由于naabu稳定版本发布较晚,这里采用开发版体验功能

https://github.com/projectdiscovery/naabu/tree/dev

安装相关依赖

1
2
3
4
5
$docker run -it --name="naabu-dev" golang:1.17.7-alpine /bin/sh
$apk add build-base libpcap-dev git
$git clone https://github.com/projectdiscovery/naabu.git
$cd naabu/
$git branch -a #查看分支
1
2
3
4
5
6
7
8
remotes/origin/HEAD -> origin/master
remotes/origin/dependabot/docker/dev/golang-1.17.8-alpine
remotes/origin/dependabot/github_actions/dev/actions/checkout-3
remotes/origin/dev
remotes/origin/master
remotes/origin/stop-resume-kv-disk
remotes/origin/stop-resume-support
remotes/origin/stream-support

切换开发分支

1
2
3
4
5
6
$git checkout -b devlocal origin/dev
$git fetch
$cd v2/cmd/naabu/
$CGO_ENABLED=0
$GOOS=linux
$go build -a -ldflags '-extldflags "-static"'

将naabu的二进制文件复制到宿主机

1
$docker cp $(docker inspect -f {{.Config.Hostname}} naabu-dev):/go/naabu/v2/cmd/naabu/naabu /tmp/

可以看到有了很多新功能

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
$/tmp/naabu --help
Naabu is a port scanning tool written in Go that allows you to enumerate open ports for hosts in a fast and reliable manner.

Usage:
  ./naabu [flags]

Flags:
INPUT:
   -host string[]              hosts to scan ports for (comma-separated)
   -list, -l string            list of hosts to scan ports (file)
   -exclude-hosts, -eh string  hosts to exclude from the scan (comma-separated)
   -exclude-file, -ef string   list of hosts to exclude from scan (file)

PORT:
   -port, -p string            ports to scan (80,443, 100-200
   -top-ports, -tp string      top ports to scan (default 100)
   -exclude-ports, -ep string  ports to exclude from scan (comma-separated)
   -ports-file, -pf string     list of ports to exclude from scan (file)
   -exclude-cdn, -ec           skip full port scans for CDN's (only checks for 80,443)

RATE-LIMIT:
   -c int     general internal worker threads (default 25)
   -rate int  packets to send per second (default 1000)

OUTPUT:
   -o, -output string  file to write output to (optional)
   -json               write output in JSON lines format
   -csv                write output in csv format

CONFIGURATION:
   -scan-all-ips, -sa     scan all the IP's associated with DNS record
   -scan-type, -s string  type of port scan (SYN/CONNECT) (default "s")
   -source-ip string      source ip
   -interface-list, -il   list available interfaces and public ip
   -interface, -i string  network Interface to use for port scan
   -nmap                  invoke nmap scan on targets (nmap must be installed) - Deprecated
   -nmap-cli string       nmap command to run on found results (example: -nmap-cli 'nmap -sV')
   -r string              list of custom resolver dns resolution (comma separated or from file)
   -proxy string          socks5 proxy

OPTIMIZATION:
   -retries int       number of retries for the port scan (default 3)
   -timeout int       millisecond to wait before timing out (default 1000)
   -warm-up-time int  time in seconds between scan phases (default 2)
   -ping              ping probes for verification of host
   -verify            validate the ports again with TCP verification

DEBUG:
   -debug                    display debugging information
   -verbose, -v              display verbose output
   -no-color, -nc            disable colors in CLI output
   -silent                   display only results in output
   -version                  display version of naabu
   -stats                    display stats of the running scan
   -si, -stats-interval int  number of seconds to wait between showing a statistics update (default 5)