Exploring the Power of 'naabu' for Network Scanning (with examples)
The command naabu is a versatile and fast port scanner written in Go, designed with a keen focus on reliability and simplicity. Its core utility lies in scanning ports of a target host to determine which ones are open and available for communication. Being fast and lightweight makes it an excellent tool for reconnaissance in cybersecurity, allowing users to quickly assess the exposure of hosts on a network. The tool is part of the larger suite by Project Discovery, renowned for its network-focused tools. However, it’s important to note that some advanced features require root privileges, such as the ability to perform a SYN scan. This article walks you through several real-world applications of naabu, using practical examples to showcase its flexibility and power.
Use Case 1: Run a SYN scan against default (top 100) ports of a remote host
Code:
sudo naabu -host example.com
Motivation: Running a SYN scan is a fundamental step in network reconnaissance, as it allows you to identify open ports on a target system with reduced risk of detection. The SYN scan is part of the TCP/IP protocol suite and is used as a stealthy scan method to determine if a port is open without establishing a full connection. This method helps security professionals and network administrators quickly gauge the security posture of their systems and plan further defensive measures.
Explanation:
sudo: This command requires root privileges to perform a SYN scan effectively, as lower-level network operations typically require elevated permissions.naabu: The command-line tool being used.-host example.com: Specifies the target host (example.com) that you wish to scan. The-hostoption directsnaabuto focus on this specified host.
Example Output:
[INF] Running SYN scan on host example.com (1.2.3.4)
[INF] Open ports:
80
443
22
Use Case 2: Display available network interfaces and public IP address of the local host
Code:
naabu -interface-list
Motivation: Understanding the configuration of your network interfaces and your current public IP address is essential for network troubleshooting and management. This can help in diagnosing network issues, ensuring proper configuration of network services, and understanding your system’s external exposure.
Explanation:
naabu: The port scanning tool from Project Discovery.-interface-list: This option instructsnaabuto list all local network interfaces and display the public IP address of your system.
Example Output:
[INF] Available network interfaces:
lo - 127.0.0.1
eth0 - 192.168.1.10
[INF] Public IP address: 203.0.113.5
Use Case 3: Scan all ports of the remote host (CONNECT scan without sudo)
Code:
naabu -p - -host example.com
Motivation: When you need to perform a comprehensive scan across all available ports, using a CONNECT scan is convenient as it does not require elevated privileges. This method is typically slower but useful when you need to explore the full spectrum of open ports on a target without administrative access.
Explanation:
naabu: The tool used for scanning.-p -: The-pflag with the dash (-) specifies scanning all possible ports. This opens up the scan to cover a full 65,536 ports range.-host example.com: Sets the target host for the scanning process.
Example Output:
[INF] Initiating full port scan on example.com (1.2.3.4)
[INF] Open ports found:
21
22
80
8080
Use Case 4: Scan the top 1000 ports of the remote host
Code:
naabu -top-ports 1000 -host example.com
Motivation: Focusing on the top 1000 ports is advantageous for administrators and security analysts aiming to strike a balance between scan comprehensiveness and time efficiency. These ports are commonly used by a wide range of popular applications and services, making them a typical target for security evaluations.
Explanation:
naabu: The command under discussion.-top-ports 1000: This option requestsnaabuto scan the top 1000 most commonly used ports.-host example.com: Points to the specific host you want to target with your scan.
Example Output:
[INF] Targeting the top 1000 ports on example.com (1.2.3.4)
[INF] Detected open ports:
80
443
3306
5900
Use Case 5: Scan TCP ports 80, 443 and UDP port 53 of the remote host
Code:
naabu -p 80,443,u:53 -host example.com
Motivation: Quickly assessing specific TCP and UDP ports can be critical in scenarios where you need to verify the status of specific services such as web servers (ports 80 and 443 for HTTP/HTTPS) or DNS services (UDP port 53). This targeted approach provides focused insight into specific services’ availability.
Explanation:
naabu: The port scanning tool in use.-p 80,443,u:53: This designates the ports to check; ports 80 and 443 for TCP, andu:53specifies UDP port 53.-host example.com: Identifies the host to be scanned.
Example Output:
[INF] Scanning specific ports on example.com (1.2.3.4)
[INF] Open ports:
TCP 80
TCP 443
Use Case 6: Show CDN type the remote host is using, if any
Code:
naabu -p 80,443 -cdn -host example.com
Motivation: Understanding the content delivery network (CDN) infrastructure supporting a remote host can provide insights into the performance and distribution strategies used by a service. This can be particularly useful for web developers and network administrators for optimizing content delivery and troubleshooting network issues.
Explanation:
naabu: The scanner used for network assessment.-p 80,443: Indicates ports of interest (commonly used for web traffic).-cdn: An option that promptsnaabuto check for any CDN service being used by the host.-host example.com: Targets the specific host for this information-gathering task.
Example Output:
[INF] Checking CDN associated with example.com (1.2.3.4)
[INF] CDN detected: Cloudflare
Use Case 7: Run nmap from naabu for additional functionalities
Code:
sudo naabu -v -host example.com -nmap-cli 'nmap -v -T5 -sC'
Motivation:
nmap is a more advanced tool that provides rich functionality, such as detailed service versioning and OS detection. Integrating nmap scans within naabu allows users to benefit from the rapid initial scan of open ports by naabu and then seamlessly transition to detailed scanning with nmap.
Explanation:
sudo: This enables more advanced scanning by granting elevated privileges required for deeper network interrogation.naabu -v: The-voption increases verbosity, allowing you to see more detailed output of the scanning process.-host example.com: The target for the port scanning process.-nmap-cli 'nmap -v -T5 -sC': Specifies the use ofnmapwith chosen flags. Here-vincreases verbosity,-T5sets aggressive timing for speed, and-sCruns default scripts.
Example Output:
[INF] Initializing with naabu scanning host: example.com
[INF] Open ports discovered: 22, 80, 443
[INF] Running nmap on discovered ports - example.com (1.2.3.4)
Nmap scan report for example.com (1.2.3.4)
Host is up (0.023s latency).
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
Conclusion:
In conclusion, the command-line tool naabu offers an array of options for effectively conducting port scans in a multitude of network environments. Whether for preliminary reconnaissance using SYN scans, discovering publicly exposed ports, or interfacing with other powerful tools like nmap for comprehensive security audits, understanding each use case allows users to leverage naabu effectively. By mastering these examples, network professionals can enhance their ability to safeguard digital infrastructures.
