Chapter 5. Vulnerability Scanning
While it is possible to identify many potential vulnerabilities by reviewing the results of service fingerprinting and researching exploits associated with identified versions, this can often take an extraordinarily large amount of time. There are more streamlined alternatives that can usually accomplish a large part of this work for you. These alternatives include the use of automated scripts and programs that can identify vulnerabilities by scanning remote systems. Unauthenticated vulnerability scanners work by sending a series of distinct probes to services in attempt to solicit responses that indicate that a vulnerability exists. Alternatively, authenticated vulnerability scanners will directly query the remote system using the credentials provided for information regarding installed applications, running services, filesystem, and registry contents. This chapter will include the following recipes for performing automated vulnerability scanning...