projectdiscovery / naabu Goto Github PK

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

Home Page: https://projectdiscovery.io

License: MIT License

Go 99.22% Dockerfile 0.18% Shell 0.42% Makefile 0.18%

portscanner port-enumeration scan-ports nmap cdn-exclusion hacktoberfest

naabu's Introduction

Features • Installation • Usage • Running naabu • Config • NMAP integration • CDN/WAF Exclusion • Discord

Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple tool that does fast SYN/CONNECT/UDP scans on the host/list of hosts and lists all ports that return a reply.

Features

Fast And Simple SYN/CONNECT/UDP probe based scanning
Optimized for ease of use and lightweight on resources
DNS Port scan
Automatic IP Deduplication for DNS port scan
IPv4/IPv6 Port scan (experimental)
Passive Port enumeration using Shodan Internetdb
Host Discovery scan (experimental)
NMAP integration for service discovery
Multiple input support - STDIN/HOST/IP/CIDR/ASN
Multiple output format support - JSON/TXT/STDOUT

Usage

naabu -h

This will display help for the tool. Here are all the switches it supports.

Usage:
  ./naabu [flags]

INPUT:
   -host string[]              hosts to scan ports for (comma-separated)
   -list, -l string            list of hosts to scan ports (file)
   -exclude-hosts, -eh string  hosts to exclude from the scan (comma-separated)
   -exclude-file, -ef string   list of hosts to exclude from scan (file)

PORT:
   -port, -p string            ports to scan (80,443, 100-200)
   -top-ports, -tp string      top ports to scan (default 100) [full,100,1000]
   -exclude-ports, -ep string  ports to exclude from scan (comma-separated)
   -ports-file, -pf string     list of ports to scan (file)
   -port-threshold, -pts int   port threshold to skip port scan for the host
   -exclude-cdn, -ec           skip full port scans for CDN/WAF (only scan for port 80,443)
   -display-cdn, -cdn          display cdn in use

RATE-LIMIT:
   -c int     general internal worker threads (default 25)
   -rate int  packets to send per second (default 1000)

UPDATE:
   -up, -update                 update naabu to latest version
   -duc, -disable-update-check  disable automatic naabu update check

OUTPUT:
   -o, -output string  file to write output to (optional)
   -j, -json           write output in JSON lines format
   -csv                write output in csv format

CONFIGURATION:
   -config string                   path to the naabu configuration file (default $HOME/.config/naabu/config.yaml)
   -scan-all-ips, -sa               scan all the IP's associated with DNS record
   -ip-version, -iv string[]        ip version to scan of hostname (4,6) - (default 4) (default ["4"])
   -scan-type, -s string            type of port scan (SYN/CONNECT) (default "s")
   -source-ip string                source ip and port (x.x.x.x:yyy)
   -interface-list, -il             list available interfaces and public ip
   -interface, -i string            network Interface to use for port scan
   -nmap                            invoke nmap scan on targets (nmap must be installed) - Deprecated
   -nmap-cli string                 nmap command to run on found results (example: -nmap-cli 'nmap -sV')
   -r string                        list of custom resolver dns resolution (comma separated or from file)
   -proxy string                    socks5 proxy (ip[:port] / fqdn[:port]
   -proxy-auth string               socks5 proxy authentication (username:password)
   -resume                          resume scan using resume.cfg
   -stream                          stream mode (disables resume, nmap, verify, retries, shuffling, etc)
   -passive                         display passive open ports using shodan internetdb api
   -irt, -input-read-timeout value  timeout on input read (default 3m0s)
   -no-stdin                        Disable Stdin processing

