Nmap/Ncat Portable

From SecWiki
Jump to: navigation, search

Building Ncat Portable for Windows

The step-by-step instructions in this section will guide you through the process of building a portable version of Ncat for the Microsoft Windows platform by means of static linking. The resulting binary, ncat.exe, can be run as a standalone executable, with no runtime dependencies, across all versions of Microsoft Windows starting from Windows XP to Windows 10.

Before you proceed with building a static version of Ncat, we strongly recommend building a normal, dynamic build of Ncat first, just to get the hang of it or spot building issues that might not pertain to building a static version. Details on how you can achieve that can be found at http://nmap.org/install/.

Now that you have successfully built Ncat with dynamic linking, let's proceed to building Ncat Portable for Windows.

Requirement Details

The requirements below include the tools and code needed to build both OpenSSL statically from source as well as Ncat. In some cases, such as with Perl, there are multiple alternative distributions and/ or versions of a tool available. In these instances, the specific distributions and/ or versions included below are simply recommendations. The available alternatives may work in place of the recommendations; however, you may encounter issues or minor diversions from the steps outlined here that are not covered.

Microsoft Visual Studio 2013

As of the time of this writing, Microsoft Visual Studio 2013 can still be obtained for free from the link below, but will require that you log in with either a Microsoft or GitHub account in order to proceed to the download page.

  1. Navigate to https://visualstudio.microsoft.com/vs/older-downloads/.
  2. Expand the section for "2013" under Still want an older version? and click "Download."
  3. Log in with either a Microsoft or GitHub account.
  4. Select and download one of the available editions/ versions of Visual Studio 2013 (Note: tested with Visual Studio Express 2013 for Windows Desktop with Update 5).

OpenSSL Source Code

The easiest way to obtain the sources for the latest releases of OpenSSL is to visit https://www.openssl.org/source/ and download the source code tarball for the desired OpenSSL version from the release table. The very latest sources for each version can be cloned or downloaded from the relevant branch on the official GitHub mirror of the OpenSSL git repository at this link https://github.com/openssl/openssl. As of the time of this writing, the current stable version of OpenSSL is the 1.1.1 series and the current master branch is OpenSSL 3.0, which is still in pre-release. It is worth noting that although, in testing, Ncat will build successfully against a static build of OpenSSL 3.0, this version is still in development and you may encounter unexpected issues. Use it at your own risk.

 Note: Tested with openssl-1.1.1j (recommended) and openssl-3.0.0-alpha11


Perl is needed to build OpenSSL. Strawberry Perl is recommended and is available from http://strawberryperl.com/. The Text::Template module, which is not part of the core Perl modules, is required to build OpenSSL. The Test::More module, which is also not part of the core Perl modules, is an optional requirement for running the tests. If you do not plan on running the tests on your OpenSSL build, this module is not needed. If you are using Strawberry Perl, you should be able to install any required modules from the command prompt using CPAN.

  • Install Text::Template (required):
cpan -i Text::Template
  • Install Test::More (optional):
cpan -i Text::More

Netwide Assembler (NASM)

The Netwide Assembler (NASM) is also needed to build OpenSSL. It is the only supported assembler and is available from https://www.nasm.us. After installing NASM on your machine, ensure that it is on your %PATH%.

Nmap Source Code

Download the Nmap source code tarball from https://nmap.org/download. If you would prefer to use the very latest code, it can be otained from the Nmap SVN source code repository. Instructions for obtaining Nmap from the Subversion (SVN) Repository are available at https://nmap.org/book/install.html#inst-svn.


Precompiled binaries of the dependencies for building Nmap on Windows are stored in Subversion, in the directory /nmap-mswin32-aux. The build files are configured to look for dependencies in this checked-out directory. Even though we will be replacing the contents of the /nmap-mswin32-aux/OpenSSL directory with the files from our static build of OpenSSL, maintaining this directory structure is the easiest way to avoid needing to reconfigure the Visual Studio project files to point to an alternate directory. This directory can be obtained from Subversion with the command svn checkout https://svn.nmap.org/nmap-mswin32-aux, which requires that you have a Subversion client installed on your machine. All versions of Microsoft Visual Studio except the Express edition include VisualSVN. If you are using the Express edition of Microsoft Visual Studio, an alternative SVN client is TortoiseSVN available from https://tortoisesvn.net/ and distributed under GPL.

Note: The /nmap-mswin32-aux directory and the directory containing the Nmap source code, whether extracted from a tarball or checked-out from SVN, must be placed in the same parent directory in order for the the Visual Studio project files to be able to find the dependencies contained in the /nmap-mswin32-aux directory at build time. In other words, the directory structure should look like the directory tree shown below.


Build OpenSSL Statically

Once you have downloaded and installed all of the tools required to build OpenSSL and retreived a copy of the OpenSSL source code, you are ready to build OpenSSL statically.

