WinSCP
WinSCP is an open-source free SFTP client, FTP client, WebDAV client, S3 client, and SCP client, as well as a file manager, designed for Microsoft Windows.[1] Its primary function is to enable secure file transfers between a local computer and remote servers using protocols including FTP, FTPS, SCP, SFTP, WebDAV, and Amazon S3, while also supporting scripting and basic file management operations such as synchronization and editing.[1] Development of WinSCP began in March 2000 at the University of Economics in Prague, initiated by Jan Havlicek with primary development led by Martin Přikryl.[2] The first version, WinSCP 1.0, was released in late 2000 and initially supported only the SCP protocol over SSH-1, with interfaces available in English and Czech.[2] Key milestones include the addition of SFTP support in version 3.0 (June 2003), FTP in 4.0 (April 2007), full Unicode compatibility in 5.0, WebDAV in 5.6, Amazon S3 in 5.12, and a two-panel local file manager in 6.0.[2] The project remains actively maintained, with the latest stable release being version 6.5.4 as of November 2025, incorporating enhancements like improved security via OpenSSL updates and multilingual support.[3] WinSCP is distributed under the GNU General Public License (GPL) version 3 or later, making it free software that users can use, redistribute, and modify.[4] It offers dual user interfaces—a Commander-style dual-pane view for advanced users and an Explorer-style single-pane view for simplicity—and integrates features like integrated text editors, archive handling, and automation scripting for enhanced productivity in file operations.[1]Introduction
Overview
WinSCP is a free, open-source file manager and client for Windows operating systems, supporting SFTP, SCP, FTP, WebDAV, and Amazon S3 protocols to enable secure file transfers between local and remote systems.[1] Its primary purpose is to facilitate efficient remote file management, allowing users to upload, download, and manipulate files across networks with a focus on security and ease of use.[5] The latest stable release is version 6.5.4 as of November 2025.[6] The application provides a dual-pane interface for simultaneous browsing of local and remote directories, inspired by the classic Norton Commander design, which promotes intuitive navigation through side-by-side views.[7] Key capabilities include drag-and-drop file transfers integrated with Windows, a built-in text editor for direct file modification, and support for essential operations such as synchronization to mirror directories, renaming, and deletion.[1] These features make WinSCP a versatile tool for both novice and advanced users handling file operations in secure environments.[5]Licensing and Platform Support
WinSCP is distributed under the terms of the GNU General Public License (GPL) version 3 or any later version, as published by the Free Software Foundation, which permits free use, redistribution, and modification of the software for both personal and commercial purposes without any licensing fees.[4] This open-source licensing model ensures that the complete source code is publicly available, enabling users and developers to inspect, contribute to, or adapt the application while adhering to the GPL's copyleft requirements for derivative works.[4] The license explicitly disclaims any warranty, emphasizing that WinSCP is provided "as is" without guarantees of merchantability or fitness for a particular purpose.[4] The software is accessible through multiple official distribution channels to facilitate easy acquisition and community involvement. Users can download the latest releases directly from the WinSCP website at winscp.net, which hosts installers, portable executables, and release notes.[6] Additional mirrors include SourceForge for binary downloads and the GitHub repository, where the source code is hosted for browsing, forking, and submitting contributions via pull requests. For streamlined deployment on modern systems, WinSCP is also available via the Microsoft Store for a one-time fee of $9.99, allowing one-click installation and automatic updates.[8] WinSCP is natively developed for Microsoft Windows platforms, with compatibility spanning Windows 7 SP1 and later, up to Windows 11 and Windows Server 2025, though it is optimized and regularly tested on the latter for best performance and security.[9] A dedicated portable version eliminates the need for traditional installation, allowing the application to run directly from a folder, USB drive, or network location while storing configuration in an INI file to maintain portability across machines.[10] Official support is limited to Windows, with no native builds for macOS or Linux; however, the portable edition can operate on these systems through the Wine compatibility layer, though users may encounter interface or functionality limitations depending on the Wine version.[11][12] Installation flexibility enhances WinSCP's accessibility, offering a setup wizard-based installer for full system integration, including optional associations with file types and shell extensions.[13] The portable executable provides a no-install alternative for temporary or restricted environments, and during setup, users can enable integration with Windows Explorer, adding context menu options for quick access to SFTP, FTP, and other transfers directly from file dialogs.[14] An MSI package is also provided for enterprise deployment via group policies or scripting.[6]Development History
Origins and Early Development
