Skip to main content

Types of Scanners

The Types of Scanners page provides comprehensive information about the various vulnerability scanning engines and technologies utilized by the TraQez platform. Each scanner is carefully selected for its specific capabilities in identifying security vulnerabilities across network infrastructure, web applications, and cloud workloads. Understanding these scanner technologies helps in recognizing the depth and breadth of security assessments performed by the platform.

How it Works

TraQez platform leverages multiple open-source and proprietary scanning technologies to provide comprehensive vulnerability detection and assessment. The platform integrates industry-standard security tools with proprietary intelligence to deliver accurate vulnerability identification, risk scoring, and actionable remediation guidance.

Scanning Process:

  • Scanner Integration: Multiple scanning engines work together to provide comprehensive coverage
  • Automated Execution: Scanners are invoked automatically based on scan type selection
  • Data Correlation: Results from multiple scanners are correlated and deduplicated
  • Database Mapping: Findings are mapped against vulnerability databases (NVD, MITRE, OWASP)
  • Intelligent Reporting: AI-powered prioritization and remediation recommendations

Scanner Technologies

The following scanning technologies power the TraQez vulnerability assessment platform:

Nmap (Network Mapper)

Technology Type: Open Source Network Scanner

Version: 7.x

License: Nmap Public Source License Version 0.95 and GPL 2.0

Primary Purpose: Network discovery, port scanning, and service enumeration

Key Capabilities:

  • TCP/UDP port scanning across all 65,535 ports
  • Service version detection and fingerprinting
  • Operating system detection and identification
  • Network topology mapping
  • Script-based vulnerability detection (NSE - Nmap Scripting Engine)
  • IPv4 and IPv6 support

How Nmap is Used in TraQez:

  • Performs initial host discovery and network reconnaissance
  • Identifies open ports and running services
  • Detects service versions for vulnerability correlation
  • Executes custom NSE scripts for targeted vulnerability detection
  • Provides foundation data for advanced vulnerability assessments

Commercial Use: Yes. Nmap can be used in commercial products as long as proper attribution is provided, including "Powered by Nmap" notice, license inclusion, and link to Nmap project.

Deployment Notes: Nmap is deployed as a separate component and invoked via child processes. The application parses Nmap XML output for integration with the TraQez platform.

Vendor Support: No official vendor support. Supported internally by TraQez development team.

OpenVAS (Open Vulnerability Assessment System)

Technology Type: Open Source Vulnerability Scanner

Version: 24.x

License: GPL 2.0

Primary Purpose: Comprehensive vulnerability assessment and detection

Key Capabilities:

  • Extensive vulnerability test library (50,000+ tests)
  • Network Vulnerability Tests (NVTs) for various platforms
  • Authenticated and unauthenticated scanning
  • Service-specific vulnerability detection
  • CVE and CVSS-based vulnerability reporting
  • Continuous vulnerability feed updates

How OpenVAS is Used in TraQez:

  • Executes comprehensive vulnerability assessments
  • Performs deep analysis of discovered services
  • Validates potential vulnerabilities through active testing
  • Cross-references findings against 250,000+ CVE database
  • Provides detailed vulnerability descriptions and mitigation guidance

Commercial Use: Yes. OpenVAS can be used in commercial products with proper license inclusion and attribution.

Deployment Notes: OpenVAS is containerized separately in Docker Compose with clear separation. License and attribution are included in deployment.

Vendor Support: No official vendor support. Supported internally by TraQez development team.

Nuclei

Technology Type: Open Source Template-Based Vulnerability Scanner

Version: 4.x

License: MIT

Primary Purpose: Fast and customizable vulnerability scanning using community templates

Key Capabilities:

  • Template-based vulnerability detection
  • Fast and efficient scanning engine
  • Community-driven vulnerability templates
  • Support for custom template creation
  • Multi-protocol support (HTTP, DNS, TCP, etc.)
  • Integration with vulnerability databases

How Nuclei is Used in TraQez:

  • Performs rapid vulnerability detection using templates
  • Scans for specific CVEs and misconfigurations
  • Validates known vulnerabilities across services
  • Executes custom detection templates
  • Supplements OpenVAS with targeted checks

Commercial Use: Yes. MIT license allows unrestricted use and modification in commercial products.

Deployment Notes: Nuclei is deployed as a standalone component with no restrictions on usage or modifications.

Vendor Support: No official vendor support. Supported internally by TraQez development team.

OWASP ZAP (Zed Attack Proxy)

Technology Type: Open Source Web Application Security Scanner

Version: Latest stable release

License: Apache 2.0

Primary Purpose: Web application and API security testing

Key Capabilities:

  • OWASP Top 10 vulnerability detection
  • Active and passive scanning modes
  • Web application crawling and spidering
  • API endpoint discovery and testing
  • Authentication and session management testing
  • Ajax spider for modern web applications
  • Extensive scan policies and configurations

How OWASP ZAP is Used in TraQez:

  • Performs black-box testing of web applications
  • Identifies OWASP Top 10 vulnerabilities
  • Tests APIs for security weaknesses
  • Executes both passive and active scanning
  • Validates web application security controls

Commercial Use: Yes. Apache 2.0 license allows unrestricted commercial use.

Deployment Notes: OWASP ZAP is now maintained by Checkmarx. No restrictions on commercial usage. License and attribution included.

Vendor Support: No official vendor support. Supported internally by TraQez development team.

