Vulnerability scanner software or packages are applications that inspects and logs information about the potential threats, security holes and systems connected on the network. Vulnerability scanning is used as the first step to secure a network or a computer in the network. These tests are passive tests unlike penetration tests. Passive tests are those tests that are conducted without physically logging into the system or the network although, some vulnerability tests are done from inside the network or system.
Vulnerability tests are powerful applications and are not done to take advantage of the vulnerability but to analyze the network or the system. Here the terms system and network are used together because vulnerability scanners are used to scan both a network or a system. The major difference between a vulnerability test and penetration tests is that, vulnerability test helps in identifying known weaknesses in the system or network while pen testing is done to identify weaknesses in system configuration and processes that can compromise security.
There are two types of scanning. Non intrusive scanning and intrusive scanning. Non intrusive are done from outside the network or system and usually sends a byte of data to the system or network to get response from the system. It analyses the ways which an outside system can interact with the device under test. It gives information about exposed ports and services accessible remotely.
Intrusive scans are done inside the network or system. It gathers information about all the systems, servers, switches, firewalls, virtual machines and printers connected to the network. In both these scanning, the application doesn’t try to log into the system. But in credential scans, the user is logged into the system and emulates an attack from inside. All scans have detailed log which helps in analyzing the test results.
Some of the popular vulnerability assessment softwares available in the market are Nessus professional, OpenVAS, Wireshark, Comodo Hackproof, Microsoft Baseline Security Analyzer (MBSA), TripWire, Nexpose community, Retina, Niktoand so on. Some of them are proprietary while some are opensource tools.