HOST-DISCOVERY:
   -sn, -host-discovery           Perform Only Host Discovery
   -Pn, -skip-host-discovery      Skip Host discovery
   -ps, -probe-tcp-syn string[]   TCP SYN Ping (host discovery needs to be enabled)
   -pa, -probe-tcp-ack string[]   TCP ACK Ping (host discovery needs to be enabled)
   -pe, -probe-icmp-echo          ICMP echo request Ping (host discovery needs to be enabled)
   -pp, -probe-icmp-timestamp     ICMP timestamp request Ping (host discovery needs to be enabled)
   -pm, -probe-icmp-address-mask  ICMP address mask request Ping (host discovery needs to be enabled)
   -arp, -arp-ping                ARP ping (host discovery needs to be enabled)
   -nd, -nd-ping                  IPv6 Neighbor Discovery (host discovery needs to be enabled)
   -rev-ptr                       Reverse PTR lookup for input ips

OPTIMIZATION:
   -retries int       number of retries for the port scan (default 3)
   -timeout int       millisecond to wait before timing out (default 1000)
   -warm-up-time int  time in seconds between scan phases (default 2)
   -ping              ping probes for verification of host
   -verify            validate the ports again with TCP verification

DEBUG:
   -health-check, -hc        run diagnostic check up
   -debug                    display debugging information
   -verbose, -v              display verbose output
   -no-color, -nc            disable colors in CLI output
   -silent                   display only results in output
   -version                  display version of naabu
   -stats                    display stats of the running scan (deprecated)
   -si, -stats-interval int  number of seconds to wait between showing a statistics update (deprecated) (default 5)
   -mp, -metrics-port int    port to expose naabu metrics on (default 63636)

Installation Instructions

Download the ready to run binary / docker or install with GO

Prerequisite

Note: before installing naabu, make sure to install libpcap library for packet capturing.

To install libcap on Linux: sudo apt install -y libpcap-dev, on Mac: brew install libpcap

Installing Naabu

go install -v github.com/projectdiscovery/naabu/v2/cmd/naabu@latest

Running Naabu

To run the tool on a target, just use the following command.

naabu -host hackerone.com

This will run the tool against hackerone.com. There are a number of configuration options that you can pass along with this command. The verbose switch -v can be used to display verbose information.

naabu -host hackerone.com

                  __
  ___  ___  ___ _/ /  __ __
 / _ \/ _ \/ _ \/ _ \/ // /
/_//_/\_,_/\_,_/_.__/\_,_/ v2.0.3

    projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Running SYN scan with root privileges
[INF] Found 4 ports on host hackerone.com (104.16.100.52)

hackerone.com:80
hackerone.com:443
hackerone.com:8443
hackerone.com:8080

The ports to scan for on the host can be specified via -p parameter (udp ports must be expressed as u:port). It takes nmap format ports and runs enumeration on them.

naabu -p 80,443,21-23,u:53 -host hackerone.com

By default, the Naabu checks for nmap's Top 100 ports. It supports the following in-built port lists -

Flag	Description
`-top-ports 100`	Scan for nmap top 100 port
`-top-ports 1000`	Scan for nmap top 1000 port
`-p -`	Scan for full ports from 1-65535

You can also specify specific ports which you would like to exclude from the scan.

naabu -p - -exclude-ports 80,443

To run the naabu on a list of hosts, -list option can be used.

naabu -list hosts.txt

To run the naabu on a ASN, AS input can be used. It takes the IP address available for given ASN and runs the enumeration on them.

echo AS14421 | naabu -p 80,443

216.101.17.249:80
216.101.17.249:443
216.101.17.248:443
216.101.17.252:443
216.101.17.251:80
216.101.17.251:443
216.101.17.250:443
216.101.17.250:80

You can also get output in json format using -json switch. This switch saves the output in the JSON lines format.

naabu -host 104.16.99.52 -json

{"ip":"104.16.99.52","port":443}
{"ip":"104.16.99.52","port":80}

The ports discovered can be piped to other tools too. For example, you can pipe the ports discovered by naabu to httpx which will then find running http servers on the host.

echo hackerone.com | naabu -silent | httpx -silent

http://hackerone.com:8443
http://hackerone.com:443
http://hackerone.com:8080
http://hackerone.com:80

The speed can be controlled by changing the value of rate flag that represent the number of packets per second. Increasing it while processing hosts may lead to increased false-positive rates. So it is recommended to keep it to a reasonable amount.

