The most stable version until now, but with some drawbacks and improvements needed

[BulzN]

Naabu Stability and Performance Analysis

During my investigation of Naabu in a production environment analyzing over 300 hosts, I found that the most stable version so far is 2.3.3. While the tool is excellent, I have identified a few drawbacks:

1. Issues with Nmap CLI Parsing – When scanning a large number of hosts and ports, integrating Naabu with Nmap CLI sometimes causes the scanning process to break unexpectedly. Despite my efforts, I couldn't find a clear explanation for this behavior. To ensure a complete and accurate analysis of all hosts, I had to run Nmap separately after Naabu completed its scanning.

2. Performance Regression in Version 2.3.4 – The latest version, 2.3.4, appears to have a significantly slower analysis rate compared to 2.3.3. While the older version utilized more CPU resources (50–70% usage) and completed scans faster, 2.3.4 shows a drastic drop in CPU utilization—falling below 1%—while memory usage remains unchanged. This issue was observed in a Docker environment with 4 allocated CPUs, where the newer version fails to utilize them efficiently, resulting in significantly longer scan times.

3. Metrics Endpoint Format Improvements – Enhancing the metrics endpoint to support structured formats compatible with observability tools, such as Prometheus, would be a valuable addition. This would allow users to easily feed scan results—including IPs, ports, hosts, and Nmap findings—into monitoring and alerting systems.

These are just my findings, and I could be mistaken regarding the first two points, but this is my analysis based on usage from December 2024 until now. I hope this serves as constructive feedback and a simple heads-up. Keep up the great work—Naabu is one of the best open-source tools for this purpose, and the entire ProjectDiscovery.io suite is outstanding. Looking ahead, it would be fantastic to see a self-hosted environment integrating all these tools, even if access to a self-hosted repository were available through a donation model.

[Mzack9999]

@BulzN Thanks for opening this discussion. I've tried multiple times to reproduce the issue and nail down the bottleneck, but I'm unable to experience any speed reduction, the speed remains more or less the same:

# version 2.3.3
$ time echo 192.168.179.0/24 | naabu
naabu  40.46s user 18.88s system 64% cpu 1:11.60 total

# latest
$ time echo 192.168.179.0/24 | naabu
naabu  4.23s user 11.34s system 26% cpu 58.862 total

Could you provide more context on how to reproduce the issue, including if possible reproduction steps?
Thanks!