John, a disgruntled ex-employee of an organization, contacted a professional hacker to exploit the organization. In the attack process, the professional hacker installed a scanner on a machine belonging to one of the victims and scanned several machines on the same network to identify vulnerabilities to perform further exploitation.
What is the type of vulnerability assessment tool employed by John in the above scenario?
he attacker installed a scanner on one machine and used it to scan other machines on the network. This aligns more closely with the behavior of a network-based scanner, which is designed to scan multiple devices on a network from a central point
Attacker is clearly using network scanning
Agent-based scanners reside on a single machine but can scan several devices on the same network.
Module 5 - page 561 Agent-Based Scanner: Agent-based scanners reside on a single machine but can scan several machines on the same network.
B. Network-based scanner. A network-based scanner is a tool that scans multiple machines within a network to identify vulnerabilities. It operates by probing network devices, servers, and workstations to detect weaknesses such as open ports, misconfigurations, and outdated software that can be exploited. In this scenario: 1. A scanner is installed on a machine within the organization’s network. 2. It scans several machines on the same network to find vulnerabilities. 3. The attacker uses this information for further exploitation. Why not the others: A. Agent-based scanner – Requires agents installed on each device for vulnerability scanning. The scenario does not mention this. C. Cluster scanner – Typically used for scanning clusters of servers or cloud environments, which is not specified here. D. Proxy scanner – Used for anonymizing scans and routing traffic through proxies, not for internal network scanning.
No cenário descrito, o hacker instalou o scanner em uma máquina comprometida e a usou para escanear outras máquinas na rede. Isso corresponde exatamente ao funcionamento de um agent-based scanner, que coleta informações sobre múltiplos dispositivos a partir de um único ponto. Não pode ser o um network-based scanner interage apenas com a máquina onde está instalado e gera o relatório nela mesma. Pagina 337 material oficila da EC COUNCIL
Based on EC - COuncil Material
Network scanner scans other machines on the network to identify vulnerabilities.
In agent base scan, each device to be scanned must have an agent installed on it. The question said a scanner (not an agent) was installed on a machine and used to scan other devices. The question did not state that the scanned devices had agent installed, hence, B is correct.
CEH Textbook says: network-based scanners scan a network from a remote location, while agent-based scanners require a dedicated software agent to be installed on EACH TARGET MACHINE for scanning. That means every host will need to have the agent installed, whereas network-based scanner (i.e. Nessus) doesn't require an agent.