IPv4 and IPv6

Naabu supports both IPv4 and IPv6. Both ranges can be piped together as input. If IPv6 is used, connectivity must be correctly configured, and the network interface must have an IPv6 address assigned (inet6) and a default gateway.

echo hackerone.com | dnsx -resp-only -a -aaaa -silent | naabu -p 80 -silent

104.16.99.52:80
104.16.100.52:80
2606:4700::6810:6434:80
2606:4700::6810:6334:80

The option -ip-version 6 makes the tool use IPv6 addresses while resolving domain names.

echo hackerone.com | ./naabu -p 80 -ip-version 6

                  __
  ___  ___  ___ _/ /  __ __
 / _ \/ _ \/ _ \/ _ \/ // /
/_//_/\_,_/\_,_/_.__/\_,_/ v2.0.8

      projectdiscovery.io

Use with caution. You are responsible for your actions
Developers assume no liability and are not responsible for any misuse or damage.
[INF] Running CONNECT scan with non root privileges
[INF] Found 1 ports on host hackerone.com (2606:4700::6810:6334)
hackerone.com:80

To scan all the IPs of both version, ip-version 4,6 can be used along with -scan-all-ips flag.

echo hackerone.com | ./naabu -iv 4,6 -sa -p 80 -silent

[INF] Found 1 ports on host hackerone.com (104.16.100.52)
hackerone.com:80
[INF] Found 1 ports on host hackerone.com (104.16.99.52)
hackerone.com:80
[INF] Found 1 ports on host hackerone.com (2606:4700::6810:6334)
hackerone.com:80
[INF] Found 1 ports on host hackerone.com (2606:4700::6810:6434)
hackerone.com:80

Host Discovery

Naabu optionally supports multiple options to perform host discovery, as outlined below. Host discovery is completed automatically before beginning a connect/syn scan if the process has enough privileges. -sn flag instructs the toll to perform host discovery only. -Pn flag skips the host discovery phase. Host discovery is completed using multiple internal methods; one can specify the desired approach to perform host discovery by setting available options.

Available options to perform host discovery:

ARP ping (-arp)
TCP SYN ping (-ps 80)
TCP ACK ping (-pa 443)
ICMP echo ping (-pe)
ICMP timestamp ping (-pp)
ICMP address mask ping (-pm)
IPv6 neighbor discovery (-nd)

Configuration file

Naabu supports config file as default located at $HOME/.config/naabu/config.yaml, It allows you to define any flag in the config file and set default values to include for all scans.

Nmap integration

We have integrated nmap support for service discovery or any additional scans supported by nmap on the found results by Naabu, make sure you have nmap installed to use this feature.

To use,nmap-cli flag can be used followed by nmap command, for example:-

echo hackerone.com | naabu -nmap-cli 'nmap -sV -oX nmap-output'
                  __       
  ___  ___  ___ _/ /  __ __
 / _ \/ _ \/ _ \/ _ \/ // /
/_//_/\_,_/\_,_/_.__/\_,_/ v2.0.0        

    projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Running TCP/ICMP/SYN scan with root privileges
[INF] Found 4 ports on host hackerone.com (104.16.99.52)

hackerone.com:443
hackerone.com:80
hackerone.com:8443
hackerone.com:8080

[INF] Running nmap command: nmap -sV -p 80,8443,8080,443 104.16.99.52

Starting Nmap 7.01 ( https://nmap.org ) at 2020-09-23 05:02 UTC
Nmap scan report for 104.16.99.52
Host is up (0.0021s latency).
PORT     STATE SERVICE       VERSION
80/tcp   open  http          cloudflare
443/tcp  open  ssl/https     cloudflare
8080/tcp open  http-proxy    cloudflare
8443/tcp open  ssl/https-alt cloudflare

CDN/WAF Exclusion

Naabu also supports excluding CDN/WAF IPs being port scanned. If used, only 80 and 443 ports get scanned for those IPs. This feature can be enabled by using exclude-cdn flag.

