Results 1 to 5 of 5

Thread: Passive Vulnerability Scanner

  1. #1
    Junior Member
    Join Date
    Aug 2015
    Posts
    1

    Passive Vulnerability Scanner

    Hello everybody! I'm studing Computer Science in Italy and for my thesis I have to present some passive vulnerability scanners, showing their features and eventually using them in my subnet. I alredy found PVS, NeVo and LAN Guard Network Security Scanner, and they are all commercial products. It would be better if I add to the list some open source and/or experimental product, but I didn't find anything. For this reason now I'm asking you, do you know any open source or experimental passive vulnerability scanner? It would be very helpful!

  2. #2
    Yes, thanks for your friend's sharing I'm also doing the thesis Passive Vulnerability Scanner

  3. #3
    Junior Member
    Join Date
    Nov 2018
    Posts
    1
    Have you tried Github for open source?

  4. #4
    Junior Member
    Join Date
    May 2004
    Posts
    13
    Quote Originally Posted by cameraquansat View Post
    Yes, thanks for your friend's sharing I'm also doing the thesis Passive Vulnerability Scanner
    To me, the word "passive" implies non-interaction, which makes it impossible to perform a vulnerability scan against a target. Granted, there are tools that can be used to take educated guesses about the target by looking closely at network traffic, but it's all just guesses and a lot of the time the information can be misleading.

    With that said it might be helpful to understand how a vulnerability scan is performed.

    Firstly, the vulnerability scanner will "scan" the asset often based on the IP address to discover the open ports, the services (and their version) listening behind the ports, and the operating system the target is running. This process of discovering this level of detail is "interactive", which is the opposite of passive.

    Optionally some vulnerability scans may entail providing a set of user credentials, which means a valid user account and password for the target system is specified. This information can be used by the vulnerability scanner to remotely login to the target and discover an even greater level of detail about the target such as what service packs, patches or hot-fixes are installed, what applications are installed, etc.

    Second, after the scan for open ports, services (and version) and operating system, the vulnerability scanner will consult its database looking for what vulnerabilities potentially exist based on the information discovered about the target.

    For example:

    During a scan of a target port 80 is found open and accessible, the service running in association with the port is Internet Information Services (IIS), the version of IIS is 6 and the operating system is Windows XP Professional with SP2.

    With this discovered information the vulnerability scanner looks in its local database for a listing of all vulnerabilities involving IIS version 6 running on a Windows XP Pro/SP2 system. As a result a list of fourteen "potential" vulnerabilities are identified and presented to the user.

    Keep in mind the word "potential". Just because a vulnerability scanner identifies a vulnerability does not mean the vulnerability is real or that it exists. The *only* way a vulnerability can be confirmed to exist is to perform a penetration test and that is a different subject...

    Hopefully this helps. Best of luck

  5. #5
    Junior Member
    Join Date
    Jun 2019
    Location
    [Insert Location]
    Posts
    7
    Quote Originally Posted by commodon View Post
    To me, the word "passive" implies non-interaction, which makes it impossible to perform a vulnerability scan against a target. Granted, there are tools that can be used to take educated guesses about the target by looking closely at network traffic, but it's all just guesses and a lot of the time the information can be misleading.
    OSINT I consider passive recon. Of course there is also Censys, Shodan, whois, netcraft, etc (or just good old google dorking). Passive is actually meant to not be detectable at all unlike Active Recon which has a high risk of being detected and traced back (nmap syn scan is an example).

Similar Threads

  1. Vulnerability Scanner.
    By HYBR|D in forum Web Development
    Replies: 3
    Last Post: December 2nd, 2010, 12:35 PM
  2. Security Cloak : How To Fool Passive Os Scanner
    By pavs in forum Microsoft Security Discussions
    Replies: 9
    Last Post: July 27th, 2007, 11:02 AM
  3. Passive Vulnerability Scanning
    By Deeboe in forum IDS & Scanner Discussions
    Replies: 10
    Last Post: January 7th, 2006, 08:00 PM
  4. IIS Vulnerability Scanner
    By OkIDaN in forum IDS & Scanner Discussions
    Replies: 8
    Last Post: November 15th, 2004, 11:39 AM
  5. Vulnerability Scanner
    By t2k2 in forum IDS & Scanner Discussions
    Replies: 15
    Last Post: September 3rd, 2002, 03:12 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •