Naabu Port Scanner Cheat Sheet¶
Im Überblick
Naabu ist ein schneller Hafenscanner in Go by Project Discovery geschrieben. Es ist mit einem Fokus auf Zuverlässigkeit und Einfachheit entworfen, so dass es ein ausgezeichnetes Werkzeug für Angriff Oberflächenentdeckung. Naabu kann Tausende von Hosts und Ports in Minuten scannen und bietet eine schnelle Möglichkeit, offene Ports und potenzielle Einstiegspunkte in Zielsysteme zu identifizieren.
Was ist los? Naabu neben anderen Portscannern ist seine Integrationsfähigkeit mit anderen Sicherheitswerkzeugen. Es ist entworfen, um in Kombination mit Tools wie httpx, nuclei und anderen Project Discovery Tools verwendet werden, um leistungsstarke Sicherheitstests Workflows zu erstellen. Naabu unterstützt verschiedene Scantechniken, darunter SYN, CONNECT und UDP-Scans, und kann auf verschiedene Scananforderungen angepasst werden.
Naabu wird häufig in der Aufklärungsphase von Sicherheitsbewertungen und Bug-Bounty-Jagd verwendet, um offene Häfen zu identifizieren, die potenziell gefährdete Dienstleistungen hosten könnten. Seine Geschwindigkeit und Genauigkeit machen es zu einem wertvollen Werkzeug für Sicherheitsexperten, die schnell die Angriffsfläche von Zielorganisationen abbilden müssen.
• Installation
Verwenden von Go¶
# Install using Go (requires Go 1.20 or later)
go install -v github.com/projectdiscovery/naabu/v2/cmd/naabu@latest
# Verify installation
naabu -version
Verwenden von Docker¶
# Pull the latest Docker image
docker pull projectdiscovery/naabu:latest
# Run Naabu using Docker
docker run -it projectdiscovery/naabu:latest -h
Verwendung von Homebrew (macOS)¶
Verwenden von PDTM (Projekt Discovery Tools Manager)¶
# Install PDTM first if not already installed
go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest
# Install Naabu using PDTM
pdtm -i naabu
# Verify installation
naabu -version
Auf Kali Linux
oder Basisnutzung
Scanning Hosts¶
# Scan a single host (default: top 100 ports)
naabu -host example.com
# Scan multiple hosts
naabu -host example.com,hackerone.com
# Scan from a list of hosts
naabu -list hosts.txt
# Scan from STDIN
cat hosts.txt|naabu
Port Selection¶
# Scan specific ports
naabu -host example.com -p 80,443,8080,8443
# Scan port ranges
naabu -host example.com -p 1-1000
# Scan top ports
naabu -host example.com -top-ports 100
# Scan all ports
naabu -host example.com -p -
Ausgabeoptionen¶
# Save results to a file
naabu -host example.com -o results.txt
# Output in JSON format
naabu -host example.com -json -o results.json
# Output in CSV format
naabu -host example.com -csv -o results.csv
# Silent mode (only host:port)
naabu -host example.com -silent
/ Fortgeschrittene Nutzung
Scannen von Arten¶
# SYN scan (default, requires root/sudo)
sudo naabu -host example.com -scan-type s
# CONNECT scan (no root required)
naabu -host example.com -scan-type c
# UDP scan (requires root/sudo)
sudo naabu -host example.com -scan-type u
Host Discovery¶
# Ping scan for host discovery
naabu -host 192.168.1.0/24 -ping
# Skip host discovery
naabu -host 192.168.1.0/24 -skip-host-discovery
Netzwerkoptionen¶
# Set source IP
sudo naabu -host example.com -source-ip 192.168.1.2
# Set source port
sudo naabu -host example.com -source-port 53
# Set interface
sudo naabu -host example.com -interface eth0
Scanoptimierung¶
# Set timeout (milliseconds)
naabu -host example.com -timeout 1000
# Set retries
naabu -host example.com -retries 3
# Set rate limit (packets per second)
naabu -host example.com -rate 1000
 Leistungsoptimierung
Concurrency and Rate Limiting¶
# Set host concurrency (default: 25)
naabu -host example.com -c 50
