一个用go语言编写的快速端口扫描器,注重可靠性和简单性——naabu
作者:Sec-Labs | 发布时间:
工具介绍
Naabu是一个用Go语言编写的端口扫描工具,它允许你以快速和可靠的方式列举主机的有效端口。它是一个非常简单的工具,可以对主机/主机列表进行快速的SYN/CONNECT扫描,并列出所有返回回复的端口。
项目地址
https://github.com/projectdiscovery/naabu
特定
- 快速而简单的基于SYN/CONNECT探针的扫描
- 经过优化,使用方便,资源轻便
- DNS端口扫描
- 为DNS端口扫描提供自动IP重复数据删除功能
- IPv4/IPv6端口扫描(实验性)
- 使用Shodan Internetdb进行被动端口列举
- 主机发现扫描(实验性)
- 用于服务发现的NMAP集成
- 多种输入支持 - STDIN/HOST/IP/CIDR
- 多种输出格式支持 - JSON/TXT/STDOUT
使用方法
naabu -h这将显示该工具的帮助。下面是它支持的所有开关。
Usage:
./naabu [flags]
INPUT:
-host string[] hosts to scan ports for (comma-separated)
-list, -l string list of hosts to scan ports (file)
-exclude-hosts, -eh string hosts to exclude from the scan (comma-separated)
-exclude-file, -ef string list of hosts to exclude from scan (file)
PORT:
-port, -p string ports to scan (80,443, 100-200)
-top-ports, -tp string top ports to scan (default 100)
-exclude-ports, -ep string ports to exclude from scan (comma-separated)
-ports-file, -pf string list of ports to scan (file)
-exclude-cdn, -ec skip full port scans for CDN's (only checks for 80,443)
-display-cdn, -cdn display cdn in use
RATE-LIMIT:
-c int general internal worker threads (default 25)
-rate int packets to send per second (default 1000)
OUTPUT:
-o, -output string file to write output to (optional)
-json write output in JSON lines format
-csv write output in csv format
CONFIGURATION:
-scan-all-ips, -sa scan all the IP's associated with DNS record
-ip-version, -iv string[] ip version to scan of hostname (4,6) - (default 4)
-scan-type, -s string type of port scan (SYN/CONNECT) (default "s")
-source-ip string source ip and port (x.x.x.x:yyy)
-interface-list, -il list available interfaces and public ip
-interface, -i string network Interface to use for port scan
-nmap invoke nmap scan on targets (nmap must be installed) - Deprecated
-nmap-cli string nmap command to run on found results (example: -nmap-cli 'nmap -sV')
-r string list of custom resolver dns resolution (comma separated or from file)
-proxy string socks5 proxy (ip[:port] / fqdn[:port]
-proxy-auth string socks5 proxy authentication (username:password)
-resume resume scan using resume.cfg
-stream stream mode (disables resume, nmap, verify, retries, shuffling, etc)
-passive display passive open ports using shodan internetdb api
-irt, -input-read-timeout duration timeout on input read (default 3m0s)
-no-stdin Disable Stdin processing
HOST-DISCOVERY:
-sn, -host-discovery Run Host Discovery scan
-ps, -probe-tcp-syn string[] TCP SYN Ping (host discovery needs to be enabled)
-pa, -probe-tcp-ack string[] TCP ACK Ping (host discovery needs to be enabled)
-pe, -probe-icmp-echo ICMP echo request Ping (host discovery needs to be enabled)
-pp, -probe-icmp-timestamp ICMP timestamp request Ping (host discovery needs to be enabled)
-pm, -probe-icmp-address-mask ICMP address mask request Ping (host discovery needs to be enabled)
-arp, -arp-ping ARP ping (host discovery needs to be enabled)
-nd, -nd-ping IPv6 Neighbor Discovery (host discovery needs to be enabled)
OPTIMIZATION:
-retries int number of retries for the port scan (default 3)
-timeout int millisecond to wait before timing out (default 1000)
-warm-up-time int time in seconds between scan phases (default 2)
-ping ping probes for verification of host
-verify validate the ports again with TCP verification
DEBUG:
-health-check, -hc run diagnostic check up
-debug display debugging information
-verbose, -v display verbose output
-no-color, -nc disable colors in CLI output
-silent display only results in output
-version display version of naabu
-stats display stats of the running scan
-si, -stats-interval int number of seconds to wait between showing a statistics update (default 5)安装说明
前提条件
注意:在安装naabu之前,确保安装用于数据包捕获的libpcap库。
在Linux上安装libcap:sudo apt install -y libpcap-dev,在Mac上:sudo brew install libpcap
安装Naabu
go install -v github.com/projectdiscovery/naabu/v2/cmd/naabu@latest运行Naabu
要在一个目标上运行该工具,只需使用以下命令。
naabu -host hackerone.com这将针对 hackerone.com 运行该工具。有许多配置选项可以与这个命令一起传递。verbose开关-v可以用来显示详细信息。
naabu -host hackerone.com
__
___ ___ ___ _/ / __ __
/ _ \/ _ \/ _ \/ _ \/ // /
/_//_/\_,_/\_,_/_.__/\_,_/ v2.0.3
projectdiscovery.io
[WRN] Use with caution. You are responsible for your actions
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Running SYN scan with root privileges
[INF] Found 4 ports on host hackerone.com (104.16.100.52)
hackerone.com:80
hackerone.com:443
hackerone.com:8443
hackerone.com:8080在主机上扫描的端口可以通过-p参数指定。它采用nmap格式的端口并对其进行枚举。
naabu -p 80,443,21-23 -host hackerone.com默认情况下,Naabu检查nmap的前100个端口。它支持以下内置的端口列表
| 参数搭配 | 描述 |
|---|---|
-top-ports 100 |
扫描nmap前100名的端口 |
-top-ports 1000 |
扫描nmap前1000名的端口 |
-p - |
扫描1-65535的全部端口 |
你还可以指定你想从扫描中排除的特定端口。
naabu -p - -exclude-ports 80,443使用指定字典文件运行naabu,可以使用-list选项。
naabu -list hosts.txt你也可以使用-json开关获得json格式的输出。这个开关将输出保存为JSON行格式。
naabu -host 104.16.99.52 -json
{"ip":"104.16.99.52","port":443}
{"ip":"104.16.99.52","port":80}所发现的端口也可以被输送到其他工具。例如,你可以把naabu发现的端口输送给httpx,它将找到主机上运行的http服务器。
echo hackerone.com | naabu -silent | httpx -silent
http://hackerone.com:8443
http://hackerone.com:443
http://hackerone.com:8080
http://hackerone.com:80速度可以通过改变代表每秒数据包数量的rate标志的值来控制。在处理主机时增加它可能会导致假阳性率增加。因此,建议把它保持在一个合理的数量。
更多使用说明请查看原github
标签:工具分享, 资产测绘, 扫描工具