How do the scanners work?


I am running CVE tests and as a results get a lot of vulnerabilities. I am testing an android device thus many of the CVE’s give the following: “The host carries the product: cpe:/o:google:android”.

Does the tool just identifies Android and applies the whole shabang of CVE’s or indeed finds something in the code?
In general what has being scanned or where could I find explanation on the way the tool works?

Any idea will be much apprecieated! :slight_smile:

Kind Regards,

The scanner runs quite a number of tests. Each using an unique test to find out if the CVE is present. All in all these methods can be grouped in ~13 detection methods. Each group has a %-value in our Quality of Detection rating as seen in the manual:
You can find out what the test has done in the Detection Method and Detection Result section of your result.

Android systems are difficult to scan via our network test approach. It’s a very secretive system and requests via network will only gain very limited data.