# Set port concurrency (default: 25)
naabu -host example.com -port-concurrency 50
# Set rate limit
naabu -host example.com -rate 1000
Timeout Optionen¶
# Set timeout for port scans (milliseconds)
naabu -host example.com -timeout 1000
# Set timeout for host discovery (milliseconds)
naabu -host example.com -ping-timeout 1000
Optimierung für große Scans¶
# Use warm-up for large scans
naabu -host example.com -warm-up-time 2
# Increase concurrency for faster scanning
naabu -host example.com -c 100 -port-concurrency 100
Integration mit anderen Tools
Pipeline mit Subfinder¶
# Find subdomains and scan for open ports
subfinder -d example.com -silent|naabu -silent
# Find subdomains, scan for open ports, and probe for HTTP services
subfinder -d example.com -silent|naabu -silent|httpx -silent
Pipeline mit HTTPX¶
# Scan for open ports and probe for HTTP services
naabu -host example.com -silent|httpx -silent
# Scan for specific ports and probe for HTTP services
naabu -host example.com -p 80,443,8080,8443 -silent|httpx -silent
Pipeline mit Nuclei¶
# Scan for open ports, probe for HTTP services, and scan for vulnerabilities
naabu -host example.com -silent|httpx -silent|nuclei -t cves/
# Scan for specific ports and scan for vulnerabilities
naabu -host example.com -p 80,443,8080,8443 -silent|httpx -silent|nuclei -t cves/
/ Output Customization
Individuelle Ausgabeformat¶
# Output only host:port
naabu -host example.com -silent
# Output with additional information
naabu -host example.com -v
# Count open ports
naabu -host example.com -silent|wc -l
# Sort output by port
naabu -host example.com -silent|sort -t: -k2 -n
Filterausgang¶
# Filter by port
naabu -host example.com -silent|grep ":80$"
# Filter by host
naabu -list hosts.txt -silent|grep "example.com"
# Find unique ports
naabu -list hosts.txt -silent|cut -d: -f2|sort -u
Erweiterte Filterung
Port Filtering¶
# Exclude specific ports
naabu -host example.com -exclude-ports 80,443
# Scan only common web ports
naabu -host example.com -p 80,81,443,591,2082,2087,2095,2096,3000,8000,8001,8008,8080,8083,8443,8834,8888
Host Filtering¶
# Exclude specific hosts
naabu -list hosts.txt -exclude-hosts excluded-hosts.txt
# Scan only specific CIDR ranges
naabu -host 192.168.1.0/24,10.0.0.0/24
Service Detection¶
# Enable service detection
naabu -host example.com -s
# Enable service detection with version
naabu -host example.com -sv
Proxy und Netzwerkoptionen
# Use SOCKS5 proxy
naabu -host example.com -proxy socks5://127.0.0.1:1080
# Use HTTP proxy
naabu -host example.com -proxy http://127.0.0.1:8080
# Set DNS resolvers
naabu -host example.com -resolvers 1.1.1.1,8.8.8.8
• Nmap Integration
# Enable Nmap integration
naabu -host example.com -nmap
# Pass additional Nmap flags
naabu -host example.com -nmap -nmap-flags "-sV -A"
# Use Nmap for service detection
naabu -host example.com -nmap-cli "nmap -sV"
In den Warenkorb Eigenschaften
CDN/WAF Erkennung¶
IP Version Auswahl¶
# Scan using IPv4
naabu -host example.com -ip-version 4
# Scan using IPv6
naabu -host example.com -ip-version 6
Passive Hafenaufzählung¶
Fehlerbehebung
Häufige Fragen¶
ANHANG **Auftragsfragen*
# Use sudo for SYN and UDP scans
sudo naabu -host example.com -scan-type s
# Use CONNECT scan if you don't have root privileges
naabu -host example.com -scan-type c
```_
2. **Begrenzung durch Ziel* *
```bash
# Reduce rate limit
naabu -host example.com -rate 100
# Increase timeout
naabu -host example.com -timeout 2000
```_
3. ** Falsche Negative* *
```bash
# Increase retries
naabu -host example.com -retries 5
