Netcat has a number of pre-existing scripts that can allow it to act as a simple vulnerability scanner. It does this by connecting to the port to be tester, entering data to test a vulnerability and returning the result.
A number of the commonly available test scripts include those for:
- RPC (Remote Proceedure Calls) - both the *NIX (Port 111) and Windows (Port 135) versions
- FTP (proxy tests, PASV bugs etc)
- Password testing (along the lines of Brutus) - that is you can try a dictionary attack and test a systems passwords.
- Map and export a file system
- Test trust relationships (such as the "R" commands)
- SSL - yes tere is an SSL capable version of netcat and it can be used to test SSL links
- A Web and CGI scanner
- Many more ...
Reporting the results is another issue - but what the hell... you kinow that the vulnerability is there.
Then there is scripting again:
# `perl –e ’print “A”x1024’` nc -v
A little fuzzing never hurt... But then again.
This all goes to show who a simple command can be made into a truely powerful tool.