Zum Inhalt

Naabu Port Scanner Cheat Sheet

Überblick

Naabu ist ein schneller Hafenscanner in Go by Project Discovery geschrieben. Es ist mit einem Fokus auf Zuverlässigkeit und Einfachheit entworfen, so dass es ein ausgezeichnetes Werkzeug für Angriff Oberflächenentdeckung. Naabu kann Tausende von Hosts und Ports in Minuten scannen und bietet eine schnelle Möglichkeit, offene Ports und potenzielle Einstiegspunkte in Zielsysteme zu identifizieren.

Was ist los? Naabu neben anderen Portscannern ist seine Integrationsfähigkeit mit anderen Sicherheitswerkzeugen. Es ist entworfen, um in Kombination mit Tools wie httpx, nuclei und anderen Project Discovery Tools verwendet werden, um leistungsstarke Sicherheitstests Workflows zu erstellen. Naabu unterstützt verschiedene Scantechniken, darunter SYN, CONNECT und UDP-Scans, und kann auf verschiedene Scananforderungen angepasst werden.

Naabu wird häufig in der Aufklärungsphase von Sicherheitsbewertungen und Bug-Bounty-Jagd verwendet, um offene Häfen zu identifizieren, die potenziell gefährdete Dienstleistungen hosten könnten. Seine Geschwindigkeit und Genauigkeit machen es zu einem wertvollen Werkzeug für Sicherheitsexperten, die schnell die Angriffsfläche von Zielorganisationen abbilden müssen.

Installation

Verwenden Sie Go

```bash

Install using Go (requires Go 1.20 or later)

go install -v github.com/projectdiscovery/naabu/v2/cmd/naabu@latest

Verify installation

naabu -version ```_

Verwendung von Docker

```bash

Pull the latest Docker image

docker pull projectdiscovery/naabu:latest

Run Naabu using Docker

docker run -it projectdiscovery/naabu:latest -h ```_

Verwendung von Homebrew (macOS)

```bash

Install using Homebrew

brew install naabu

Verify installation

naabu -version ```_

Verwendung von PDTM (Projekt Discovery Tools Manager)

```bash

Install PDTM first if not already installed

go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest

Install Naabu using PDTM

pdtm -i naabu

Verify installation

naabu -version ```_

Auf Kali Linux

```bash

Install using apt

sudo apt install naabu

Verify installation

naabu -version ```_

Basisnutzung

Scannen von Hosts

```bash

Scan a single host (default: top 100 ports)

naabu -host example.com

Scan multiple hosts

naabu -host example.com,hackerone.com

Scan from a list of hosts

naabu -list hosts.txt

Scan from STDIN

cat hosts.txt|naabu ```_

Port-Auswahl

```bash

Scan specific ports

naabu -host example.com -p 80,443,8080,8443

Scan port ranges

naabu -host example.com -p 1-1000

Scan top ports

naabu -host example.com -top-ports 100

Scan all ports

naabu -host example.com -p - ```_

Ausgabeoptionen

```bash

Save results to a file

naabu -host example.com -o results.txt

Output in JSON format

naabu -host example.com -json -o results.json

Output in CSV format

naabu -host example.com -csv -o results.csv

Silent mode (only host:port)

naabu -host example.com -silent ```_

Erweiterte Nutzung

Scan-Typen

```bash

SYN scan (default, requires root/sudo)

sudo naabu -host example.com -scan-type s

CONNECT scan (no root required)

naabu -host example.com -scan-type c

UDP scan (requires root/sudo)

sudo naabu -host example.com -scan-type u ```_

Host Discovery

```bash

Ping scan for host discovery

naabu -host 192.168.1.0/24 -ping

Skip host discovery

naabu -host 192.168.1.0/24 -skip-host-discovery ```_

Netzwerkoptionen

```bash

Set source IP

sudo naabu -host example.com -source-ip 192.168.1.2

Set source port

sudo naabu -host example.com -source-port 53

Set interface

sudo naabu -host example.com -interface eth0 ```_

Scanoptimierung

