search

projectdiscovery / naabu

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
https://projectdiscovery.io
MIT License
4.69k stars 548 forks source link

Invalid -mp parameter #753

Closed zlgxzswjy closed 1 year ago

zlgxzswjy commented 1 year ago

Naabu version:

2.1.6 linux amd64

Current Behavior:

Naabu exposes json scan info on a local port bound to localhost at http://localhost:63636 (the port can be changed via the -metrics-port flag)

I noticed that the description of Scan Status was added to the documentation,I think the purpose of this parameter is to replace the original stats parameter and I noticed the -stats parameter was marked deprecated。

But when I used the -mp parameter, I found that it didn't work, requests to port 63636 didn't respond, and the netstat command showed that naabu wasn't listening on any ports during the whole process

Expected Behavior:

Steps To Reproduce:

1、 Run "naabu -host x.x.x.x -p - -mp 63636 -duc" 2、 Run " watch -n 1 'netstat -tunpla|grep naabu' "

Anything else:

Also, I'm sure I have root privileges And I also use go install from the source, but the performance is the same

Mzack9999 commented 1 year ago

@zlgxzswjy Thanks for opening this issue. Even if marked as deprecated the -stats flag is still necessary to activate the functionality`

$ naabu -host 192.168.1.1 -p - -mp 63636 -duc -v -debug -stats

in another terminal

$ curl http://localhost:63636/metrics | jq
{
  "total": 196605,
  "packets": 3,
  "errors": 0,
  "hosts": 1,
  "retries": 3,
  "startedAt": "2023-08-15T01:28:50.419451+02:00",
  "ports": 65535,
  "duration": "0:00:05"
}
zlgxzswjy commented 1 year ago

@Mzack9999 Thank you for your reply. I see. I think there may be ambiguity here, I still suggest making some adjustments