Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The most stable version until now, but with some drawbacks and improvements needed #1374

Open
ehsandeep opened this issue Feb 5, 2025 · 2 comments
Open

The most stable version until now, but with some drawbacks and improvements needed #1374

ehsandeep opened this issue Feb 5, 2025 · 2 comments
Assignees
@Mzack9999

Comments

@ehsandeep
Copy link
Member

Discussed in #1365

Originally posted by BulzN February 3, 2025

Naabu Stability and Performance Analysis

During my investigation of Naabu in a production environment analyzing over 300 hosts, I found that the most stable version so far is 2.3.3. While the tool is excellent, I have identified a few drawbacks:

  1. Issues with Nmap CLI Parsing – When scanning a large number of hosts and ports, integrating Naabu with Nmap CLI sometimes causes the scanning process to break unexpectedly. Despite my efforts, I couldn't find a clear explanation for this behavior. To ensure a complete and accurate analysis of all hosts, I had to run Nmap separately after Naabu completed its scanning.

  2. Performance Regression in Version 2.3.4 – The latest version, 2.3.4, appears to have a significantly slower analysis rate compared to 2.3.3. While the older version utilized more CPU resources (50–70% usage) and completed scans faster, 2.3.4 shows a drastic drop in CPU utilization—falling below 1%—while memory usage remains unchanged. This issue was observed in a Docker environment with 4 allocated CPUs, where the newer version fails to utilize them efficiently, resulting in significantly longer scan times.

  3. Metrics Endpoint Format Improvements – Enhancing the metrics endpoint to support structured formats compatible with observability tools, such as Prometheus, would be a valuable addition. This would allow users to easily feed scan results—including IPs, ports, hosts, and Nmap findings—into monitoring and alerting systems.

These are just my findings, and I could be mistaken regarding the first two points, but this is my analysis based on usage from December 2024 until now. I hope this serves as constructive feedback and a simple heads-up. Keep up the great work—Naabu is one of the best open-source tools for this purpose, and the entire ProjectDiscovery.io suite is outstanding. Looking ahead, it would be fantastic to see a self-hosted environment integrating all these tools, even if access to a self-hosted repository were available through a donation model.
@waydmy
Copy link

waydmy commented Feb 10, 2025

The scanning speed of naabu 2.3.4 is much slower than that of 2.3.3

@BulzN
Copy link

BulzN commented Feb 11, 2025

The scanning speed of naabu 2.3.4 is much slower than that of 2.3.3

Follow-Up Comment:

You can check my detailed assessment from the discussion here: #1365. I'd really appreciate if anyone could also run a test on their side to help validate this issue thoroughly. While my tests were conducted in my environment (macOS on my MacBook Pro), the same principles should apply in VMs or other Linux hosts.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Mzack9999 Mzack9999

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ehsandeep @Mzack9999 @waydmy @BulzN