naabu

Scan target for open ports

$ naabu -host [example.com]

$ naabu -host [example.com] -p [80,443,8080]

$ naabu -host [example.com] -p [1-1000]

$ naabu -host [example.com] -top-ports [100]

$ naabu -list [targets.txt]

$ naabu -host [example.com] -o [results.txt]

$ naabu -host [example.com] -rate [1000]

$ naabu -host [example.com] -json

naabu [-host target] [-p ports] [-top-ports n] [-o file] [options]

naabu is a fast port scanner written in Go. It uses SYN scanning for speed while maintaining accuracy through verification.
The scanner optimizes for speed with configurable rate limiting. It can scan thousands of hosts quickly while respecting network constraints.
Top ports mode scans the most commonly open ports, focusing resources on likely targets. Custom port lists target specific services.
Nmap integration hands off discovered ports for service detection. This combines naabu's speed with nmap's detailed fingerprinting.
Output formats include plain text, JSON, and nmap-compatible results. Integration with other security tools is straightforward.
The tool is designed for security professionals performing authorized assessments.

-host TARGET

Target to scan.

File with targets.

Ports to scan.

Scan top N ports.

Ports to exclude.

Output file.

JSON output.

Packets per second.

Concurrent hosts.

Timeout in milliseconds.

Retry count.

Verify open ports.

Run nmap on discovered ports.

Silent mode.

Verbose output.

SYN scanning requires root/admin privileges. Aggressive scanning may trigger IDS/IPS. Only use on authorized targets. Rate limiting important on production networks.

naabu was developed by ProjectDiscovery as part of their security tooling suite. It complements their other tools like nuclei, httpx, and subfinder for comprehensive security testing workflows.

nmap(1), masscan(1), rustscan(1), zmap(1)