Netbyte is a Netcat-style tool that facilitates probing proprietary TCP and UDP services. It is lightweight, fully interactive and provides formatted output in both hexadecimal and ASCII.
When testing proprietary or custom-written services on pentests, I’ve frequently been disappointed while trying to reverse engineer these protocols.
In the past, this has been done using netcat with wireshark and/or hexdump.
However, due to truncation issues with using hexdump (i.e.: nc domain.com 1234 | hexdump -C
)
and wireshark’s tedious process, I decided to create Netbyte as quick and easy alternative when opening unknown ports.
Clone the git:
git clone https://github.com/sc0tfree/netbyte.git
Enter the directory:
cd netbyte
Run setup.py script with 'install':
python setup.py install
$ netbyte example.com 12345
������!��'
FF FB 01 FF FB 03 FF FD 21(!) FF FD 27(')
Enter your user id:
0D 0A(\n)
0D 0A(\n)
45(E) 6E(n) 74(t) 65(e) 72(r) 20 79(y) 6F(o) 75(u) 72(r) 20 75(u) 73(s) 65(e) 72(r) 20 69(i) 64(d) 3A(:) 20 07
admin
user password:
61(a) 64(d) 6D(m) 69(i) 6E(n) 0D 0A(\n)
75(u) 73(s) 65(e) 72(r) 20 70(p) 61(a) 73(s) 73(s) 77(w) 6F(o) 72(r) 64(d) 3A(:) 20
admin
Invalid user or password
Connection closed
You can also pipe input into netbyte:
$ echo "GET /" | netbyte test.com 80
<html>
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>nginx/1.11.13</center>
</body>
</html>
3C(<) 68(h) 74(t) 6D(m) 6C(l) 3E(>) 0D 0A(\n)
3C(<) 68(h) 65(e) 61(a) 64(d) 3E(>) 3C(<) 74(t) 69(i) 74(t) 6C(l) 65(e) 3E(>) 33(3) 30(0) 32(2) 20 46(F) 6F(o) 75(u) 6E(n) 64(d) 3C(<) 2F(/) 74(t) 69(i) 74(t) 6C(l) 65(e) 3E(>) 3C(<) 2F(/) 68(h) 65(e) 61(a) 64(d) 3E(>) 0D 0A(\n)
3C(<) 62(b) 6F(o) 64(d) 79(y) 20 62(b) 67(g) 63(c) 6F(o) 6C(l) 6F(o) 72(r) 3D(=) 22 77(w) 68(h) 69(i) 74(t) 65(e) 22 3E(>) 0D 0A(\n)
3C(<) 63(c) 65(e) 6E(n) 74(t) 65(e) 72(r) 3E(>) 3C(<) 68(h) 31(1) 3E(>) 33(3) 30(0) 32(2) 20 46(F) 6F(o) 75(u) 6E(n) 64(d) 3C(<) 2F(/) 68(h) 31(1) 3E(>) 3C(<) 2F(/) 63(c) 65(e) 6E(n) 74(t) 65(e) 72(r) 3E(>) 0D 0A(\n)
3C(<) 68(h) 72(r) 3E(>) 3C(<) 63(c) 65(e) 6E(n) 74(t) 65(e) 72(r) 3E(>) 6E(n) 67(g) 69(i) 6E(n) 78(x) 2F(/) 31(1) 2E 31(1) 31(1) 2E 31(1) 33(3) 3C(<) 2F(/) 63(c) 65(e) 6E(n) 74(t) 65(e) 72(r) 3E(>) 0D 0A(\n)
3C(<) 2F(/) 62(b) 6F(o) 64(d) 79(y) 3E(>) 0D 0A(\n)
3C(<) 2F(/) 68(h) 74(t) 6D(m) 6C(l) 3E(>) 0D 0A(\n)
Connection closed
I have included a test server to better view the functionality of netbyte. The server has two tests:
- Echo Test - echo back a user entered string
- Hex Test - send a random hexadecimal string of user-specified size
To run the test server:
$ python testserver.py
In another terminal, connect to the test server using netbyte:
$ netbyte localhost 12345
To modify the color scheme, change the functions print_ascii
and print_hex
inside the netbyte package.
See the colorama page for color options.
Netbyte is under the MIT License.
Questions, comments and suggestions are always welcomed!
- Ability to enter input sent as hex
- Listen option to interact with custom-built clients
- Proper unit tests