Currently cloudflare, akamai, incapsula and sucuri IPs are supported for exclusions.

Scan Status

Naabu exposes json scan info on a local port bound to localhost at http://localhost:63636/metrics (the port can be changed via the -metrics-port flag)

Using naabu as library

The following sample program scan the port 80 of scanme.sh. The results are returned via the OnResult callback:

package main

import (
	"log"

	"github.com/projectdiscovery/goflags"
	"github.com/projectdiscovery/naabu/v2/pkg/result"
	"github.com/projectdiscovery/naabu/v2/pkg/runner"
)

func main() {
	options := runner.Options{
		Host:      goflags.StringSlice{"scanme.sh"},
		ScanType: "s",
		OnResult: func(hr *result.HostResult) {
			log.Println(hr.Host, hr.Ports)
		},
		Ports: "80",
	}

	naabuRunner, err := runner.NewRunner(&options)
	if err != nil {
		log.Fatal(err)
	}
	defer naabuRunner.Close()

	naabuRunner.RunEnumeration()
}

Notes

Naabu allows arbitrary binary execution as a feature to support nmap integration.
Naabu is designed to scan ports on multiple hosts / mass port scanning.
As default naabu is configured with a assumption that you are running it from VPS.
We suggest tuning the flags / rate if running naabu from local system.
For best results, run naabu as root user.

Naabu is made with 🖤 by the projectdiscovery team. Community contributions have made the project what it is.

See the Thanks.md file for more details.

naabu's People

Contributors

Stargazers

Watchers

Forkers

dumpsterfirevip tounsi007 layzhi slooppe olivierh59500 shahid1996 jothatron codered009 gophersumit bbhunter nicolascb sh1nu11bi suryatmodulus mewbak modulexcite devanshdubey imlonghao devployment urnas keevol mitghi junxie6 isgasho elamaran619 penkovski amasser master-fufu parthmalhotra pentest-tools createuseraccount l0vecoffee marciopocebon ellerbrock unsecureio aramrami laowang1026 5l1v3r1 sinakheirkhah fork-tools nvk0x sugarp0pe 1ndianl33t piterpentester pystocks zaidozaid global01 marcostolosa yut0u pradeepch99 rahmiy r4b3rt vishal9066 sec99 ignitionlab tmacbg arturoruz mavericknerd mohammedshine qianniaoge preteriranto nightwizard001 quinn-yan reanimat0r projectzerodays rassec polling-repo-continua latkes c3rberus fngoo listinvest x-go-app juan157 iiiusky d0luffy anthony-esdaile stash11-dev latterdaylegion singularidad caspergn arpsyndicate la3b0z slowmistio ltidi2000 kong-f devkw adibdz amalgeorge21 hollow667 aminu-muhammed melvinto 0xflotus deepwebhacker 003random serguk89 medasz r0cknrolla nuryslyrt ravirajrao itsintern yuraveon

naabu's Issues

[feature] Flag to support running privilege

Is your feature request related to a problem? Please describe.
support for flags In case the user wants to escalate or drop privilege as per need and scan types.

Describe the solution you'd like

-privileged: Assume that the user is fully privileged
-unprivileged: Assume the user lacks raw socket privileges

Similar flags as nmap.

Sudo problem

[FTL] Exiting, You must be a privileged user to run this scan
with sudo:

sudo: naabu: command not found

Scanning open ports

Scanning for open ports is not reliable.
I have tried different rates from 50-1000 but still i am getting different responses. like below.
echo 'hackerone.com' | naabu -ports top-100 -rate 100

and for sure that port 8443 is not open on hackerone.com (as far as i know)

rework hardcoded timeout

Feature: Changing the way output is returned in naabu

From:
{"host": "", "ports": "80"}
{"host": "", "ports": "443"}
{"host": "", "ports": "8043"}

TO:
{"host": "", "ports": "80,443,80443,...."}

I think this will be really helpful for hunters

Results across different -ports flag, -verify flag are inconsistent

Also if possible, can be good to add localhost scanning support too.

bash: /usr/bin/naabu: No such file or directory

Hey Team! Hope You all are Doing Well.
I hv moved it to /usr/bin/naabu, but still the error is :
bash: /usr/bin/naabu: No such file or directory

Hope you will Help me Out cause i m Stuck here and am Very Desperate to Use naabu

firewall return many ports

If you encounter a firewall, many, many ports will be returned.

how to solve?

port scan randomization between multiple available hosts

As default should be true, with a flag to disable randomization.

