background image

V U L N E R A B I L I T Y   S C A N N I N G

vulnerability scanner

 is an automated program 

designed to look for weaknesses in computers, com-
puter systems, networks, and applications. The pro-
gram probes a system by sending data to it over a 
network and analyzing the responses received, in an 
effort to enumerate any vulnerabilities present on the 
target by using its vulnerability database as reference.

Various operating systems tend to respond differently when sent particular 

network probes because of the different networking implementations in use. 
These unique responses serve as a fingerprint that the vulnerability scanner 
uses to determine the operating system version and even its patch level. A 
vulnerability scanner can also use a given set of user credentials to log into 
the remote system and enumerate the software and services to determine 
whether they are patched. With the results it obtains, the scanner presents a 
report outlining any vulnerabilities detected on the system. That report can 
be useful for both network administrators and penetration testers.