```bash

Set timeout (milliseconds)

naabu -host example.com -timeout 1000

Set retries

naabu -host example.com -retries 3

Set rate limit (packets per second)

naabu -host example.com -rate 1000 ```_

Leistungsoptimierung

Concurrency und Rate Limiting

```bash

Set host concurrency (default: 25)

naabu -host example.com -c 50

Set port concurrency (default: 25)

naabu -host example.com -port-concurrency 50

Set rate limit

naabu -host example.com -rate 1000 ```_

Timeout Optionen

```bash

Set timeout for port scans (milliseconds)

naabu -host example.com -timeout 1000

Set timeout for host discovery (milliseconds)

naabu -host example.com -ping-timeout 1000 ```_

Optimierung für große Scans

```bash

Use warm-up for large scans

naabu -host example.com -warm-up-time 2

Increase concurrency for faster scanning

naabu -host example.com -c 100 -port-concurrency 100 ```_

Integration mit anderen Tools

Pipeline mit Subfinder

```bash

Find subdomains and scan for open ports

subfinder -d example.com -silent|naabu -silent

Find subdomains, scan for open ports, and probe for HTTP services

| subfinder -d example.com -silent | naabu -silent | httpx -silent | ```_

Pipeline mit HTTPX

```bash

Scan for open ports and probe for HTTP services

naabu -host example.com -silent|httpx -silent

Scan for specific ports and probe for HTTP services

naabu -host example.com -p 80,443,8080,8443 -silent|httpx -silent ```_

Pipeline mit Nuclei

```bash

Scan for open ports, probe for HTTP services, and scan for vulnerabilities

| naabu -host example.com -silent | httpx -silent | nuclei -t cves/ |

Scan for specific ports and scan for vulnerabilities

| naabu -host example.com -p 80,443,8080,8443 -silent | httpx -silent | nuclei -t cves/ | ```_

Produktionsanpassung

Zollausgabe Format

```bash

Output only host:port

naabu -host example.com -silent

Output with additional information

naabu -host example.com -v

Count open ports

naabu -host example.com -silent|wc -l

Sort output by port

naabu -host example.com -silent|sort -t: -k2 -n ```_

Filterausgang

```bash

Filter by port

naabu -host example.com -silent|grep ":80$"

Filter by host

naabu -list hosts.txt -silent|grep "example.com"

Find unique ports

| naabu -list hosts.txt -silent | cut -d: -f2 | sort -u | ```_

Erweiterte Filterung

Hafenfilterung

```bash

Exclude specific ports

naabu -host example.com -exclude-ports 80,443

Scan only common web ports

naabu -host example.com -p 80,81,443,591,2082,2087,2095,2096,3000,8000,8001,8008,8080,8083,8443,8834,8888 ```_

Host Filtern

```bash

Exclude specific hosts

naabu -list hosts.txt -exclude-hosts excluded-hosts.txt

Scan only specific CIDR ranges

naabu -host 192.168.1.0/24,10.0.0.0/24 ```_

Service-Detektion

```bash

Enable service detection

naabu -host example.com -s

Enable service detection with version

naabu -host example.com -sv ```_

Proxy und Netzwerkoptionen

```bash

Use SOCKS5 proxy

naabu -host example.com -proxy socks5://127.0.0.1:1080

Use HTTP proxy

naabu -host example.com -proxy http://127.0.0.1:8080

Set DNS resolvers

naabu -host example.com -resolvers 1.1.1.1,8.8.8.8 ```_

Nmap Integration

```bash

Enable Nmap integration

naabu -host example.com -nmap

Pass additional Nmap flags

naabu -host example.com -nmap -nmap-flags "-sV -A"

Use Nmap for service detection

naabu -host example.com -nmap-cli "nmap -sV" ```_

Verschiedenes Eigenschaften

CDN/WAF Erkennung

```bash

Skip CDN/WAF IPs

naabu -host example.com -exclude-cdn ```_

Auswahl der IP-Version

```bash

Scan using IPv4

naabu -host example.com -ip-version 4

Scan using IPv6

naabu -host example.com -ip-version 6 ```_

Passive Hafenaufzählung

```bash

Enable passive port enumeration

naabu -host example.com -passive ```_

Fehlerbehebung

Gemeinsame Themen

  1. *Auftragsfragen ```bash # Use sudo for SYN and UDP scans sudo naabu -host example.com -scan-type s

