Naabu
Fast port scanner by ProjectDiscovery with service discovery and Nmap integration
Recon & OSINT12 commands
#port-scanner#recon#network#projectdiscovery#enumeration
Installation
1Install using Go
2Install via apt
3Verify installation
# Using Go
go install github.com/projectdiscovery/naabu/v2/cmd/naabu@latest
# Linux via apt
sudo apt install naabu
# Verify
naabu --versionBasic Usage
Discover open ports on targets with fast SYN scanning
# Scan single host
naabu -host example.com
# Scan multiple hosts
naabu -list hosts.txt
# Scan specific ports
naabu -host example.com -p 80,443,8080,8443
# Scan port range
naabu -host example.com -p 1-1000
# Fast top 100 ports
naabu -host example.com -top-ports 100
# Output with Nmap service detection
naabu -host example.com -nmap-cli "nmap -sV"
# JSON output
naabu -host example.com -json -o results.jsonCommand Reference
12 commands
1Target host or IP
-host2File with host list
-list3Ports to scan
-p4Top N ports to scan
-top-ports5Ports to exclude
-exclude-ports6Packets per second
-rate7Timeout in milliseconds
-timeout8Nmap command for service detection
-nmap-cli9JSON output format
-json10Output file
-o11Verbose output
-v12Verify ports with TCP connect
-verifyWhen to Use
1
Fast port scanning during recon2
Discovering web servers and services3
Mass scanning of IP ranges4
Integration with automation pipelines5
Preliminary scan before Nmap detailed enumerationNotes & Tips
1
Requires root privileges for SYN scan on Linux2
Top 1000 ports covers most common services3
Use -verify for TCP connect scan (no root required)4
Pipe results to httpx for HTTP service probingCommon Errors & Solutions
Permission denied (SYN scan)
Run with sudo or use -verify flag for TCP connect scan
No ports found
Try -top-ports full or scan broader range. Some hosts block SYN probes