Vulnerability Assessment Penetration Testing
What Are Vulnerability Scanners and How Do They Work?
Vulnerability scanners scan computers, networks, or applications looking for potential weaknesses that could be used by attackers to compromise the target. The way a vulnerability scanner works is that it probes the system by sending specific data to the target host/network, and based on its analysis of the response (fingerprint) received from the target, it can determine many things such as the following: Vulnerability Assessment Penetration Testing
- Open ports
- Operating System
Vulnerability Assessment with Nmap
One of the most powerful features in nmap is the nmap scripting engine, which can be used for automating many tasks. Nmap scripting engine contains many scripts for performing tasks such as OS fingerprinting, DNS enumeration, and SNMP enumeration. They can also be used for vulnerability scanning purposes. The scripts are written in Lua language, which is very well documented. Learning it will help you write your own scripts or modify existing ones. The nmap scripts are located in the /usr/local/share/nmap/scripts directory in BackTrack. Just navigate to the directory and you will see tons of useful scripts that can be used for target enumeration as well as scanning vulnerabilities.
Pros and Cons of a Vulnerability Scanner
The main advantage of any vulnerability scanner is task automation; it can automate many tasks such as reconnaissance, port scanning, service, and version detection. This can make your work faster and more effective than doing everything manually. On the other hand, there are some disadvantages of using a vulnerability scanner. One of the main disadvantages is that the vulnerability scanners are very loud by nature and can be easily detected since we are sending lots of traffic over the network. So if you want to stay undetected/ anonymous during the pentest, then this is not the best choice in my opinion. The other problem with a vulnerability scanner is that it can produce lots of false positives, meaning that it will report vulnerabilities in the target that may not exist in reality. However, it will also report a lot of false negatives, meaning that the scanner would miss or not report the vulnerabilities that actually exist.