Naabu
Naabu Port Scanner Cheat Sheet
Overview¶
Naabu es un escáner de puerto rápido escrito en Go by Project Discovery. Está diseñado con un enfoque en confiabilidad y simplicidad, lo que lo convierte en una excelente herramienta para el descubrimiento de la superficie de ataque. Naabu puede escanear miles de hosts y puertos en minutos, proporcionando una manera rápida de identificar puertos abiertos y puntos de entrada potenciales en los sistemas de destino.
Qué conjunto Naabu aparte de otros escáneres portuarios es su capacidad de integración con otras herramientas de seguridad. Está diseñado para ser utilizado en combinación con herramientas como httpx, nuclei y otras herramientas de Project Discovery para crear potentes flujos de trabajo de pruebas de seguridad. Naabu admite diversas técnicas de escaneo, incluyendo escáneres SYN, CONNECT y UDP, y se puede personalizar para adaptarse a diferentes requisitos de escaneo.
Naabu se utiliza comúnmente en la fase de reconocimiento de las evaluaciones de seguridad y la caza de botín para identificar puertos abiertos que podrían albergar servicios vulnerables. Su velocidad y precisión lo convierten en una herramienta valiosa para los profesionales de seguridad que necesitan mapear rápidamente la superficie de ataque de las organizaciones de destino.
Instalación¶
Usando Go¶
# Install using Go (requires Go 1.20 or later)
go install -v github.com/projectdiscovery/naabu/v2/cmd/naabu@latest
# Verify installation
naabu -version
Usando Docker¶
# Pull the latest Docker image
docker pull projectdiscovery/naabu:latest
# Run Naabu using Docker
docker run -it projectdiscovery/naabu:latest -h
Usando Homebrew (macOS)¶
Usando PDTM (Project Discovery Tools Manager)¶
# Install PDTM first if not already installed
go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest
# Install Naabu using PDTM
pdtm -i naabu
# Verify installation
naabu -version
On Kali Linux¶
Uso básico¶
Scanning Hosts¶
# Scan a single host (default: top 100 ports)
naabu -host example.com
# Scan multiple hosts
naabu -host example.com,hackerone.com
# Scan from a list of hosts
naabu -list hosts.txt
# Scan from STDIN
cat hosts.txt|naabu
Port Selection¶
# Scan specific ports
naabu -host example.com -p 80,443,8080,8443
# Scan port ranges
naabu -host example.com -p 1-1000
# Scan top ports
naabu -host example.com -top-ports 100
# Scan all ports
naabu -host example.com -p -
Output Options¶
# Save results to a file
naabu -host example.com -o results.txt
# Output in JSON format
naabu -host example.com -json -o results.json
# Output in CSV format
naabu -host example.com -csv -o results.csv
# Silent mode (only host:port)
naabu -host example.com -silent
Advanced Usage¶
Scan Types¶
# SYN scan (default, requires root/sudo)
sudo naabu -host example.com -scan-type s
# CONNECT scan (no root required)
naabu -host example.com -scan-type c
# UDP scan (requires root/sudo)
sudo naabu -host example.com -scan-type u
Host Discovery¶
# Ping scan for host discovery
naabu -host 192.168.1.0/24 -ping
# Skip host discovery
naabu -host 192.168.1.0/24 -skip-host-discovery
Opciones de red¶
# Set source IP
sudo naabu -host example.com -source-ip 192.168.1.2
# Set source port
sudo naabu -host example.com -source-port 53
# Set interface
sudo naabu -host example.com -interface eth0
Scan Optimization¶
# Set timeout (milliseconds)
naabu -host example.com -timeout 1000
# Set retries
naabu -host example.com -retries 3
# Set rate limit (packets per second)
naabu -host example.com -rate 1000
Performance Optimization¶
Concurrencia y limitación de tarifas¶
