Traditional Active Scans (Non-credentialed)

A traditional active non-credentialed scan, also known as an unauthenticated scan, is a common method for assessing the security of systems without system privileges. Non-credentialed scans enumerate a host's exposed ports, protocols, and services and identifies vulnerabilities and misconfigurations that could allow an attacker to compromise your network.


  • Ideal for large-scale assessments in traditional enterprise environments.
  • Discovers vulnerabilities that an outside attacker can use to compromise your network (provides a malicious adversary's point of view).
  • Runs network-based plugins that an agent is restricted from performing.
  • Can perform targeted operations like the brute forcing of credentials.


  • Can be disruptive; that is, can sometimes have a negative effect on the network, device, or application you are testing.
  • Misses client-side vulnerabilities such as detailed patch information.
  • Can miss transient devices that are not always connected to the network.