
Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple tool that does fast SYN/CONNECT scans on the host/list of hosts and lists all ports that return a reply.
- Fast And Simple SYN/CONNECT probe based scanning
- Passive Port Enumeration using Shodan Internetdb API
- Optimized for ease of use and lightweight on resources
- Automatic IP deduplication for port scan
- NMAP integration for service discovery
- Multiple input support – STDIN/HOST/IP/CIDR
- Multiple output format support – JSON/TXT/STDOUT
This will display help for the tool. Here are all the switches it supports.
<div class="highlight highlight-source-yaml notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="Usage: ./naabu [flags] INPUT: -host string[] hosts to scan ports for (comma-separated) -list, -l string list of hosts to scan ports (file) -exclude-hosts, -eh string hosts to exclude from the scan (comma-separated) -exclude-file, -ef string list of hosts to exclude from scan (file) PORT: -port, -p string ports to scan (80,443, 100-200 -top-ports, -tp string top ports to scan (default 100) -exclude-ports, -ep string ports to exclude from scan (comma-separated) -ports-file, -pf string list of ports to exclude from scan (file) -exclude-cdn, -ec skip full port scans for CDN's (only checks for 80,443) RATE-LIMIT: -c int general internal worker threads (default 25) -rate int packets to send per second (default 1000) OUTPUT: -o, -output string file to write output to (optional) -json write output in JSON lines format -csv write output in csv format CONFIGURATION: -scan-all-ips, -sa scan all the IP's associated with DNS record -scan-type, -s string type of port scan (SYN/CONNECT) (default "s") -source-ip string source ip -interface-list, -il list available interfaces and public ip -interface, -i string network Interface to use for port scan -nmap invoke nmap scan on targets (nmap must be installed) – Deprecated -nmap-cli string nmap command to run on found results (-nmap-cli 'nmap -sV') -r string list of custom resolver dns resolution (comma separated or from file) -proxy string socks5 proxy -resume resume scan using resume.cfg -stream stream mode (disables resume, nmap, verify, retries, shuffling, etc) -passive display passive open ports using shodan internetdb api OPTIMIZATION: -retries int number of retries for the port scan (default 3) -timeout int millisecond to wait before timing out (default 1000) -warm-up-time int time in seconds between scan phases (default 2) -ping ping probes for verification of host -verify validate the ports again with TCP verification DEBUG: -debug display debugging information -verbose, -v display verbose output -no-color, -nc disable colors in CLI output -silent display only results in output -version display version of naabu -stats display stats of the running scan -si, -stats-interval int number of seconds to wait between showing a statistics update (default 5)”>
Usage:
./naabu [flags]INPUT:
-host string[] hosts to scan ports for (comma-separated)
-list, -l string list of hosts to scan ports (file)
-exclude-hosts, -eh string hosts to exclude from the scan (comma-separated)
-exclude-file, -ef string list of hosts to exclude from scan (file)
PORT:
-port, -p string ports to scan (80,443, 100-200
-top-ports, -tp string top ports to scan (default 100)
-exclude-ports, -ep string ports to exclude from scan (comma-separated)
-ports-file, -pf string list of ports to exclude from scan (file)
-exclude-cdn, -ec skip full port scans for CDN's (only checks for 80,443)
RATE-LIMIT:
-c int general internal worker threads (default 25)
-rate int packets to send per second (d efault 1000)
OUTPUT:
-o, -output string file to write output to (optional)
-json write output in JSON lines format
-csv write output in csv format
CONFIGURATION:
-scan-all-ips, -sa scan all the IP's associated with DNS record
-scan-type, -s string type of port scan (SYN/CONNECT) (default "s")
-source-ip string source ip
-interface-list, -il list available interfaces and public ip
-interface, -i string network Interface to use for port scan
-nmap invoke nmap scan on targets (nmap must be installed) - Deprecated
-nmap-cli string nmap command to run on found results (-nmap-cli 'nmap -sV')
-r string list of custom resolver dns resolution (comma separated or from file)
-proxy string socks5 proxy
-resume resume scan using resume.cfg
-stream stream mode (disab les resume, nmap, verify, retries, shuffling, etc)
-passive display passive open ports using shodan internetdb api
OPTIMIZATION:
-retries int number of retries for the port scan (default 3)
-timeout int millisecond to wait before timing out (default 1000)
-warm-up-time int time in seconds between scan phases (default 2)
-ping ping probes for verification of host
-verify validate the ports again with TCP verification
DEBUG:
-debug display debugging information
-verbose, -v display verbose output
-no-color, -nc disable colors in CLI output
-silent display only results in output
-version display version of naabu
-stats display stats of the running scan
-si, -stats-interval int number of seconds to wait between showing a statistics u pdate (default 5)