WinSCP's development originated in March 2000 as a personal project led by Martin Přikryl, a software developer at the University of Economics in Prague. The initiative stemmed from repeated requests by Přikryl's colleague, Jan Havlicek, who required a secure, graphical file transfer tool for Windows to replace the insecure FTP clients commonly used for remote operations. Přikryl, who initially lacked a personal need for such software, ultimately implemented it to fulfill this demand, marking WinSCP as one of the earliest GUI clients for SSH-based transfers on the Microsoft Windows platform.[2] The project's first public release, version 1.0, arrived in late 2000, accompanied by the launch of its initial website in October of that year. This early iteration was limited in scope, supporting only the SCP protocol over SSH-1 connections, and provided a straightforward dual-pane interface for basic file copying and directory navigation between local and remote systems. No advanced features, such as scripting capabilities or support for additional protocols like SFTP or WebDAV, were included at this stage.[2] Development in the early 2000s encountered significant hurdles, primarily due to the absence of native SSH protocol support in Windows, which compelled Přikryl to integrate the source code from the PuTTY SSH client library for core functionality. The initial version's architecture was later critiqued by the developer as "terribly designed," resulting in a full redesign for subsequent releases, while the emphasis remained on essential secure file transfers without elaborate graphical enhancements.[2][15]Major Releases and Updates
WinSCP's development has seen several milestone releases that introduced key protocol support and interface improvements. Version 2.0, released in October 2001, was a complete rewrite of the application, adding support for SSH-2 and public key authentication while introducing an Explorer-like graphical interface.[2] Version 3.0, released in June 2003, marked the addition of SFTP protocol support as an alternative to SCP, which gradually became the primary transfer method.[2] FTP support arrived later with version 4.0 in 2007, expanding compatibility with non-SSH servers.[2] WebDAV integration was introduced in version 5.6 in 2014, enabling secure file management over HTTP-based protocols.[16] Version 5.0, released in August 2011, transformed WinSCP into a fully Unicode-compatible application, supporting remote sites in unlimited languages and featuring a redesigned graphical user interface for better usability.[2] This release also enhanced file synchronization capabilities, including improved preview options and checklist dialogs for reviewing changes before execution.[17] Amazon S3 support was added in version 5.12 in December 2017, allowing direct interaction with cloud storage via REST interfaces for authentication and file operations.[2] Version 6.0, released in early 2023, incorporated a two-panel local file manager and updated graphics, further streamlining dual-pane workflows.[2] As of November 2025, the latest stable release is version 6.5.4 (October 16, 2025), which includes upgrades to OpenSSL 3.3.5 for enhanced TLS/SSL security and Expat 2.7.3 for improved XML parsing.[3] Recent updates in the 6.x series have focused on bug fixes for Windows 11 compatibility, such as resolving high-DPI display issues and ensuring seamless integration with modern shell extensions.[3] These releases also address compatibility with contemporary SSH servers through regular security patches. The project's development approach has evolved from solo efforts by creator Martin Přikryl, starting in 2000, to incorporating open-source contributions via GitHub since 2014, fostering community-driven improvements while maintaining a focus on stability.[2][18] Notable incompatible changes include the deprecation of SSL 3.0 in version 6.2 and the default disabling of TLS 1.0 and 1.1 to align with OpenSSL 3.x security standards in post-2020 releases, requiring users to enable legacy protocols manually if needed for older servers.[19]Core Functionality
Supported Protocols
WinSCP integrates several file transfer protocols to facilitate secure and efficient data exchange between local systems and remote servers. These protocols enable a range of operations, from basic file copying to advanced management tasks, with built-in support for encryption where applicable.[20] SFTP (SSH File Transfer Protocol) serves as the primary secure protocol in WinSCP, operating over an SSH connection to provide encrypted file access, transfers, and management functionalities, including directory listings and permission handling. It supports SFTP protocol versions 3 through 6, with the default configuration attempting version 6 for well-known servers and falling back to version 3 for others to ensure compatibility. Users can configure SFTP-specific options, such as path canonicalization to resolve symbolic links and fallback to SCP if SFTP initialization fails, typically using the default port 22.[21][22] SCP (Secure Copy Protocol) offers a simpler secure file copying mechanism over SSH, suitable for batch transfers of individual files or directories, though it lacks native support for recursive directory operations in its basic form and does not allow resuming interrupted transfers. As a legacy protocol, it is widely available on Unix-like systems but less feature-rich than SFTP, making it ideal for straightforward, secure copies without the need for extensive file management. Configuration mirrors SFTP, defaulting to port 22, with options to adjust shell environments for compatibility.