Learn about running Naabu with examples and sample output
naabu
be sure to check out the Usage page. On this page we’ll share examples running httpx with specific flags and goals
and the output you can expect from each.
-v
can be used to display verbose information.
-p
parameter (udp ports must be expressed as u:port
). It takes nmap format ports and runs enumeration on them.
Top 100
ports. It supports the following in-built port lists -
Flag | Description |
---|---|
-top-ports 100 | Scan for nmap top 100 port |
-top-ports 1000 | Scan for nmap top 1000 port |
-p - | Scan for full ports from 1-65535 |
-list
option can be used.
-json
switch. This switch saves the output in the JSON lines format.
rate
flag that represent the number of packets per second. Increasing it while processing hosts may lead to increased false-positive rates. So it is recommended to keep it to a reasonable amount.
inet6
) and a default gateway.
-ip-version 6
makes the tool use IPv6 addresses while resolving domain names.
ip-version 4,6
can be used along with -scan-all-ips
flag.
-sn
flag instructs the toll to perform host discovery only. -Pn
flag skips the host discovery phase. Host discovery is completed using multiple internal methods; one can specify the desired approach to perform host discovery by setting available options.
Available options to perform host discovery:
-arp
)-ps 80
)-pa 443
)-pe
)-pp
)-pm
)-nd
)$HOME/.config/naabu/config.yaml
, It allows you to define any flag in the config file and set default values to include for all scans.
nmap
installed to use this feature.
To use,nmap-cli
flag can be used followed by nmap command, for example:-
80
and 443
ports get scanned for those IPs. This feature can be enabled by using exclude-cdn
flag.
Currently cloudflare
, akamai
, incapsula
and sucuri
IPs are supported for exclusions.
http://localhost:63636
(the port can be changed via the -metrics-port
flag)
80
of scanme.sh
. The results are returned via the OnResult
callback: