Vulnerability scanners are automated tools used to discover security vulnerabilities affecting a given system or application.
Vulnerability scanners typically work by fingerprinting a target’s operating system (that is, recognizing the version and type) as well as any services that are running. Once you have fingerprinted the target’s operating system, you use the vulnerability scanner tool to execute specific tests (by sending different requests) to decide whether vulnerabilities exist or not. Of course, these tests are only as good as their authors, and, as with any completely automated solution, they can sometimes miss or misrepresent vulnerabilities on a system.
Most modern vulnerability scanners do an amazing job of minimizing false positives, and many organizations use them to identify out-of-date systems or potential new exposures that might be exploited by attackers.
Vulnerability scanners represent a very important role in penetration testing, particularly in the case of overt testing, which enables you to launch multiple attacks without having to worry about avoiding detection. The results of tests gleaned from vulnerability scanners can be priceless, but beware of depending on them too heavily.
The beauty of a penetration test is that it can’t be automated, and attacking systems successfully needs that you have knowledge and skills. In most situations, when you become an experienced penetration tester, you will rarely use a vulnerability scanner but will depend on your knowledge and expertise to compromise a system.