noisecat 😼
The noise swiss army knife
noisecat 😼 is a featured networking utility which reads and writes data across network connections, using the Noise Protocol Framework (and TCP/IP).
Download and build
Just git clone
it, make
it and you'll have noisecat
binaries for macOS, Linux, FreeBSD, and Windows.
Usage
This is how noisecat -h
looks like:
Usage: noisecat [options] [address] [port]
Options:
-e command
executes the given command
-k accepts multiple connections (-l && (-e || -proxy) required)
-keygen
generates "-proto" appropriate keypair and prints it to stdout
-l listens for incoming connections
-lstatic file
loads local keypair from file (use -keygen to generate)
-p port
uses source port (default "0")
-proto protocol name
sets protocol name (default "Noise_NN_25519_AESGCM_SHA256")
-proxy address:port
forwards packets to address:port (-l required)
-psk pre-shared key
uses pre-shared key in handshake
-rstatic static key
defines remote static key (32 bytes, base64)
-s address
uses source address
-v prints verbose output
Protocol name format: Noise_PT_DH_CP_HS
Where:
PT: Handshake pattern
DH: Diffie-Hellman handshake function
CP: Cipher function
HS: Hash function
e.g. Noise_NN_25519_AESGCM_SHA256
Available handshake patterns:
KK, KX, IX, NL, NX
XN, XX, KN, NN, XK
IN, IK
Available DH functions:
25519
Available Cipher functions:
ChaChaPoly, AESGCM
Available Hash functions:
BLAKE2s, BLAKE2b, SHA256, SHA512
The flags are similar to the traditional netcat. In short:
-l -p 31337
listens on port 31337/tcp
-e /bin/sh
executes /bin/sh (reverse shell anyone?)
The main difference is the Noise Protocol-related flags:
-proto
sets the Noise Protocol name that you want to use
-psk
sets a pre-shared key, known to both client and server, used to authenticate a handshake
-rstatic
specifies the remote peer static (public) key, used in "K"-type handshakes
-lstatic
specifies the local file where to load static keys from
Other features are:
-proxy
allows to create a tunnel client -noise-> server -tcp-> final endpoint
-k
accepts multiple connections (like ncat)
-keygen
generates a pair of keys that, when saved to a file, can be used with the -lstatic
flag
Example
To bind a shell on port 4444/tcp (default protocol) and accept multiple clients:
$ noisecat -k -e /bin/sh -l -p 4444
To connect to that shell:
$ noisecat <ip> 4444
That's it!
TODO
- write some tests
- add Makefile
- add a static key validator helper function
- add new features (suggestions are welcome, pull requests too!)