# Use CONNECT scan if you don't have root privileges naabu -host example.com -scan-type c

```_

  1. *Begrenzung durch Ziel * ```bash # Reduce rate limit naabu -host example.com -rate 100

# Increase timeout naabu -host example.com -timeout 2000

```_

  1. ** Falsche Negative* * ```bash # Increase retries naabu -host example.com -retries 5

# Use multiple scan types naabu -host example.com -scan-type s,c

```_

  1. Firewall/IDs Nachweis ```bash # Use slower scan rate naabu -host example.com -rate 50

# Use random port order naabu -host example.com -scan-random-port

```_

Debugging

```bash

Enable verbose mode

naabu -host example.com -v

Show debug information

naabu -host example.com -debug

Show only open ports

naabu -host example.com -silent ```_

Konfiguration

Datei konfigurieren

Naabu verwendet eine Konfigurationsdatei unter $HOME/.config/naabu/config.yaml_. Sie können verschiedene Einstellungen in dieser Datei anpassen:

```yaml

Example configuration file

concurrency: 25 port-concurrency: 25 rate: 1000 timeout: 1000 retries: 3 verify: false scan-type: s ports: "80,443,8080,8443" ```_

Umweltvariablen

```bash

Set Naabu configuration via environment variables

export NAABU_CONCURRENCY=25 export NAABU_PORT_CONCURRENCY=25 export NAABU_RATE=1000 export NAABU_TIMEOUT=1000 export NAABU_RETRIES=3 ```_

Sachgebiet

Kommandozeilenoptionen

| | Flag | Description | | | --- | --- | | | -host | Target host(s) to scan | | | | -list, -l | File containing list of hosts to scan | | | | -p, -port | Ports to scan (comma-separated, range, or - for all) | | | | -top-ports | Top ports to scan (default: 100) | | | | -exclude-ports | Ports to exclude from scan | | | | -o, -output | File to write output to | | | | -json | Write output in JSON format | | | | -csv | Write output in CSV format | | | | -silent | Show only host:port in output | | | | -v, -verbose | Show verbose output | | | | -scan-type | Type of scan to perform (s=SYN, c=CONNECT, u=UDP) | | | | -ping | Use ping for host discovery | | | | -skip-host-discovery | Skip host discovery | | | | -source-ip | Source IP to use for scanning | | | | -interface | Network interface to use | | | | -rate | Rate of packet sending (packets per second) | | | | -timeout | Timeout in milliseconds | | | | -retries | Number of retries for failed requests | | | | -c, -concurrency | Number of concurrent hosts to scan | | | | -port-concurrency | Number of concurrent ports to scan | | | | -warm-up-time | Time in seconds to wait before scanning | | | | -s | Enable service detection | | | | -sv | Enable service detection with version | | | | -nmap | Enable Nmap integration | | | | -nmap-flags | Additional Nmap flags | | | | -exclude-cdn | Skip CDN/WAF IPs | | | | -proxy | HTTP/SOCKS5 proxy to use | | | | -resolvers | DNS resolvers to use | | | | -ip-version | IP version to use (4, 6, or both) | | | | -passive | Enable passive port enumeration | | | | -version | Show Naabu version | |

Hafenlisten

| | Option | Description | | | --- | --- | | | top-10 | Top 10 most common ports | | | | top-100 | Top 100 most common ports | | | | top-1000 | Top 1000 most common ports | | | | full | All 65535 ports | | | | 80,443,8080 | Custom port list | | | | 1-1000 | Port range | | | | - | All ports (1-65535) | |

Scan-Typen

| | Type | Description | Root Required | | | --- | --- | --- | | | s | SYN scan | Yes | | | | c | CONNECT scan | No | | | | u | UDP scan | Yes | |

Ressourcen

  • [offizielle Dokumentation](__LINK_3___
  • [GitHub Repository](_LINK_3__
  • [Project Discovery Discord](__LINK_3___

--

*Dieses Betrügereiblatt bietet eine umfassende Referenz für die Verwendung von Naabu, von grundlegendem Port Scannen bis zu fortgeschrittenen Techniken und Integration mit anderen Werkzeugen. Für die aktuellsten Informationen finden Sie immer die offizielle Dokumentation. *