# Set host concurrency (default: 25)
naabu -host example.com -c 50
# Set port concurrency (default: 25)
naabu -host example.com -port-concurrency 50
# Set rate limit
naabu -host example.com -rate 1000
Timeout Options¶
# Set timeout for port scans (milliseconds)
naabu -host example.com -timeout 1000
# Set timeout for host discovery (milliseconds)
naabu -host example.com -ping-timeout 1000
Optimización para grandes escáneres
# Use warm-up for large scans
naabu -host example.com -warm-up-time 2
# Increase concurrency for faster scanning
naabu -host example.com -c 100 -port-concurrency 100
Integración con otras herramientas¶
Pipeline with Subfinder¶
# Find subdomains and scan for open ports
subfinder -d example.com -silent|naabu -silent
# Find subdomains, scan for open ports, and probe for HTTP services
subfinder -d example.com -silent|naabu -silent|httpx -silent
Pipeline with HTTPX¶
# Scan for open ports and probe for HTTP services
naabu -host example.com -silent|httpx -silent
# Scan for specific ports and probe for HTTP services
naabu -host example.com -p 80,443,8080,8443 -silent|httpx -silent
Pipeline with Nuclei¶
# Scan for open ports, probe for HTTP services, and scan for vulnerabilities
naabu -host example.com -silent|httpx -silent|nuclei -t cves/
# Scan for specific ports and scan for vulnerabilities
naabu -host example.com -p 80,443,8080,8443 -silent|httpx -silent|nuclei -t cves/
Output Customization¶
Custom Output Format¶
# Output only host:port
naabu -host example.com -silent
# Output with additional information
naabu -host example.com -v
# Count open ports
naabu -host example.com -silent|wc -l
# Sort output by port
naabu -host example.com -silent|sort -t: -k2 -n
Filtrando salida¶
# Filter by port
naabu -host example.com -silent|grep ":80$"
# Filter by host
naabu -list hosts.txt -silent|grep "example.com"
# Find unique ports
naabu -list hosts.txt -silent|cut -d: -f2|sort -u
Filtro avanzado¶
Port Filtering¶
# Exclude specific ports
naabu -host example.com -exclude-ports 80,443
# Scan only common web ports
naabu -host example.com -p 80,81,443,591,2082,2087,2095,2096,3000,8000,8001,8008,8080,8083,8443,8834,8888
Host Filtering¶
# Exclude specific hosts
naabu -list hosts.txt -exclude-hosts excluded-hosts.txt
# Scan only specific CIDR ranges
naabu -host 192.168.1.0/24,10.0.0.0/24
Detección de servicio¶
# Enable service detection
naabu -host example.com -s
# Enable service detection with version
naabu -host example.com -sv
Proxy and Network Options¶
# Use SOCKS5 proxy
naabu -host example.com -proxy socks5://127.0.0.1:1080
# Use HTTP proxy
naabu -host example.com -proxy http://127.0.0.1:8080
# Set DNS resolvers
naabu -host example.com -resolvers 1.1.1.1,8.8.8.8
Nmap Integration¶
# Enable Nmap integration
naabu -host example.com -nmap
# Pass additional Nmap flags
naabu -host example.com -nmap -nmap-flags "-sV -A"
# Use Nmap for service detection
naabu -host example.com -nmap-cli "nmap -sV"
Miscelánea Características¶
CDN/WAF Detection¶
IP Version Selection¶
# Scan using IPv4
naabu -host example.com -ip-version 4
# Scan using IPv6
naabu -host example.com -ip-version 6
Passive Port Enumeration¶
Troubleshooting¶
Common Issues¶
- ** Cuestiones de misión**