[23][24] FTP (File Transfer Protocol) and its secure variant FTPS provide legacy support for unencrypted or SSL/TLS-encrypted transfers, accommodating active and passive connection modes to navigate firewalls and proxy configurations. FTPS encrypts both control and data channels, protecting credentials and content, while plain FTP remains available for non-secure environments; both support resuming transfers and are configured with the default port 21. Proxy settings, such as SOCKS or HTTP, can be specified for FTP/FTPS sessions to route connections appropriately.[25] WebDAV (Web-based Distributed Authoring and Versioning) enables HTTP-based file management, allowing renaming and moving of files over standard web infrastructure, with HTTPS support for encryption to secure transmissions. It operates on port 443 by default and integrates seamlessly for accessing web-hosted storage, though it does not support transfer resuming or text-mode transfers.[20][26] Amazon S3 integration allows direct access to cloud storage buckets using the S3 REST API, supporting file uploads, downloads, and basic management, including access control list (ACL) handling for permissions on objects. Connections use port 443 with authentication via access keys, enabling compatibility with S3-compatible services like Google Cloud Storage for broader cloud interoperability.[27][28] Protocol selection occurs through WinSCP's site manager, where users save connection profiles specifying the desired protocol along with tailored settings, such as port numbers (e.g., 22 for SFTP/SCP, 21 for FTP/FTPS) and authentication details, to streamline repeated access.[29][30]User Interface and File Operations
WinSCP provides two primary graphical user interfaces: the Commander interface and the Explorer interface, allowing users to choose based on their workflow preferences.[31] The Commander interface features a dual-pane layout inspired by Norton Commander, with the left panel displaying the local file system and the right panel showing the remote directory for side-by-side browsing and efficient file management.[7] This design emphasizes keyboard-driven navigation, including shortcuts like Tab to switch panels and F5 for file copying (upload or download depending on the active panel).[7] In contrast, the Explorer interface uses a single-pane view focused on the remote directory, mimicking the Windows File Explorer for familiarity, and supports seamless integration with the desktop via drag-and-drop operations.[32] Users can select the interface during installation or change it later through preferences, with customizable toolbars, command lines, and themes including light, dark, and automatic modes that adapt to Windows settings.[33] File operations in WinSCP are designed for intuitive handling of transfers and management tasks. Drag-and-drop functionality enables quick movement of files between local and remote panels or directly with Windows Explorer, supporting multi-file selection via Space or Insert keys in the Commander interface.[7] Transfers can be queued for background processing, with a default limit of two simultaneous operations to optimize server connections; users can adjust this in preferences and monitor progress in the queue list, which displays ongoing, waiting, and completed tasks.[34] For synchronization, the Commands > Synchronize option offers modes such as mirror (to make directories identical) or update (to transfer only newer files), configurable via a dialog for direction and options.[35] Search and filter functions allow locating files using masks in the Find Files dialog or panel filters, excluding or including specific types during operations.[36][37] Additional integrated tools enhance usability for common tasks. An internal text editor supports editing remote or local text files directly, with options to configure external editors for advanced needs.[38] Image files benefit from thumbnail views in file panels for quick previews, while binary formats like hex require external viewers.[5] Archive handling for formats such as ZIP and TAR is facilitated through built-in extensions, which execute remote commands to pack or unpack files during transfers.[39] Bookmarking includes stored sessions for frequent remote sites, savable via the Login dialog, and directory bookmarks added through Commands > Add Path to Bookmarks for rapid navigation.[40][41] Accessibility features ensure broad usability. WinSCP supports 47 languages, selectable in preferences to match the Windows system language or user preference.[42] High-DPI scaling is optimized for modern displays, with improved rendering for 125%, 150%, and higher factors in toolbar icons, menus, and dialogs since version 5.9.[43] The GUI can also be invoked from the command line using winscp.exe with parameters like session names to open specific connections directly.[44] Protocol connections, such as SFTP or FTP, are initiated through the Login dialog within either interface.[31]Advanced Features
Security Mechanisms