  1. If you are using a source code tarball of one of the official releases of OpenSSL, begin by extracting the source code from the archive to a working directory.
    • If you have opted to clone the OpenSSL GitHub repository, the directory that you cloned it to will be your working directory for the build.
  2. Create the directory C:\OpenSSL. This will be our installation directory.
  3. Prepare a command line environment to perform the build using one of the two methods below (see also https://docs.microsoft.com/cpp/build/building-on-the-command-line):
    1. Use Visual Studio Developer Command Prompt with administrative privileges.
      Start > Visual Studio 2013 > Visual Studio Tools > VS2013 x86 Native Tools Command Prompt (right-click > Run as adminstrator)
    2. OR start an elevated command prompt and run the vcvarsall.bat script.
      "C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\vcvarsall.bat" x86
  4. Verify that Perl and NASM are both on %PATH%:
    • If both of the commands below return a valid response, proceed to the next step. If either returns an error, add the offending tool(s) to the %PATH%.
    nasm --version
    perl --version
  5. Change directory to the directory where you extracted or cloned the OpenSSL source and execute the following commands:
    perl Configure --prefix=C:\OpenSSL enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method VC-WIN32 no-shared
    perl -pi -e "s|/debug|/NXCOMPAT /DYNAMICBASE /SAFESEH| if /^LDFLAGS/" makefile
    nmake -f makefile install_dev
  6. Assuming the build completes without issue, you should be prepared to move on to build Ncat statically.

Build Ncat Statically

  1. Begin by replacing the contents of the \nmap-mswin32-aux\OpenSSL directory with the contents of the C:\OpenSSL directory from the static build of OpenSSL you just completed.
  2. Within the directory containing your local copy of the OpenSSL source code, locate the \ms subdirectory. Within the \ms directory, locate and copy the file applink.c (i.e. C:\openssl-x.x.x\ms\applink.c) to the directory \nmap-mswin32-aux\OpenSSL\include\openssl.
  3. Within the directory containing your local copy of the Nmap source code, open the Nmap solution (i.e. nmap.sln) from the \mswin32 subdirectory (e.g. C:\Nmap\nmap\mswin32\nmap.sln) in Visual Studio 2013.
  4. Change the "Active solution configuration" to Ncat Static by following the steps below:
    1. Right-click on Solution nmap in the "Solution Explorer" and select "Configuration Manager."
    2. Click the dropdown under "Active solution configuration" and select Ncat Static.
      Note: Ensure that the nsock, nbase, and ncat projects all show "Static" as the selected configuration.
    3. Important: Set the liblua project to build by checking the box in the "Build" column for that project. It is not set to build by default but is needed to build Ncat statically.
    4. Close the "Configuration Manager."
  5. Change the liblua project runtime library for linking from "Multi-threaded DLL (/MD)" to "Multi-threaded (/MT)" by following the steps below:
    1. Right-click the liblua project in the "Solution Explorer" and select "Properties."
    2. Within the navigation pane of the liblua "Property Pages," navigate to "Configuration Properties" > "C/C++" > "Code Generation."
    3. Within the configuration pane of "Code Generation," click the dropdown next to "Runtime Library" and select "Multi-threaded (/MT)."
    4. Click "Apply" and then click "OK" to close the "Property Pages."
  6. Add the directory ..\liblua to the "Additional Include Directories" and crypt32.lib to the "Additional Dependencies" of the ncat project by following the steps below:
    1. Right-click the ncat project in the "Solution Explorer" and select "Properties."
    2. Within the navigation pane of the ncat "Property Pages," navigate to "Configuration Properties" > "C/C++" > "General."
    3. Within the configuration pane of "General," click the dropdown next to "Additional Include Directories" and select "<Edit...>."
    4. Within the "Additional Include Directories" editor, click the "New Line" icon or press Ctrl-Insert and add the directory path ..\liblua.
    5. Click "OK" to exit the "Additional Include Directories" editor.
    6. Once again within the navigation pane of the ncat "Property Pages," navigate to "Configuration Properties" > "Linker" > "Input."
    7. Within the configuration pane of "Input," click the dropdown next to "Additional Dependencies" and select "<Edit...>."
    8. Within the "Additional Dependencies" editor, add a new line by hitting the enter key and enter CRYPT32.LIB.
    9. Click "OK" to exit the "Additional Dependencies" editor and then hit "Apply" and "OK" to exit the ncat "Property Pages."
  7. Right-click the ncat project in the "Solution Explorer" and select "Set as StartUp Project."
  8. Right-click the ncat project in the "Solution Explorer" and select "Build." Alternatively you can press the F7 key to start building.

Ncat should now be compiling. Wait for the build process to complete and then, assuming the build completes without error, the Ncat Portable static binary ncat.exe should be located in the directory \ncat\Release within the directory containing your local copy of the Nmap source code.

If you're having trouble or questions regarding the steps outlined in this document, feel free to e-mail nmap-dev <at> insecure.org.

Known problem

If you found this error at compilation:

'openssl/applink.c': No such file or directory

or the resulting exe fails to open sockets:

ncat -l 8000

setsockopt: No error

You might try to use the exact 5.59BETA1 version of source code from this link: http://nmap.org/dist/nmap-5.59BETA1.tgz