Vulnerability scanner

From Wikipedia, the free encyclopedia
Jump to: navigation, search

A vulnerability scanner is a computer program designed to assess computers, computer systems, networks or applications for weaknesses. There are a number of types of vulnerability scanners available today, distinguished from one another by a focus on particular targets. While functionality varies between different types of vulnerability scanners, they share a common, core purpose of enumerating the vulnerabilities present in one or more targets. Vulnerability scanners are a core technology component of vulnerability management.

Types of Vulnerability Scanners[edit]

Friendly types of vulnerability scanners:

  • CGI Scanner (usually restrict to banner checking; cgi scanners can find vulnerable scripts but usually don't exploit them)[1]

Network reconnaissance[edit]

Part of the server log, showing attempts to find the administration page.
220.128.235.XXX - - [26/Aug/2010:03:00:09 +0200] "GET /db/db/main.php HTTP/1.0" 404 - "-" "-"
220.128.235.XXX - - [26/Aug/2010:03:00:09 +0200] "GET /db/myadmin/main.php HTTP/1.0" 404 - "-" "-"
220.128.235.XXX - - [26/Aug/2010:03:00:10 +0200] "GET /db/webadmin/main.php HTTP/1.0" 404 - "-" "-"
220.128.235.XXX - - [26/Aug/2010:03:00:10 +0200] "GET /db/dbweb/main.php HTTP/1.0" 404 - "-" "-"
220.128.235.XXX - - [26/Aug/2010:03:00:11 +0200] "GET /db/websql/main.php HTTP/1.0" 404 - "-" "-"
220.128.235.XXX - - [26/Aug/2010:03:00:11 +0200] "GET /db/webdb/main.php HTTP/1.0" 404 - "-" "-"
220.128.235.XXX - - [26/Aug/2010:03:00:13 +0200] "GET /db/dbadmin/main.php HTTP/1.0" 404 - "-" "-"
220.128.235.XXX - - [26/Aug/2010:03:00:13 +0200] "GET /db/db-admin/main.php HTTP/1.0" 404 - "-" "-"
220.128.235.XXX - - [26/Aug/2010:03:00:14 +0200] "GET /db/phpmyadmin2/main.php HTTP/1.0" 404 - "-" "-"
220.128.235.XXX - - [26/Aug/2010:03:00:14 +0200] "GET /db/phpMyAdmin2/main.php HTTP/1.0" 404 - "-" "-"
220.128.235.XXX - - [26/Aug/2010:03:00:15 +0200] "GET /db/phpMyAdmin-2/main.php HTTP/1.0" 404 - "-" "-"
220.128.235.XXX - - [26/Aug/2010:03:00:15 +0200] "GET /db/php-my-admin/main.php HTTP/1.0" 404 - "-" "-"
220.128.235.XXX - - [26/Aug/2010:03:00:17 +0200] "GET /db/phpMyAdmin-2.2.3/main.php HTTP/1.0" 404 - "-" "-"
220.128.235.XXX - - [26/Aug/2010:03:00:17 +0200] "GET /db/phpMyAdmin-2.2.6/main.php HTTP/1.0" 404 - "-" "-"
(..)

A vulnerability scanner can be used to conduct network reconnaissance, which is typically carried out by a remote attacker attempting to gain information or access to a network on which it is not authorized or allowed. Network reconnaissance is increasingly used to exploit network standards and automated communication methods. The aim is to determine what types of computers are present, along with additional information about those computers—such as the type and version of the operating system. This information can be analyzed for known or recently discovered vulnerabilities that can be exploited to gain access to secure networks and computers. Network reconnaissance is possibly one of the most common applications of passive data analysis. Early generation techniques, such as TCP/IP passive fingerprinting, have accuracy issues that tended to make it ineffective. Today, numerous tools exist to make reconnaissance easier and more effective.[2][3][4][5]

References[edit]

Programs[edit]

W3af is also a network security Scanner