited) benefit of encryption. The command-line syntax and behavior are largely interchangeable with netcat, making it easy for users familiar with netcat to adopt cryptcat.

cryptcat emerged as a utility combining the versatile networking capabilities of netcat with a simple encryption layer using the Blowfish algorithm. It gained some popularity in the late 1990s and early 2000s, particularly within the information security and penetration testing communities, as a quick way to establish somewhat obfuscated or encrypted tunnels over networks. It filled a niche before the widespread adoption and standardization of more robust secure shell solutions like SSH. Its development was not as formal or continuously maintained as core system utilities, often appearing in various security toolkits and distributions as a specialized tool for specific scenarios.

netcat(1), ncat(1), socat(1), ssh(1)