Traditional Active Scans (Non-credentialed)

A traditional active non-credentialed scan, also known as an unauthenticated scan, is a common method for assessing the security of systems without system privileges. Non-credentialed scans enumerate a host's exposed ports, protocols, and services and identifies vulnerabilities and misconfigurations that could allow an attacker to compromise your network.

Benefits

• Ideal for large-scale assessments in traditional enterprise environments.
• Discovers vulnerabilities that an outside attacker can use to compromise your network (provides a malicious adversary's point of view).
• Runs network-based plugins that an agent is restricted from performing.
• Can perform targeted operations like the brute forcing of credentials.

Limitations

• Can be disruptive; that is, can sometimes have a negative effect on the network, device, or application you are testing.
• Misses client-side vulnerabilities such as detailed patch information.
• Can miss transient devices that are not always connected to the network.