vulnerability scanner

works on small and large networks

free license, non-commercial use

🟧 Nessus Architecture

• What are the two components of Nessus
• Where are the components?

🟩 Under the Hood of a Vulnerability Scanner

Steps of a Vulnerability Scan:

1. Port scanning

   determine if target is alive.

   identify open ports

2. Service detection

   for every open port, probes are sent and to determine application name and version

3. Vulnerabilities Database Lookup

   for every daemon, the scanner looks for a relevant vulnerability in its database

   you can specify which vulnerabilities to look for during configuration

   retrieve only OS vulns and not Web App vulns

4. Probing

   this probing confirms the vulnerabilities

   false positives are always a possibility