[Feature] Adding clistats to naabu

to display some indication showing the current state of the scan.

Output file does not get created

When trying to use the output options -o file or -oJ -o file.json for example, no files get created?

Ping probe on some hosts with very verbose messages

Ping probe fails on certain subdomains for hosts like braintree-api.com
Error message is too verbose.

"retries" option questions

Hello,

I'm looking for optimization options.

Is the "retries" option required?

If data is set to zero, it cannot be detected properly.

For example:

$ naabu  -retries 0 -host google.com
[INF] Starting scan on host google.com (172.217.5.110)
[INF] No ports found on google.com (172.217.5.110). Host seems down

$ naabu -retries 1 -host google.com
[INF] Starting scan on host google.com (172.217.5.110)
[INF] Found 2 ports on host google.com (172.217.5.110)
google.com:443
google.com:80

Thanks

[feature] Documentation update - README to include steps for MacOS when using helper scripts

Is your feature request related to a problem? Please describe.
There is required steps that, although fairly trivial, would be beneficial to document in the README file.

Describe the solution you'd like
I propose to append the following to the section regarding Helper scripts:

Helper scripts on MacOS

The helper scripts require gsed to run. gsed is available through brew as

brew install gsed

With Catalina and onward Bash has been replaced by Zsh as default shell. Although Bash is still present, it may not continue to be and as such, your commands would look as

> echo hackerone.com | naabu -silent | zsh naabu2nmap.sh
> echo hackerone.com | naabu -silent | zsh prepare4nmap.sh

/ Casper

json output does not work with printing the results to stdout

root@b0x:~# naabu -host hackerone.com -oJ -silent 

hackerone.com:80
hackerone.com:443
hackerone.com:8443
hackerone.com:8080

As of now, the output will be written in json format to the file if -o flag is used, additionally -oJ flag can be renamed to -json to match with other opensource tools.

Error during installation

github.com/google/gopacket/pcap

/root/go/src/github.com/google/gopacket/pcap/pcap_unix.go:34:10: fatal error: pcap.h: No such file or directory
#include <pcap.h>
^~~~~~~~
compilation terminated.

Looks like the pcap package is no longer available the google repo

Full port scan missing common ports

While scanning without specifying the ports return 80 and 443

naabu -host example.com
                  __
  ___  ___  ___ _/ /  __ __
 / _ \/ _ \/ _ \/ _ \/ // /
/_//_/\_,_/\_,_/_.__/\_,_/ v1

		projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Using host example.com for enumeration
[INF] Starting scan on host example.com (93.184.216.34)
[INF] Found 2 ports on host example.com (93.184.216.34)
example.com:80
example.com:443

But while scanning using full port scan it is returning no ports open , excluding the previous 80 and 443 as show below

 naabu -ports full -host example.com
                  __
  ___  ___  ___ _/ /  __ __
 / _ \/ _ \/ _ \/ _ \/ // /
/_//_/\_,_/\_,_/_.__/\_,_/ v1

		projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Using host example.com for enumeration
[INF] Starting scan on host example.com (93.184.216.34)
[INF] No ports found on example.com (93.184.216.34). Host seems down

Add CIDR support in input file and host option

-bash: /usr/bin/naabu: No such file or directory

linux amd64, I have moved it to /usr/bin/naabu, but error
-bash: /usr/bin/naabu: No such file or directory

-Pn

"-Pn | Perform ping probe to detect alive hosts"

Might be confusing when it means the opposite in nmap.

How can I pass the naabu output to nmap for version detection?

Any help is appreciated

Include verbose information about scan techniques

Let's add all the available information at the start of the scan.

Scan method
Running user permission

flag updates for next release

Few flag updates for making it simple to adopt:-

replacing hL with iL, (iL as input list)
updating host as default input along with existing host flag (naabu 1.1.1.1 or naabu -host 1.1.1.1 )
replacing ports with p (naabu -p 80, 8000-9000, 9443,443)
adding top-ports (naabu -top-ports 100)

Adding debug flag to inspect various issues during scan

To ease the process of reporting bugs in naabu, we should introduce an additional flag which will create a naabu.log file containing raw packets or any information required to inspect the issue, which later users can submit here or on discord while reporting issues.

naabu -host test.com -debug

On extracting from binary it shows nuclei not naabu

When I extract from naabu binary the contents extracted are :
tar -xzvf naabu_1.1.2_linux_amd64.tar.gz
LICENSE
README.md
nuclei
I thought maybe thats a typo error. And so I did :
sudo mv nuclei /usr/bin/naabu
It was successfully done but when I called it with:
$naabu
It shows:
bash: /usr/bin/naabu: No such file or directory
Please help me fix it!

Scan fails on Virtual Interfaces as MAC is not defined

failed when install
my os ubuntu 18.04

anyone can help?

Few more edge cases to look for

To reproduce this, run the following cmd on the testing box:-

root@b0x:~/naabu-test# ls
ips.txt

root@b0x:~/naabu-test# naabu -hL ips.txt
root@b0x:~/naabu-test# naabu -hL ips.txt -ports full

Notice the differences.

[Feature Request] Reducing false negative through ICMP Echo Request

A lot of boxes will not respond to a SYN scan. Including an ICMP echo request along with the port sweep would significantly reduce the amount of targets classified to be offline.

[feature] Config file support for preconfigured scans

Describe the solution you'd like

A config file allowing users to set custom rules for different kinds of scans, so instead of feeding multiple CLI, users can simply provide a config file to perform a custom scan.

Subfinder make use of config file $HOME/.config/subfinder/config.yaml, same can be done for naabu as well $HOME/.config/naabu/config.yaml

Example of the config file:-

# Host to scans

host:
    - uber.com
    - 1.1.1.1
    - 192.168.1.0/24

# OR 

host:
    - uber.com, 1.1.1.1, 192.168.1.0/24

# Full port scan
p:
    - '-'

# Custom list of ports to scan
p:
    - '20,30,45,100-200,400'

# Top ports to scan
top-ports:
    - 100

# Exclude CDN full port scan. 
exclude-cdn:
    - true

# List to hosts to exclude from the scan
exclude-hosts:
    - 192.168.0.1, 192.168.0.2, 192.168.0.3, 127.0.0.1

# OR 

exclude-hosts:
    - 192.168.0.1
    - 192.168.0.2
    - 192.168.0.3
    - 192.168.0.4

# List to ports to exclude from the scan
exclude-ports: 
    - 25, 21, 22

# OR 

exclude-ports: 
    - 25
    - 21
    - 22

In this way, one can define all configurable flags using the config files.

Suggested flag:- config

Example:-

naabu -iL hosts.txt -config config.yaml

Add stop/resume capability

Is your feature request related to a problem? Please describe.
Add Stop/Resume capability

Describe the solution you'd like
Scanning should support Stop/Resume

[feature] Interface improvements

Adding support to list available interfaces ( interface-list)
Interface input validation.
Displaying Interface and source IP information.

Naabu is not able to scan in vm

I am using Kali latest version , when scanned hackerone with naabu it showed host seems down and when scanned with nmap it's worked fine , I know in past there was same issue as I saw in closed issues, but it doesn't seems to be fixed.