WinSCP incorporates robust security mechanisms to protect data in transit and authenticate connections, leveraging industry-standard protocols and cryptographic libraries. These features ensure secure file transfers across supported protocols like SFTP, SCP, FTPS, and WebDAV, mitigating risks such as eavesdropping, tampering, and unauthorized access.[1] For encryption, WinSCP primarily uses the SSH-2 protocol for SFTP and SCP transfers, supporting strong ciphers including AES-256-CTR, AES-256-CBC, AES-192-CTR, AES-192-CBC, AES-128-CTR, AES-128-CBC, ChaCha20-Poly1305, AES-256-GCM, and AES-128-GCM.[45] These ciphers encrypt data over SSH tunnels, with users able to customize preferences via advanced site settings to prioritize secure options.[46] For FTPS and WebDAV, WinSCP employs TLS/SSL encryption with support for TLS versions 1.2 and 1.3, utilizing cipher suites such as TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, and various AES-based suites in preference order.[47][48] Recent versions have upgraded the TLS/SSL core to OpenSSL 3.3.5, enhancing cryptographic strength and vulnerability resistance.[3] Authentication in WinSCP supports multiple methods to verify user identity securely. These include password-based authentication, public-key authentication using RSA or Ed25519 keys, keyboard-interactive authentication (such as for two-factor methods), and certificate-based authentication for TLS-enabled protocols like FTPS.[49][50] Public-key authentication can integrate with Pageant, the PuTTY authentication agent, allowing seamless key management without storing private keys in plain text.[51] GSSAPI authentication is also available for environments using Kerberos or similar systems.[49] Additional protections enhance session integrity and resilience. Host key verification is enforced by default to prevent man-in-the-middle (MITM) attacks, prompting users to confirm the server's host key fingerprint on first connection and caching it for future sessions.[52] Proxy support includes SOCKS4/5 and HTTP proxies with authentication, enabling secure routing through intermediaries. Users can disable weak algorithms, such as legacy ciphers or protocols, via configuration options to enforce stricter security policies.[46] Automatic session resumption is supported for interrupted TLS connections, reusing established sessions to maintain security without re-authentication where possible.[48] WinSCP adheres to modern security standards, disabling obsolete protocols like SSLv2 and SSLv3 entirely, as they are not supported.[48] TLS 1.0 and 1.1 are disabled by default due to known vulnerabilities, with enforcement of TLS 1.2 or higher in versions following major updates around 2018, such as the adoption of OpenSSL 1.1.1 series.[48][17] Weak ciphers are excluded from default preferences post-2018 releases, aligning with best practices for secure remote access.[45]Scripting and Automation
WinSCP provides a console interface for command-line operation, accessible viawinscp.com or by running winscp.exe /console, enabling non-interactive automation of file transfers and remote tasks.[53] This mode supports a set of commands that mirror core GUI functions, such as open to establish a session (e.g., open sftp://user:password@[example.com](/page/Example.com)/), get and put for downloading and uploading files (e.g., get /remote/file.txt C:\local\ or put C:\local\file.txt /remote/), synchronize for mirroring directories (e.g., synchronize local C:\local\ /remote/path/), and [exit](/page/Exit) to close the session and terminate the program.[53] Commands can be entered interactively or executed in batch mode using the /command switch, with support for piping input from other tools.[53]
The scripting interface uses plain text files, typically with a .txt extension, encoded in UTF-8 or UTF-16, where lines represent sequential commands and comments begin with #.[53] Variables are supported through environment variables (%NAME%), script arguments (%N% for the Nth argument), and built-in functions like %TIMESTAMP#format% for dynamic timestamps.[53] However, WinSCP's native scripting lacks full programming constructs such as loops or conditional statements (if); these must be implemented externally, for instance, by wrapping scripts in Windows batch files that check exit codes (0 for success, 1 for error) or using JScript/VBScript for basic control flow.[54] Error handling is facilitated through exit codes and optional XML logging (enabled via /xmllog=log.xml), which records operations in a parseable format for post-execution analysis.[54] Logging levels can be adjusted with /loglevel=1 for debug output.[53]
Automation is commonly achieved by invoking scripts with the /script=filename parameter, such as in a batch file: @echo off followed by winscp.com /ini=nul /log=myscript.log /script=myscript.txt.[55] These batch files can be scheduled using Windows Task Scheduler for recurring tasks like nightly file synchronization.[55] Remote command execution on the server is supported via the call command within scripts (e.g., call ls -la), allowing automation of server-side operations alongside transfers.[54] For more sophisticated workflows, integration with PowerShell leverages the WinSCP .NET assembly (winscpnet.dll), enabling object-oriented control in .NET environments, such as looping through file lists or conditional transfers based on file properties.[56] An example PowerShell script might use SessionOptions to open a session and Session.PutFiles for uploads, providing programmatic access beyond plain text commands.[57]
While effective for straightforward automation, WinSCP's scripting is not a complete programming language, limiting it to linear command sequences without native advanced logic.[54] Extensions are possible through the .NET assembly for integration with custom .NET applications or by embedding scripts in other interpreters like PHP or Perl via COM interfaces.[57] DLL-based plugins are not directly supported for core scripting, but the assembly serves as the primary mechanism for extensibility, with exit codes ensuring reliable integration in larger automation pipelines.[57]