Vulnerability scanner
A vulnerability scanner is a computer program designed to assess computers, computer systems, networks or applications for weaknesses.
They can be run either as part of vulnerability management by those tasked with protecting systems - or by black hat attackers looking to gain unauthorized access.
Types
Part of a server log, showing attempts by a scanner to find the administration page. | |
---|---|
220.128.235.XXX - - [26/Aug/2010:03:00:09 +0200] "GET /db/db/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:09 +0200] "GET /db/myadmin/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:10 +0200] "GET /db/webadmin/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:10 +0200] "GET /db/dbweb/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:11 +0200] "GET /db/websql/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:11 +0200] "GET /db/webdb/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:13 +0200] "GET /db/dbadmin/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:13 +0200] "GET /db/db-admin/main.php HTTP/1.0" 404 - "-" "-" (..) |
- Port scanner (e.g. Nmap)
- Network vulnerability scanner (e.g. Nessus, SAINT, OpenVAS, INFRA Scan, Elastic Detector)
- Web application security scanner (e.g. Nikto, w3af)
- Database security scanner
- Host based vulnerability scanner (Lynis)
- ERP security scanner
- Single vulnerability tests
References
External links
- Vulnerability Scanning Tools, list at OWASP
This article is issued from Wikipedia - version of the 9/16/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.