Deeptraq Security Scanner (Proprietary)

Technology Type: Proprietary Agent-Based Vulnerability Scanner

Version: 1.x

License: Proprietary License

Primary Purpose: Advanced agent-based vulnerability detection with AI-powered prioritization

Key Capabilities:

  • Agent-based internal scanning for cloud workloads
  • Proprietary vulnerability database with AI integration
  • Intelligent vulnerability prioritization
  • Real-time threat intelligence integration
  • Custom vulnerability detection logic
  • Deep system and application analysis
  • Continuous monitoring capabilities

How Deeptraq is Used in TraQez:

  • Performs agent-based scanning on cloud workloads
  • Provides AI-powered vulnerability prioritization
  • Offers continuous security monitoring
  • Delivers custom vulnerability intelligence
  • Supplements open-source scanners with proprietary insights

Commercial Use: Provided as SaaS product. Not available for standalone deployment.

Deployment Notes: Agent-based architecture requires installation of lightweight agents on target systems.

Vendor Support: Yes. Fully supported by TraQez with dedicated support team.

Scanner Selection by Scan Type

Different scan types utilize different combinations of scanners to achieve optimal results:

Port Scan & Discovery Scan:

  • Primary Scanner: Nmap
  • Purpose: Fast port and service discovery
  • Output: Open ports, service versions, basic host information

Advanced Network Scan:

  • Primary Scanners: Nmap + OpenVAS + Nuclei
  • Purpose: Comprehensive network vulnerability assessment
  • Output: Detailed vulnerability reports with CVE mappings

Complete Vulnerability Assessments:

  • Primary Scanners: Nmap + OpenVAS + Nuclei + Custom Scripts
  • Purpose: Exhaustive vulnerability detection and validation
  • Output: Complete vulnerability inventory with 50,000+ tests

OWASP Top 10 Check:

  • Primary Scanner: OWASP ZAP
  • Purpose: Web application security assessment
  • Output: OWASP Top 10 vulnerability findings

Cloud Workload Scanning (Agent-Based):

  • Primary Scanner: Deeptraq Security Scanner
  • Purpose: Internal vulnerability detection with AI prioritization
  • Output: Agent-based findings with intelligent risk scoring

Scanner Comparison Matrix

ScannerTypeLicensePrimary UseScan SpeedVulnerability Coverage
NmapNetworkOpen SourcePort & Service DiscoveryFastBasic
OpenVASNetworkOpen SourceComprehensive Vuln AssessmentMedium-SlowExtensive (50K+ tests)
NucleiMulti-ProtocolOpen SourceTemplate-Based DetectionFastModerate (Community Templates)
OWASP ZAPWeb ApplicationOpen SourceWeb & API SecurityMediumOWASP Top 10 Focused
DeeptraqAgent-BasedProprietaryCloud Workload ScanningReal-timeAI-Powered Intelligence

Vulnerability Database Integration

All scanners integrate with industry-standard vulnerability databases:

Primary Vulnerability Databases:

  • NVD (National Vulnerability Database): Comprehensive CVE repository maintained by NIST
  • MITRE CVE: Standard for vulnerability naming and cataloging
  • OWASP: Web application vulnerability classifications
  • Vendor-Specific Feeds: Security advisories from major vendors

Database Updates:

  • Vulnerability databases are updated daily
  • Real-time synchronization with NVD and MITRE
  • Custom vulnerability signatures added by TraQez security research team
  • Community-contributed templates (Nuclei)

Scanner Licensing and Compliance

All open-source scanners used in TraQez platform comply with their respective licenses:

License Compliance:

  • Nmap: Proper attribution with "Powered by Nmap" notice and license inclusion
  • OpenVAS: GPL 2.0 compliance with license distribution
  • Nuclei: MIT license allows unrestricted use
  • OWASP ZAP: Apache 2.0 license compliance
  • Deeptraq: Proprietary license for SaaS deployment

Commercial Usage:

  • All scanners are properly licensed for commercial use
  • Attribution and license information included in deployments
  • No licensing restrictions for end-users
  • Full compliance with open-source license requirements

Scanner Maintenance and Updates

Update Schedule:

  • Scanner Engines: Updated monthly or as security patches are released
  • Vulnerability Signatures: Updated daily from upstream sources
  • Template Libraries: Continuously updated (Nuclei templates)
  • Custom Scripts: Updated by TraQez security team as needed

Quality Assurance:

  • All scanner updates undergo testing before production deployment
  • Regression testing ensures compatibility with existing scans
  • Performance monitoring to maintain scan efficiency
  • Continuous validation of vulnerability detection accuracy

Best Practices for Scanner Usage

Optimal Scanner Utilization:

  • Use Nmap for initial network discovery and reconnaissance
  • Deploy OpenVAS for comprehensive vulnerability assessments
  • Leverage Nuclei for rapid targeted vulnerability checks
  • Utilize OWASP ZAP for all web application and API testing
  • Enable Deeptraq agents for continuous cloud workload monitoring

Performance Considerations:

  • Nmap scans are fastest for port discovery (1-10 minutes)
  • OpenVAS scans require more time for comprehensive analysis (30+ minutes)
  • Nuclei provides fast template-based checks (5-15 minutes)
  • OWASP ZAP scan duration depends on application complexity (10-60 minutes)
  • Deeptraq provides real-time continuous monitoring

Security Considerations:

  • Obtain proper authorization before scanning any systems
  • Schedule intensive scans during maintenance windows
  • Monitor system impact during active scanning
  • Review scanner logs for any issues or errors
  • Maintain scan artifacts for compliance and audit purposes

Additional Information

For detailed information on how to create and manage scans using these scanner technologies, please refer to the Network Perimeter Security documentation.

For scanner-specific troubleshooting or technical questions, contact the TraQez support team with detailed error reports and scan artifacts.