Vulnerability scanner

Vulnerability scanner

A vulnerability scanner is a computer program designed to assess computers, computer systems, networks or applications for weaknesses. There are a number of types of vulnerability scanners available today, distinguished from one another by a focus on particular targets. While functionality varies between different types of vulnerability scanners, they share a common, core purpose of enumerating the vulnerabilities present in one or more targets. Vulnerability scanners are a core technology component of vulnerability management.

Contents

Types of Vulnerability Scanners

Friendly types of vulnerability scanners:

  • CGI Scanner (usually restricted to banner checking; cgi scanners can find vulnerable scripts but usually don't exploit them)[1]

Network reconnaissance

Part of the server log, showing attempts to find the administration page. 
220.128.235.XXX - - [26/Aug/2010:03:00:09 +0200] "GET /db/db/main.php HTTP/1.0" 404 - "-" "-"
220.128.235.XXX - - [26/Aug/2010:03:00:09 +0200] "GET /db/myadmin/main.php HTTP/1.0" 404 - "-" "-"
220.128.235.XXX - - [26/Aug/2010:03:00:10 +0200] "GET /db/webadmin/main.php HTTP/1.0" 404 - "-" "-"
220.128.235.XXX - - [26/Aug/2010:03:00:10 +0200] "GET /db/dbweb/main.php HTTP/1.0" 404 - "-" "-"
220.128.235.XXX - - [26/Aug/2010:03:00:11 +0200] "GET /db/websql/main.php HTTP/1.0" 404 - "-" "-"
220.128.235.XXX - - [26/Aug/2010:03:00:11 +0200] "GET /db/webdb/main.php HTTP/1.0" 404 - "-" "-"
220.128.235.XXX - - [26/Aug/2010:03:00:13 +0200] "GET /db/dbadmin/main.php HTTP/1.0" 404 - "-" "-"
220.128.235.XXX - - [26/Aug/2010:03:00:13 +0200] "GET /db/db-admin/main.php HTTP/1.0" 404 - "-" "-"
220.128.235.XXX - - [26/Aug/2010:03:00:14 +0200] "GET /db/phpmyadmin2/main.php HTTP/1.0" 404 - "-" "-"
220.128.235.XXX - - [26/Aug/2010:03:00:14 +0200] "GET /db/phpMyAdmin2/main.php HTTP/1.0" 404 - "-" "-"
220.128.235.XXX - - [26/Aug/2010:03:00:15 +0200] "GET /db/phpMyAdmin-2/main.php HTTP/1.0" 404 - "-" "-"
220.128.235.XXX - - [26/Aug/2010:03:00:15 +0200] "GET /db/php-my-admin/main.php HTTP/1.0" 404 - "-" "-"
220.128.235.XXX - - [26/Aug/2010:03:00:17 +0200] "GET /db/phpMyAdmin-2.2.3/main.php HTTP/1.0" 404 - "-" "-"
220.128.235.XXX - - [26/Aug/2010:03:00:17 +0200] "GET /db/phpMyAdmin-2.2.6/main.php HTTP/1.0" 404 - "-" "-"
220.128.235.XXX - - [26/Aug/2010:03:00:18 +0200] "GET /db/phpMyAdmin-2.5.1/main.php HTTP/1.0" 404 - "-" "-"
220.128.235.XXX - - [26/Aug/2010:03:00:18 +0200] "GET /db/phpMyAdmin-2.5.4/main.php HTTP/1.0" 404 - "-" "-"
(..)

A vulnerability scanner can be used to conduct network reconnaissance, which is typically carried out by a remote attacker attempting to gain information or access to a network on which it is not authorized or allowed. Network reconnaissance is increasingly used to exploit network standards and automated communication methods. The aim is to determine what types of computers are present, along with additional information about those computers—such as the type and version of the operating system. This information can be analyzed for known or recently discovered vulnerabilities that can be exploited to gain access to secure networks and computers. Network reconnaissance is possibly one of the most common applications of passive data analysis. Early generation techniques, such as TCP/IP passive fingerprinting, have accuracy issues that tended to make it ineffective. Today, numerous tools exist to make reconnaissance easier and more effective.[2][3][4]

References

  1. ^ What is a CGI Scanner?
  2. ^ http://insecure.org/presentations/Shmoo06/shmoo-fyodor-011406.pdf Advanced Network Reconnaissance with Nmap
  3. ^ http://www.arxceo.com/documents/ISSA_antirecon_article.pdf Network Reconnaissance defense techniques from ISSA
  4. ^ http://www.sift.com.au/36/172/xml-port-scanning-bypassing-restrictive-perimeter-firewall.htm XML Port Scanning Attacks

Programs

Stub icon This computer networking article is a stub. You can help Wikipedia by expanding it.