Vulnerability scanner
A vulnerability scanner is a computer program designed to assess computers, computer systems, networks or applications for weaknesses. In plain words, these scanners are used to discover the weak points or poorly constructed parts.
They can be run either as part of vulnerability management by those tasked with protecting systems - or by black hat attackers looking to gain unauthorized access.
Types
| Part of a server log, showing attempts by a scanner to find the administration page. | |
|---|---|
|
220.128.235.XXX - - [26/Aug/2010:03:00:09 +0200] "GET /db/db/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:09 +0200] "GET /db/myadmin/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:10 +0200] "GET /db/webadmin/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:10 +0200] "GET /db/dbweb/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:11 +0200] "GET /db/websql/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:11 +0200] "GET /db/webdb/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:13 +0200] "GET /db/dbadmin/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:13 +0200] "GET /db/db-admin/main.php HTTP/1.0" 404 - "-" "-" (..)
| |
- Port scanner (e.g. Nmap)
- Network vulnerability scanner (e.g. Nessus, SAINT, OpenVAS, INFRA Security Scanner, Nexpose)
- Web application security scanner (e.g. Nikto, Acunetix, Burp Suite, OWASP ZAP, w3af)
- Database security scanner
- Host based vulnerability scanner (Lynis)
- ERP security scanner
- Single vulnerability tests
External links
- Vulnerability Scanning Tools, list at OWASP
 | This computer networking article is a stub. You can help Wikipedia by expanding it. |