Vulnerability scanners are automated tools used to identify security flaws affecting a given system or application. Vulnerability scanners typically work by fingerprinting a target’s operating system (that is, identifying the version and type) as well as any services that are running. Once you have fingerprinted the target’s operating system, you use the vulnerability scanner to execute specific checks to determine whether vulnerabilities exist. Of course, these checks are only as good as their creators, and, as with any fully automated solution, they can sometimes miss or misrepresent vulnerabilities on a system.
Most modern vulnerability scanners do an amazing job of minimizing false positives, and many organizations use them to identify out-of-date systems or potential new exposures that might be exploited by attackers.
Vulnerability scanners play a very important role in penetration testing, especially in the case of overt testing, which allows you to launch multiple attacks without having to worry about avoiding detection. The wealth of knowledge gleaned from vulnerability scanners can be invaluable, but beware of relying on them too heavily. The beauty of a penetration test is that it can’t be automated, and attacking systems successfully requires that you have knowledge and skills. In most cases, when you become a skilled penetration tester, you will rarely use a vulnerability scanner but will rely on your knowledge and expertise to compromise a system.