Network vulnerability scanners are so called because they scan your systems across the network. They do this by sending probes, initially looking for open ports and services, and then once the list of available services is discovered - further probing each service for more information, configuration weaknesses or known vulnerabilities.

The range of vulnerabilities that can be discovered with such an approach is vast, but commonly include: services configured with encryption weaknesses, unpatched software with known vulnerabilities, or services which shouldn't be exposed at all. Intruder's network vulnerability scanner can find 140,000+ vulnerabilities, but is the only vulnerability scanner specifically designed to also reduce your internet-facing attack surface.

Enterprise-grade Network Security Scanner

When it comes to network vulnerability scans, cheap certainly does not mean cheerful. With almost 20 new vulnerabilities being discovered every day, it’s important to use the highest quality scanner you can find, as saving money here may cost you more in the long run.

Intruder uses an industry leading scanning engine that’s used by banks and governments all over the world. With over 140,000 checks available for historic vulnerabilities, and new ones being added on a regular basis. You can be confident that while it’s very simple to use, Intruder provides market leading network security scans.

Vulnerability Assessments For Edge Networks

Some vulnerabilities can be more important depending on where they’re found. For example, finding a Windows SMB service on your internal network is not a vulnerability at all. Exposing one to the internet however, well that’s what led to the WannaCry ransomware spreading rapidly across the world.

There are many of these potential exposures, where traditional vulnerability scanning tools don’t differentiate between external or internal perspectives. Intruder prioritizes visibility of these exposures in a way no other network scanning tool does, by prioritizing exposures on your internet-facing systems.

Continuous Security Monitoring

Modern attackers don’t wait to act and usually execute their attacks within weeks of new vulnerabilities being discovered. In fact, around 20 new vulnerabilities are discovered every day, many of which are in technologies which sit on your perimeter systems – exposed to the internet.

While some companies choose to have an annual network penetration test, Intruder’s network vulnerability scanner allows you to eliminate threats to your business, by discovering security holes in your most exposed systems automatically, as soon as new vulnerabilities are released.

Smart Recon

For those companies lucky enough to own a network range all to themselves, they know this is both useful, but can be hard to manage. You want to make sure your whole range is being covered, but licensing vast numbers of inactive IPs can be expensive. 

That's why Intruder built "Smart Recon", a feature that allows you to monitor your external network ranges for active IPs, and only pay for those in use.

What Does It Check For?

Vulnerability scanning can be like a black box at the best of times. You put your targets in, run a scan, and your results come out. But what has actually happened in-between? With so many vulnerabilities out there, it's impossible to list them all, but the following categories should give you an overview of the different types of weaknesses we can detect, and how we do it.

• Common mistakes & configuration weaknesses

Even the most secure software can often be configured in an insecure way. Simple mistakes such as leaving default passwords, not enabling encryption or other security settings.

Intruder has thousands of checks for these kinds of mistakes, making sure all your business sensitive systems are hardened as much as they need to be to survive the warzone that is the modern internet.

• Missing patches
Patch management is a fundamental part of keeping your digital estate secure, as missing patches can quickly be detected and exploited by attackers.

Intruder’s network security scans use both passive and active checks to detect the versions of thousands of software components, frameworks, and hardware devices, from web servers to operating systems and network devices. Passive checks use fingerprinting techniques to determine the software version in use, while active checks dynamically check for known exploits, where it is safe to do so.

• Application bugs
Web application bugs have been known about for decades, but still account for a large proportion of breaches.

The types of application weakness that Intruder checks for include SQL Injection, Cross-Site Scripting, XML Injection, and many others which attackers can use to gain access to your systems and information, or to modify or cause damage.

• Encryption weaknesses
The internet relies heavily on encryption for providing secure services, without it for example there could be no online banking. Encryption isn't flawless though, and frequently weaknesses are discovered in algorithms previously thought secure. It is also common to find that services which are capable of secure encryption, have either not been configured, or mistakenly configured to be less secure.

Intruder has checks for all the latest known encryption weaknesses, some of which include: Heartbleed, SSL/TLS weaknesses, and VPN encryption weaknesses.

Online Vulnerability Scanner

Intruder is an online vulnerability scanner which works seamlessly with your technical environment. Without any need for lengthy installations or complex configuration, it’s very easy to get set up. Testing your systems using an online vulnerability scanner simulates where real attacks would also be coming from – the internet. What’s more, Intruder comes with a range of useful integrations to make vulnerability management a breeze:
• Cloud integrations: Automatically manage your AWS, Azure and Google Cloud targets with ease, from within the Intruder platform.
• Slack: Keep an eye on your security exposure in real-time with Intruder’s Slack integration.
• Jira: Send security issues to Jira, for easy tracking of your security issues.
• Microsoft Teams: Get notified about important events in the Intruder platform, such as when a scan completes or when we check you for the latest emerging threats.
• Zapier: Extend Intruder to 2,000+ other apps and move your info between web services automatically.
• REST API: Full automation of your vulnerability management process is possible with Intruder’s REST API, so you can integrate Intruder with your development and deployment cycles seamlessly.

What our customers say

"I have used multiple vulnerability scanning tools in the past. Most of them were single-purpose and had a lot of extraneous output that took a long time to configure to get what we needed. With Intruder, I got relevant, actionable results the very first time I scanned, and it's a one-stop shop. I don't have to set up a patchwork of different tools to get good coverage on vulnerability scanning." Read full review

Zach, Co-founder and CTO at Yembo.


Can I do internal network scanning using Intruder?

Yes, you can! Our internal network scanner is agent-based, that means you will need to install a piece of software on each Windows, Linux or MacOS device that you wish to scan. Read more about our internal scanning in this help article.

Can I scan internal network devices like printers, routers, and switches?

No, because Intruder’s internal vulnerability scanner is agent-based. Read our article to find out why we think agent-based scanning is the right approach for many modern organizations.

How does Intruder’s emerging threat scanning work?

To give you peace of mind and save time monitoring the news for security threats, we run proactive vulnerability scans on your systems. This means that as soon as we identify a new threat that could critically affect your systems, we'll proactively start scanning your targets to ensure you are not vulnerable.

What are the different types of vulnerability scanners?

The main types of vulnerability scanners are: network-based vulnerability scanners, agent-based vulnerability scanners, and web-application vulnerability scanners. Each type performs different security tasks, and covers a range of different attack scenarios. Therefore, it’s worth considering the risks relative to your business in order to choose the type of scanner most suitable for your needs. If you want to find out more about choosing the right scanner type, we have created a helpful guide for that.

Start your 14-day free trial

of Intruder's network vulnerability scanner, to provide continuous protection for your perimeter systems today!