Quickly scan a list of hosts during a penetration test to find which ports are open before running deeper analysis.
Integrate Naabu with Nmap in an automated pipeline to identify open ports then fingerprint the services running on them.
Run passive port discovery on a target using Shodan data via Naabu without sending any packets to the target.
| projectdiscovery/naabu | fnproject/fn | go-flutter-desktop/go-flutter | |
|---|---|---|---|
| Stars | 5,935 | 5,935 | 5,933 |
| Language | Go | Go | Go |
| Setup difficulty | moderate | moderate | moderate |
| Complexity | 3/5 | 4/5 | 3/5 |
| Audience | ops devops | ops devops | developer |
Figures from each repo's GitHub metadata at analysis time.
SYN scanning requires root or admin privileges on Linux and Mac, CONNECT mode works without elevated permissions.
Naabu is a command-line tool for port scanning, which means it checks a list of computers or servers to find out which network ports are open and accepting connections. Security researchers and penetration testers use this kind of tool during assessments to map out what services are exposed on a target system before deciding where to look more closely. The tool is written in Go and is designed to be fast and lightweight. It can send different types of network probes (SYN, CONNECT, and UDP) and works with both IPv4 and IPv6 addresses. You can give it a single host, a list of hosts, a range of IP addresses, or an ASN number (a grouping identifier used by large networks), and it will return a list of which ports responded. Naabu includes a feature to skip full scans for content delivery networks and firewalls, since those systems sit in front of the actual target and would otherwise flood results with irrelevant ports. It can also pull passive port data from Shodan's public database without sending any packets at all. For deeper analysis, it can call Nmap automatically on the ports it finds, which is a separate tool that identifies what software is running on each port. Results can be written as plain text, JSON, or CSV. The tool supports a configuration file so you do not have to repeat flags on every run. It integrates with the ProjectDiscovery cloud platform, which is the company behind this tool, allowing results to be uploaded to a shared dashboard. The project is open source under the MIT license and is part of a broader suite of security tools maintained by ProjectDiscovery. It is intended for use in authorized security testing, bug bounty programs, and penetration tests.
Naabu is a fast command-line port scanner written in Go that finds open ports on servers and IP ranges, with SYN/CONNECT/UDP probes, Nmap integration, passive Shodan lookup, and JSON or CSV output.
Mainly Go. The stack also includes Go.
Use freely for any purpose, including commercial use, as long as you keep the copyright notice.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.