# Use sudo for SYN and UDP scans sudo naabu -host example.com -scan-type s # Use CONNECT scan if you don't have root privileges naabu -host example.com -scan-type c ``` 2. ** Limitación de destino por objetivo* * ```bash # Reduce rate limit naabu -host example.com -rate 100 # Increase timeout naabu -host example.com -timeout 2000 ``` 3. **Negativos falsos* * ```bash # Increase retries naabu -host example.com -retries 5 # Use multiple scan types naabu -host example.com -scan-type s,c ``` 4. **Firewall/IDS Detección** ```bash # Use slower scan rate naabu -host example.com -rate 50 # Use random port order naabu -host example.com -scan-random-port ``` ### Debugging ```bash # Enable verbose mode naabu -host example.com -v # Show debug information naabu -host example.com -debug # Show only open ports naabu -host example.com -silent
Configuración¶
Archivo de configuración¶
Naabu utiliza un archivo de configuración ubicado en $HOME/.config/naabu/config.yaml_. Puede personalizar varios ajustes en este archivo:
# Example configuration file
concurrency: 25
port-concurrency: 25
rate: 1000
timeout: 1000
retries: 3
verify: false
scan-type: s
ports: "80,443,8080,8443"
Environment Variables¶
# Set Naabu configuration via environment variables
export NAABU_CONCURRENCY=25
export NAABU_PORT_CONCURRENCY=25
export NAABU_RATE=1000
export NAABU_TIMEOUT=1000
export NAABU_RETRIES=3
Reference¶
Command Line Options¶
| Flag | Description |
|---|---|
| INLINE_CODE_36 | Target host(s) to scan |
| INLINE_CODE_37 | File containing list of hosts to scan |
| INLINE_CODE_38 | Ports to scan (comma-separated, range, or INLINE_CODE_39 for all) |
| INLINE_CODE_40 | Top ports to scan (default: 100) |
| INLINE_CODE_41 | Ports to exclude from scan |
| INLINE_CODE_42 | File to write output to |
| INLINE_CODE_43 | Write output in JSON format |
| INLINE_CODE_44 | Write output in CSV format |
| INLINE_CODE_45 | Show only host:port in output |
| INLINE_CODE_46 | Show verbose output |
| INLINE_CODE_47 | Type of scan to perform (s=SYN, c=CONNECT, u=UDP) |
| INLINE_CODE_48 | Use ping for host discovery |
| INLINE_CODE_49 | Skip host discovery |
| INLINE_CODE_50 | Source IP to use for scanning |
| INLINE_CODE_51 | Network interface to use |
| INLINE_CODE_52 | Rate of packet sending (packets per second) |
| INLINE_CODE_53 | Timeout in milliseconds |
| INLINE_CODE_54 | Number of retries for failed requests |
| INLINE_CODE_55 | Number of concurrent hosts to scan |
| INLINE_CODE_56 | Number of concurrent ports to scan |
| INLINE_CODE_57 | Time in seconds to wait before scanning |
| INLINE_CODE_58 | Enable service detection |
| INLINE_CODE_59 | Enable service detection with version |
| INLINE_CODE_60 | Enable Nmap integration |
| INLINE_CODE_61 | Additional Nmap flags |
| INLINE_CODE_62 | Skip CDN/WAF IPs |
| INLINE_CODE_63 | HTTP/SOCKS5 proxy to use |
| INLINE_CODE_64 | DNS resolvers to use |
| INLINE_CODE_65 | IP version to use (4, 6, or both) |
| INLINE_CODE_66 | Enable passive port enumeration |
| INLINE_CODE_67 | Show Naabu version |
Listas de puertos¶
| Option | Description |
|---|---|
| INLINE_CODE_68 | Top 10 most common ports |
| INLINE_CODE_69 | Top 100 most common ports |
| INLINE_CODE_70 | Top 1000 most common ports |
| INLINE_CODE_71 | All 65535 ports |
| INLINE_CODE_72 | Custom port list |
| INLINE_CODE_73 | Port range |
| INLINE_CODE_74 | All ports (1-65535) |
Scan Types¶
| Type | Description | Root Required |
|---|---|---|
| INLINE_CODE_75 | SYN scan | Yes |
| INLINE_CODE_76 | CONNECT scan | No |
| INLINE_CODE_77 | UDP scan | Yes |
Resources¶
- [Documentación Oficial](URL_78__
- [Repositorio GitHub](URL_79__
- [Discord de descubrimiento del producto](URL_80__
-...
*Esta hoja de trampolín proporciona una referencia completa para el uso de Naabu, desde el escaneo básico del puerto hasta técnicas avanzadas e integración con otras herramientas. Para la información más actualizada, consulte siempre la documentación oficial. *