Edge case when using full ports shows host down

Naabu not Scanning ports.

natsu@DESKTOP-T32LAE7:~/go/bin$ sudo ./naabu -host hackerone.com

__

___ ___ ___ / / __ __
/ _ / _ / _ / _ / // /
////_,/_,/.__/_,_/ v1

            projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Using host hackerone.com for enumeration
[INF] Starting scan on host hackerone.com (104.16.99.52)
natsu@DESKTOP-T32LAE7:~/go/bin$

Optional flag support to exclude CDN hosts for full port scan

We can integrate cdncheck into naabu for this which checks and returns true or false for a given host.

If this flag is used and it returns true we can simply avoid the host for full port scan and perform only 80 and 443 checks.

Suggested flag:- exclude-cdn

mismatched hardware address sizes

I downloaded and installed from source on kali. Tried to use naabu to scan a HTB machine (Mango) using the command:
naabu -host 10.10.10.160 -v

the result was:

[INF] Using IP 10.10.10.160 for enumeration
[INF] Starting scan on host 10.10.10.160 (10.10.10.160)
[WRN] Could not start scan on host 10.10.10.160 (10.10.10.160): mismatched hardware address sizes

then program just exits.

Install error on 32bit linux

I have naabu installation error on a 32bit pc. My guess is 32/64 bit difference. Is there a solution?

Error log

$ go get -v github.com/projectdiscovery/naabu/cmd/naabu
github.com/projectdiscovery/naabu/pkg/scan
# github.com/projectdiscovery/naabu/pkg/scan
../../go/src/github.com/projectdiscovery/naabu/pkg/scan/scan.go:143:36: constant 8999999999 overflows int

ENV

- Ubuntu 18.04.4 LTS (kernel 4.15.0-88-generic)
- 32bit computer
- installed libpcap-dev

Wildcard ports handling

Problem:-

Port responds with "Open" status for any port you request.

Possible solution:-

Detect hosts with wildcard ports and eliminate them from the scan.

It's an issue for the discussion, more things need to be explored to understand this issue better.

exiting , you must be a privilaged user to run this scan

after this i used like sudo naabu but giving naabu didnt found

[bug] Scans on windows don't work

Windows scans get stuck without finishing. Tried on Windows 10 x64 with npcap latest version.

Remove wait for packets when number of ports is less than 1000

[research] strategies for distributing scans in multiple cases

Possible scenario to consider for port scan distribution and keeping reliability at priority.

Single host single (limited) ports.
Single host (limited) multiple ports.
Multiple hosts single port.
Multiple hosts multiple ports

related to this, a few more things to consider.

Port randomisation
Sequential scan

Feature: Avoid scanning doamins pointing to RFC1918 IP addresses

There is a possibility that some domains point to RFC1918 IP addresses. Scanning those IP addresses could lead a BAN from the cloud service provider. So it would be nice to have a feature to filter those IPS and blacklist them from scanning it.

Create a release for the latest additions

[research] rollback all the disabled flag in research branch

This is needed for further testing.

i have problem when run

[WRN] Use with caution. You are responsible for your actions
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[FTL] Program exiting: no input list provided
naabu -ports full-exclude-ports 80,443 -hL /root/Desktop/recon/xxx/exmple -o exmport.txt

Go does not download the latest repo version

Hello,

As of right now, Go does not download/install the latest repo version.

go: downloading github.com/projectdiscovery/naabu v1.1.2

[Feature Request] Would be great a stealth/passive/aggressive arg option

Would be great a stealth/passive/aggressive arg option

Originally posted by @bsysop in #2 (comment)

JSON output enhancement to include IP

echo hackerone.com | ./naabu -json -silent

{"host":"hackerone.com","port":8080}
{"host":"hackerone.com","port":8443}
{"host":"hackerone.com","port":443}
{"host":"hackerone.com","port":80}

with new update:-

echo hackerone.com | ./naabu -json -silent

{"host":"hackerone.com","ip":"104.16.99.52","port":8080}
{"host":"hackerone.com","ip":"104.16.99.52","port":8443}
{"host":"hackerone.com","ip":"104.16.99.52","port":443}
{"host":"hackerone.com","ip":"104.16.99.52","port":80}

In the case of IP as input, either we can remove the host field for JOSN format or keep it empty.