DEV Community

丁久
丁久

Posted on • Originally published at dingjiu1989-hue.github.io

Vulnerability Scanning: Tools and Workflows

#security #cybersecurity

This article was originally published on AI Study Room. For the full version with working code examples and related articles, visit the original post.

Vulnerability Scanning: Tools and Workflows

Vulnerability Scanning: Tools and Workflows

Vulnerability Scanning: Tools and Workflows

Vulnerability Scanning: Tools and Workflows

Vulnerability Scanning: Tools and Workflows

Vulnerability Scanning: Tools and Workflows

Vulnerability Scanning: Tools and Workflows

Vulnerability Scanning: Tools and Workflows

Vulnerability Scanning: Tools and Workflows

Vulnerability scanning is the systematic process of identifying security weaknesses in systems, networks, and applications. A well-designed scanning program catches issues before attackers do. This article covers the major scanning tools, how to structure scanning workflows, and how to handle the inevitable flood of findings.

Scanning Tools

Nmap

Nmap is the foundation of network discovery and port scanning. It identifies live hosts, open ports, running services, and operating system details.

Scan a subnet for open ports and service versions

nmap -sV -p 1-65535 192.168.1.0/24

Run default NSE scripts for vulnerability detection

nmap -sV --script vuln target.example.com

Scan with OS detection and traceroute

nmap -O --traceroute target.example.com

Nmap scripting engine (NSE) extends the tool into a vulnerability scanner. Scripts like http-sql-injection, ssl-heartbleed, and smb-vuln-ms17-010 detect specific flaws.

OpenVAS

OpenVAS is an open-source vulnerability scanner managed by Greenbone. It performs authenticated and unauthenticated scans against thousands of known vulnerabilities.

OpenVAS workflow:

  • Configure a target with IP ranges and credentials for authenticated scanning.

2\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\. Select a scan config (e.g., "Full and Fast" for production, "Full" for deep scans).

3\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\. Schedule recurring scans (weekly for external, monthly for internal).

4\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\. Review results in the Greenbone Security Assistant dashboard.

OpenVAS categorizes findings by severity (Critical, High, Medium, Low) using CVSS scores. It also provides remediation advice for each finding.

Nessus

Nessus by Tenable is a commercial vulnerability scanner widely used in enterprise environments. It supports over 150,000 plugins.

Start a Nessus scan from CLI using the API

curl -X POST https://localhost:8834/scans \

-H "X-ApiKeys: accessKey=KEY; secretKey=SECRET" \

Read the full article on AI Study Room for complete code examples, comparison tables, and related resources.

Found this useful? Check out more developer guides and tool comparisons on AI Study Room.

Top comments (0)