ProjectDiscovery's Go port scanner — pipes cleanly into other PD tools, faster than Nmap for discovery.
Installation
Pick the install method that matches your stack. The Docker option is the cleanest for one-off scans where you don’t want to pollute your workstation.
Go install
go install -v github.com/projectdiscovery/naabu/v2/cmd/naabu@latest
Linux (apt)
sudo apt install naabu
Docker
docker run projectdiscovery/naabu -host target.com
Core commands
The handful of invocations you’ll actually run on 90% of engagements:
Scan top 100
naabu -host target.com
All ports
naabu -p - -host target.com
Specific ports
naabu -p 80,443,8080-8090 -host target.com
Scan from list
naabu -list hosts.txt -p 80,443
Pipe to httpx
naabu -list hosts.txt -p 80,443,8080 | httpx -silent
JSON output
naabu -host target.com -json -o ports.json
Performance optimisation
What separates a junior who runs the default invocation from a practitioner who knows the knobs:
-rate 1000req/sec default — bump to 5000 on solid uplinks.-c 50concurrent threads. 50 default is good on most targets.-scan-type sSYN scan (default, requires sudo) — faster than connect.-statsshows progress bar + ETA.-exclude-cdnskips known CDN ranges (Cloudflare, Akamai) — they always return 80/443 regardless.
Common pitfalls
Real failure modes that bite people on engagements. Most are recoverable; a few are reputation-damaging.
- No version detection — pair with
-nmap-cli "nmap -sV"for service detection. - SYN scan needs root.
-scan-type cfor connect (no root, slower). - Default top-100 misses 8443/8888/27017 — specify ports explicitly for serious scans.
Modern alternatives in 2026
The ecosystem moves fast. These are tools you should at least be aware of:
- nmap — feature-complete.
- masscan — fastest.
- rustscan — wraps Nmap nicely.
India context and engagement notes
In a PD-stack pipeline (subfinder → dnsx → naabu → httpx → nuclei), naabu is the port-discovery step. For internet-scale, swap with masscan; for full version detection, finalize with Nmap.
⚖️ Legal: Use only on systems you own or have explicit written authorisation to test. In India, unauthorised access is punishable under Section 66 of the IT Act, 2000 (up to 3 years imprisonment + fine). Pair every engagement with a signed Statement of Work or Rules of Engagement before running anything from this page.
Custom team training + practitioner advisory
Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.