Naabu: The Fast And Extensible Network Scanner For Reconnaissance

Naabu is a fast port scanner written in the go programming language. It focuses on reliability and simplicity. This tool is created and managed by Project Discovery.

It is a very straightforward program that quickly checks the host or list of hosts using SYN/CONNECT and reports all ports that only respond. Because of the speed, it saves a lot of time for the users.

Features Of Naabu Tool

• Fast Scanning: Naabu has been streamlined for speed and can quickly scan hundreds of hosts and ports.
• Customizable Scanning: Users of Naabu can alter the scanning settings, such as the port range, the top ports, and the timeout value.
• Modular Design: Users may build their scanners, and add additional features and capabilities to Naabu’s modular architecture.
• Extensive Reporting: Naabu produces thorough reports with information about open ports, HTTP and HTTPS servers, and discovered vulnerabilities.
• Flexible Output Formats: Users of Naabu can select from a variety of output formats, including JSON, XML, and CSV.
• Simple Setup: Naabu is simple to set up and needs very little configuration.
• Nmap Integration: Users can easily integrate Nmap into the tool.

Use Cases for Naabu Tool

Many network reconnaissance and vulnerability analysis activities may be performed with Naabu. Typical usage scenarios include:

• Network Mapping: The network topology may be mapped using Naabu, and each host’s open ports and services can be found.
• Vulnerability Assessment: Naabu may be used to find security holes in a variety of network services, including HTTP and FTP servers.
• Web Application Fingerprinting: Naabu may be used to identify the version and kind of web server being used, as well as to fingerprint online applications.
• Penetration Testing: Naabu is a tool that may be used in penetration testing to find possible weak points and attack routes.

How to install Naabu?

The prerequisite for the Naabu tool are:

• Go Compiler
• libpcap-dev package

This tool can run in any Linux distribution such as Parrot Security OS, Kali Linux or Ubuntu.

Follow the steps to install the tool:

1. Go to the GitHub page of the tool.
2. Open terminal and type the command shown below.

go install -v github.com/projectdiscovery/naabu/v2/cmd/naabu@latest

3. Now, go to the location where naabu is installed. Check if the tool is installed or not by the ls command.

cd go/bin/
ls

4. Move naabu to the bin directory inside the file system.

sudo mv naabu /usr/bin/

By moving it to the bin folder, the user can use the tool anywhere without specifying the tool’s location.

How to run Naabu?

To check this tool, we will use vulnhub.com.

naabu -host vulnhub.com

Options

Usage:
  ./naabu [flags]

INPUT:
   -host string[]              hosts to scan ports for (comma-separated)
   -list, -l string            list of hosts to scan ports (file)
   -exclude-hosts, -eh string  hosts to exclude from the scan (comma-separated)
   -exclude-file, -ef string   list of hosts to exclude from scan (file)

PORT:
   -port, -p string            ports to scan (80,443,100-200,u:53)
   -top-ports, -tp string      top ports to scan (default 100)
   -exclude-ports, -ep string  ports to exclude from scan (comma-separated)
   -ports-file, -pf string     list of ports to scan (file)
   -port-threshold, -pts int   port threshold to skip port scan for the host
   -exclude-cdn, -ec           skip full port scans for CDN's (only checks for 80,443)
   -display-cdn, -cdn          display cdn in use

RATE-LIMIT:
   -c int     general internal worker threads (default 25)
   -rate int  packets to send per second (default 1000)

OUTPUT:
   -o, -output string  file to write output to (optional)
   -json               write output in JSON lines format
   -csv                write output in csv format

CONFIGURATION:
   -scan-all-ips, -sa                  scan all the IP's associated with DNS record
   -ip-version, -iv string[]           ip version to scan of hostname (4,6) - (default 4)
   -scan-type, -s string               type of port scan (SYN/CONNECT) (default "s")
   -source-ip string                   source ip and port (x.x.x.x:yyy)
   -interface-list, -il                list available interfaces and public ip
   -interface, -i string               network Interface to use for port scan
   -nmap                               invoke nmap scan on targets (nmap must be installed) - Deprecated
   -nmap-cli string                    nmap command to run on found results (example: -nmap-cli 'nmap -sV')
   -r string                           list of custom resolver dns resolution (comma separated or from file)
   -proxy string                       socks5 proxy (ip[:port] / fqdn[:port]
   -proxy-auth string                  socks5 proxy authentication (username:password)
   -resume                             resume scan using resume.cfg
   -stream                             stream mode (disables resume, nmap, verify, retries, shuffling, etc)
   -passive                            display passive open ports using shodan internetdb api
   -irt, -input-read-timeout duration  timeout on input read (default 3m0s)
   -no-stdin                           Disable Stdin processing

HOST-DISCOVERY:
   -sn, -host-discovery           Perform Only Host Discovery
   -Pn, -skip-host-discovery      Skip Host discovery
   -ps, -probe-tcp-syn string[]   TCP SYN Ping (host discovery needs to be enabled)
   -pa, -probe-tcp-ack string[]   TCP ACK Ping (host discovery needs to be enabled)
   -pe, -probe-icmp-echo          ICMP echo request Ping (host discovery needs to be enabled)
   -pp, -probe-icmp-timestamp     ICMP timestamp request Ping (host discovery needs to be enabled)
   -pm, -probe-icmp-address-mask  ICMP address mask request Ping (host discovery needs to be enabled)
   -arp, -arp-ping                ARP ping (host discovery needs to be enabled)
   -nd, -nd-ping                  IPv6 Neighbor Discovery (host discovery needs to be enabled)
   -rev-ptr                       Reverse PTR lookup for input ips

OPTIMIZATION:
   -retries int       number of retries for the port scan (default 3)
   -timeout int       millisecond to wait before timing out (default 1000)
   -warm-up-time int  time in seconds between scan phases (default 2)
   -ping              ping probes for verification of host
   -verify            validate the ports again with TCP verification

DEBUG:
   -health-check, -hc        run diagnostic check up
   -debug                    display debugging information
   -verbose, -v              display verbose output
   -no-color, -nc            disable colors in CLI output
   -silent                   display only results in output
   -version                  display version of naabu
   -stats                    display stats of the running scan
   -si, -stats-interval int  number of seconds to wait between showing a statistics update (default 5)

Conclusion

For network reconnaissance and vulnerability analysis, Naabu is a helpful tool. It is a versatile and effective tool for network scanning because of its modular architecture, adjustable scanning parameters, and detailed reporting. Network mapping, vulnerability analysis, web application fingerprinting, and penetration testing are just a few of the use cases for Naabu. Naabu is a quick, portable, and adaptable network scanner that you may use.

Frequently Asked Questions (FAQs)