Open Source Security Tools for the Security Professional
Home Projects Mailing Lists General Contact Us

Get CryptCat

cryptcat = netcat + encryption

cryptcat = netcat + encryption

Cryptcat is the standard netcat enhanced with twofish encryption. netcat was origianally written by the l0pht (hobbit and weld pond).

The portion of the code written by farm9 is being released as Open Source.

Note that the L0pht has information on their copyrights covering netcat. See the 'hobbit.txt' file for that information.

Cryptcat is licensed under the the GNU General Public License, Version 2 or later in conformance with the original NetCat license.

Twofish is courtesy of counterpane, and cryptix. We started with the Java version of twofish from cryptix, converted it to C++ (don't ask why), and enhanced it by adding CBC mode and the ciphertext stealing technique from Applied Cryptography (pg. 196)


Cryptcat is licensed under the The GNU General Public License, Version 2 or later in conformance with the original NetCat license.

How do you use it?

Machine A: cryptcat -l -p 1234 < testfile
Machine B: cryptcat <machine A IP> 1234

This is identical to the normal netcat options for doing exactly the same thing. However, in this case the data transferred is encrypted.


The source code for cryptcat can be found on

Is it Really Secure?

Not if you know the secret key, which is hardcoded to be "metallica" (use the -k option to change this key)


There is a CERT vulnerability released on CryptCat for NT. The release comes with a precompiled binary which has a gaping security hole in the '-e' option.

CERT/CC Vulnerability Note VU#165099

The included binary is compiled with the compile time option "GAPING_SECURITY_HOLE" to allow the '-e' option to work.

This option is intended to allow CryptCat to be used as an encrypting tunnel for a spawn'd binary. Unfortunately, this does not work on NT! The pipe is opened, but I/O is not encrypted. There is no workaround.


Thanks for the contributions: linux 7.0 build fixes, tricky bug fixes, -k option, OpenBSD/FreeBSD compiles, directory friendly zips & tars, including MSVC++ makes.

Since release alot of people have been submitting changes (many times for the same thing). I've been doing my best to keep up, we are trying to get this up on sourceforge, but there seems to be some sort of "approval" process that makes it unclear if that will actually happen.

So, if you have submitted something, and its not here, let me know. If you've submitted a change, and its here with someone else's name, that just means someone else got the same change in before you.

If you have a change, drop a line to .

Copyright © 2005, Inc. - All Rights Reserved.
Last modified: January 01, 1970 00:00:00 UTC