Traditional Active Scans (Non-credentialed)

A traditional active non-credentialed scan, also known as an unauthenticated scan, is a common method for assessing the security of systems without system privileges. Non-credentialed scans enumerate ports, protocols, and services that are exposed on a host and identifies vulnerabilities and misconfigurations that could allow an attacker to compromise your network.

Benefits

  • Ideal for large-scale assessments in traditional enterprise environments.
  • Discovers vulnerabilities that an outside attacker can use to compromise your network (provides a malicious adversary's point of view).
  • Runs network-based plugins that an agent is restricted from performing.
  • Can perform targeted operations like the brute-forcing of credentials.

Limitations

  • Can be disruptive; that is, can sometimes have a negative effect on the network, device, or application being tested.
  • Misses client-side vulnerabilities such as detailed patch information.
  • Can miss transient devices that are not always connected to the network.