Section 5: Vulnerability Scanning Flashcards
Vulnerability Scanning Tools
Nmap
▪ A great tool for mapping out the network, finding
open ports, running services, and the basic
versioning of each service
▪ Nmap Scripting Engine (NSE)
● Conducts basic vulnerability scanning using
Nmap
o Nessus
▪ Used to scanning the target network and then
create a report of the vulnerabilities, missing
patches, and misconfigurations that exist
o Nexpose
▪ A vulnerability scanner made by Rapid7
o QualysGuard
▪ Another commercially available vulnerability
scanner
o OpenVAS
▪ An open-source vulnerability scanne
o Nikto
▪ Can assess custom web applications that a
company may have coded themselves
Scanning Types
▪ Discovery Scan
● The least intrusive type of scan and can be as simple as
conducting a ping sweep
▪ Full Scan
● A full scan gets easily detected by network defenders and
cybersecurity analysts
▪ Stealth Scan
● Conducted by sending a SYN packet and then analyzing the
response
