V U L N E R A B I L I T Y S C A N N I N G
A
vulnerability scanner
is an automated program
designed to look for weaknesses in computers, com-
puter systems, networks, and applications. The pro-
gram probes a system by sending data to it over a
network and analyzing the responses received, in an
effort to enumerate any vulnerabilities present on the
target by using its vulnerability database as reference.
Various operating systems tend to respond differently when sent particular
network probes because of the different networking implementations in use.
These unique responses serve as a fingerprint that the vulnerability scanner
uses to determine the operating system version and even its patch level. A
vulnerability scanner can also use a given set of user credentials to log into
the remote system and enumerate the software and services to determine
whether they are patched. With the results it obtains, the scanner presents a
report outlining any vulnerabilities detected on the system. That report can
be useful for both network administrators and penetration testers.