In week 5 we will introduce the Pentest Tool #5 Naabu. Naabu is a scanner like the tools we already know. We are still in the reconnaissance phase, in which we as attackers try to get to know the target system as well as possible. Using Naabu, the goal is to detect open ports on the target system with a very fast scan.
Installation of Naabu
Similar to the Pentest Tool #4 from last week, Naabu is not preinstalled in Kali Linux. The free program is available like many other open source projects at GitHub. Because it is open source and the software is not bound to an operating system or other environment, there are many ways to download the scanner. The simplest solution is that we clone the entire repository.
To clone a GitHub repository, we need to type in the terminal: “git clone https://github.com/projectdiscovery/naabu.git”. In this example, we clone the repository of our pentest tool #5 Naabu, instead of the URL to this repository, any GitHub repository can be cloned by replacing the URL.
To get Naabu, which is written in Go, to actually run, we need to run 3 more commands after cloning. First, we change the current file path to “cd naabu/v2/cmd/naabu”. After we are in the correct folder we can finish the program with the command “go build”. The last command is now “mv naabu /usr/local/bin/”, this will move naabu to the right folder so that the program is accessible from everywhere.
If you want to run naabu on a Windows system or use another installation method you can find detailed instructions in the README.md.
Pentest Tool #5 – Naabu
A port scanner is a tool for penetration testers that is used in almost every test. It helps to get a quick overview of the open ports and thus to identify first weak points. An interesting port is 3389 Remote Desktop Protocol, which is used for remote maintenance. If such a port is open, it is a big danger, because your computer is waiting for a remote control by a foreign computer.
Another interesting example are IoT devices or a webcam that communicate with the internet via an open port. Such open webcams, which can be freely accessed and viewed over the Internet, are a great danger.
To detect such dangers there are port scanners. Naabu is programmed in Go, as already mentioned. Go is characterized by its high speed, which is a great advantage in scanners, because the scan is finished much faster than with a scanner written in an older programming language.
Pentest Tool #5 in practice
After installation we can set many configuration options, such as the ports to be tested. In our example the default settings are sufficient to check the top 100 ports for availability.
To start the program we enter “naabu -host w-hs.de” in the terminal. With -host we define our destination address where we want to scan for open ports. In this example we scan the website of the Westfälische Hochschule.
In the results we can see that Naabu was able to detect 4 open ports on the webserver of the Westfälische Hochschule. Besides HTTP (port 80) and HTTPS (port 443), SSH (port 22) and FTP (port 21) are also running. If, for example, the Remote Desktop Protocol Port 3389 was open, we could have detected this with the Pentest Tool #5.