# Use multiple scan types
naabu -host example.com -scan-type s,c
```_
4. **Firewall/IDs Nachweis**
```bash
# Use slower scan rate
naabu -host example.com -rate 50
# Use random port order
naabu -host example.com -scan-random-port
```_
### Debugging
```bash
# Enable verbose mode
naabu -host example.com -v
# Show debug information
naabu -host example.com -debug
# Show only open ports
naabu -host example.com -silent
Konfiguration
Konfigurationsdatei¶
Naabu verwendet eine Konfigurationsdatei unter $HOME/.config/naabu/config.yaml_. Sie können verschiedene Einstellungen in dieser Datei anpassen:
# Example configuration file
concurrency: 25
port-concurrency: 25
rate: 1000
timeout: 1000
retries: 3
verify: false
scan-type: s
ports: "80,443,8080,8443"
Umgebungsvariablen¶
# Set Naabu configuration via environment variables
export NAABU_CONCURRENCY=25
export NAABU_PORT_CONCURRENCY=25
export NAABU_RATE=1000
export NAABU_TIMEOUT=1000
export NAABU_RETRIES=3
Referenz
Kommandozeilenoptionen¶
| Flag | Description |
|---|---|
| INLINE_CODE_36 | Target host(s) to scan |
| INLINE_CODE_37 | File containing list of hosts to scan |
| INLINE_CODE_38 | Ports to scan (comma-separated, range, or INLINE_CODE_39 for all) |
| INLINE_CODE_40 | Top ports to scan (default: 100) |
| INLINE_CODE_41 | Ports to exclude from scan |
| INLINE_CODE_42 | File to write output to |
| INLINE_CODE_43 | Write output in JSON format |
| INLINE_CODE_44 | Write output in CSV format |
| INLINE_CODE_45 | Show only host:port in output |
| INLINE_CODE_46 | Show verbose output |
| INLINE_CODE_47 | Type of scan to perform (s=SYN, c=CONNECT, u=UDP) |
| INLINE_CODE_48 | Use ping for host discovery |
| INLINE_CODE_49 | Skip host discovery |
| INLINE_CODE_50 | Source IP to use for scanning |
| INLINE_CODE_51 | Network interface to use |
| INLINE_CODE_52 | Rate of packet sending (packets per second) |
| INLINE_CODE_53 | Timeout in milliseconds |
| INLINE_CODE_54 | Number of retries for failed requests |
| INLINE_CODE_55 | Number of concurrent hosts to scan |
| INLINE_CODE_56 | Number of concurrent ports to scan |
| INLINE_CODE_57 | Time in seconds to wait before scanning |
| INLINE_CODE_58 | Enable service detection |
| INLINE_CODE_59 | Enable service detection with version |
| INLINE_CODE_60 | Enable Nmap integration |
| INLINE_CODE_61 | Additional Nmap flags |
| INLINE_CODE_62 | Skip CDN/WAF IPs |
| INLINE_CODE_63 | HTTP/SOCKS5 proxy to use |
| INLINE_CODE_64 | DNS resolvers to use |
| INLINE_CODE_65 | IP version to use (4, 6, or both) |
| INLINE_CODE_66 | Enable passive port enumeration |
| INLINE_CODE_67 | Show Naabu version |
| _ | |
| ### Port Lists |
| Option | Description |
|---|---|
| INLINE_CODE_68 | Top 10 most common ports |
| INLINE_CODE_69 | Top 100 most common ports |
| INLINE_CODE_70 | Top 1000 most common ports |
| INLINE_CODE_71 | All 65535 ports |
| INLINE_CODE_72 | Custom port list |
| INLINE_CODE_73 | Port range |
| INLINE_CODE_74 | All ports (1-65535) |
| _ | |
| ### Scannen von Arten |
| Type | Description | Root Required |
|---|---|---|
| INLINE_CODE_75 | SYN scan | Yes |
| INLINE_CODE_76 | CONNECT scan | No |
| INLINE_CODE_77 | UDP scan | Yes |
| _ | ||
| Ressourcen |
- offizielle Dokumentation
- (GitHub Repository)(https://github.com/projectdiscovery/naabu)
- [Project Discovery Discord](URL_80_
--
*Dieses Betrügereiblatt bietet eine umfassende Referenz für die Verwendung von Naabu, von grundlegendem Port Scannen bis zu fortgeschrittenen Techniken und Integration mit anderen Werkzeugen. Für die aktuellsten Informationen finden Sie immer die offizielle Dokumentation. *