Naabu is a port scanning device written in Go that permits you to enumerate legitimate ports for hosts in a quick and dependable method. It’s a actually easy device that does quick SYN/CONNECT scans on the host/record of hosts and lists all ports that return a reply.
- Quick And Easy SYN/CONNECT probe based mostly scanning
- Passive Port Enumeration utilizing Shodan Internetdb API
- Optimized for ease of use and light-weight on assets
- Computerized IP deduplication for port scan
- NMAP integration for service discovery
- A number of enter help – STDIN/HOST/IP/CIDR
- A number of output format help – JSON/TXT/STDOUT
It will show assist for the device. Listed below are all of the switches it helps.
Utilization:
./naabu [flags]INPUT:
-host string[] hosts to scan ports for (comma-separated)
-list, -l string record of hosts to scan ports (file)
-exclude-hosts, -eh string hosts to exclude from the scan (comma-separated)
-exclude-file, -ef string record of hosts to exclude from scan (file)
PORT:
-port, -p string ports to scan (80,443, 100-200
-top-ports, -tp string prime ports to scan (default 100)
-exclude-ports, -ep string ports to exclude from scan (comma-separated)
-ports-file, -pf string record of ports to exclude from scan (file)
-exclude-cdn, -ec skip full port scans for CDN's (solely checks for 80,443)
RATE-LIMIT:
-c int basic inner employee threads (default 25)
-rate int packets to ship per second (d efault 1000)
OUTPUT:
-o, -output string file to write down output to (non-obligatory)
-json write output in JSON traces format
-csv write output in csv format
CONFIGURATION:
-scan-all-ips, -sa scan all of the IP's related to DNS file
-scan-type, -s string sort of port scan (SYN/CONNECT) (default "s")
-source-ip string supply ip
-interface-list, -il record accessible interfaces and public ip
-interface, -i string community Interface to make use of for port scan
-nmap invoke nmap scan on targets (nmap should be put in) - Deprecated
-nmap-cli string nmap command to run on discovered outcomes (-nmap-cli 'nmap -sV')
-r string record of customized resolver dns decision (comma separated or from file)
-proxy string socks5 proxy
-resume resume scan utilizing resume.cfg
-stream stream mode (disab les resume, nmap, confirm, retries, shuffling, and many others)
-passive show passive open ports utilizing shodan internetdb api
OPTIMIZATION:
-retries int variety of retries for the port scan (default 3)
-timeout int millisecond to attend earlier than timing out (default 1000)
-warm-up-time int time in seconds between scan phases (default 2)
-ping ping probes for verification of host
-verify validate the ports once more with TCP verification
DEBUG:
-debug show debugging data
-verbose, -v show verbose output
-no-color, -nc disable colours in CLI output
-silent show solely leads to output
-version show model of naabu
-stats show stats of the operating scan
-si, -stats-interval int variety of seconds to attend between displaying a statistics u pdate (default 5)
Obtain the able to run binary / docker or set up with GO
Earlier than putting in naabu, ensure to put in libpcap
library:
sudo apt set up -y libpcap-dev
Putting in Naabu:
To run the device on a goal, simply use the next command.
naabu -host hackerone.com
It will run the device towards hackerone.com. There are a selection of configuration choices you can cross together with this command. The verbose swap -v
can be utilized to show verbose data.
naabu -host hackerone.com__
___ ___ ___ _/ / __ __
/ _ / _ / _ / _ / // /
/_//_/_,_/_,_/_.__/_,_/ v2.0.3
projectdiscovery.io
[WRN] Use with warning. You might be answerable for your actions
[WRN] Builders assume no legal responsibility and are usually not answerable for any misuse or injury.
[INF] Operating SYN scan with root privileges
[INF] Discovered 4 ports on host hackerone.com (104.16.100.52)
hackerone.com:80
hackerone.com:443
hackerone.com:8443
hackerone.com:8080
The ports to scan for on the host might be specified through -p
parameter. It takes nmap format ports and runs enumeration on them.
naabu -p 80,443,21-23 -host hackerone.com
By default, the Naabu checks for nmap’s High 100
ports. It helps following in-built port lists –
Flag | Description |
---|---|
-top-ports 100 |
Scan for nmap prime 100 port |
-top-ports 1000 |
Scan for nmap prime 1000 port |
-p - |
Scan for full ports from 1-65535 |
You can too specify particular ports which you wish to exclude from the scan.
naabu -p - -exclude-ports 80,443
To run the naabu on an inventory of hosts, -list
choice can be utilized.
You can too get output in json format utilizing -json
swap. This swap saves the output within the JSON traces format.
naabu -host 104.16.99.52 -json{"ip":"104.16.99.52","port":443}
{"ip":"104.16.99.52","port":80}
The ports found might be piped to different instruments too. For instance, you possibly can pipe the ports found by naabu to httpx which is able to then discover operating http servers on the host.
echo hackerone.com | naabu -silent | httpx -silenthttp://hackerone.com:8443
http://hackerone.com:443
http://hackerone.com:8080
http://hackerone.com:80
The velocity might be managed by altering the worth of price
flag that signify the variety of packets per second. Rising it whereas processing hosts might result in elevated false-positive charges. So it is suggested to maintain it to an affordable quantity.
Naabu helps config file as default positioned at $HOME/.config/naabu/config.yaml
, It permits you to outline any flag within the config file and set default values to incorporate for all scans.
We’ve got built-in nmap help for service discovery or any further scans supported by nmap on the discovered outcomes by Naabu, be sure you have nmap
put in to make use of this characteristic.
To make use of,nmap-cli
flag can be utilized adopted by nmap command, for instance:-
echo hackerone.com | naabu -nmap-cli 'nmap -sV -oX nmap-output'
__
___ ___ ___ _/ / __ __
/ _ / _ / _ / _ / // /
/_//_/_,_/_,_/_.__/_,_/ v2.0.0 projectdiscovery.io
[WRN] Use with warning. You might be answerable for your actions
[WRN] Builders assume no legal responsibility and are usually not answerable for any misuse or injury.
[INF] Operating TCP/ICMP/SYN scan with root privileges
[INF] Discovered 4 ports on host hackerone.com (104.16.99.52)
hackerone.com:443
hackerone.com:80
hackerone.com:8443
hackerone.com:8080
[INF] Operating nmap command: nmap -sV -p 80,8443,8080,443 104.16.99.52
Beginning Nmap 7.01 ( https://nmap.org ) at 2020-09-23 05:02 UTC
Nmap scan report for 104.16.99.52
Host is up (0.0021s latency).
PORT STATE SERVICE VERSION
80/tcp open http cloudflare
443/tcp open ssl/ht tps cloudflare
8080/tcp open http-proxy cloudflare
8443/tcp open ssl/https-alt cloudflare
Naabu additionally helps excluding CDN IPs being port scanned. If used, solely 80
and 443
ports get scanned for these IPs. This characteristic might be enabled by utilizing exclude-cdn
flag.
At the moment cloudflare
, akamai
, incapsula
and sucuri
IPs are supported for exclusions.
- Naabu is designed to scan ports on a number of hosts / mass port scanning.
- As default naabu is configured with a assumption that you’re operating it from VPS.
- We advise tuning the flags / price if operating naabu from native system.
- For greatest outcomes, run naabu as root person.
naabu
is made with
by the projectdiscovery crew. Group contributions have made the undertaking what it’s. See the Thanks.md file for extra particulars.