MITRE ATT&CK Technique
Description
Adversaries may scan victims for vulnerabilities that can be used during targeting. Vulnerability scans typically check if the configuration of a target host/application (ex: software and version) potentially aligns with the target of a specific exploit the adversary may seek to use. These scans may also include more broad attempts to [Gather Victim Host Information](https://attack.mitre.org/techniques/T1592) that can be used to identify more commonly known, exploitable vulnerabilities. Vulnerability scans typically harvest running software and version numbers via server banners, listening ports, or other network artifacts.(Citation: OWASP Vuln Scanning) Information from these scans may reveal opportunities for other forms of reconnaissance (ex: [Search Open Websites/Domains](https://attack.mitre.org/techniques/T1593) or [Search Open Technical Databases](https://attack.mitre.org/techniques/T1596)), establishing operational resources (ex: [Develop Capabilities](https://attack.mitre.org/techniques/T1587) or [Obtain Capabilities](https://attack.mitre.org/techniques/T1588)), and/or initial access (ex: [Exploit Public-Facing Application](https://attack.mitre.org/techniques/T1190)).
Supported Platforms
Created
April 29, 2026
Last Updated
April 29, 2026
STIX Data
{'created': '2020-10-02T16:55:16.047Z',
'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'description': 'Adversaries may scan victims for vulnerabilities that can be '
'used during targeting. Vulnerability scans typically check if '
'the configuration of a target host/application (ex: software '
'and version) potentially aligns with the target of a specific '
'exploit the adversary may seek to use.\n'
'\n'
'These scans may also include more broad attempts to [Gather '
'Victim Host '
'Information](https://attack.mitre.org/techniques/T1592) that '
'can be used to identify more commonly known, exploitable '
'vulnerabilities. Vulnerability scans typically harvest '
'running software and version numbers via server banners, '
'listening ports, or other network artifacts.(Citation: OWASP '
'Vuln Scanning) Information from these scans may reveal '
'opportunities for other forms of reconnaissance (ex: [Search '
'Open '
'Websites/Domains](https://attack.mitre.org/techniques/T1593) '
'or [Search Open Technical '
'Databases](https://attack.mitre.org/techniques/T1596)), '
'establishing operational resources (ex: [Develop '
'Capabilities](https://attack.mitre.org/techniques/T1587) or '
'[Obtain '
'Capabilities](https://attack.mitre.org/techniques/T1588)), '
'and/or initial access (ex: [Exploit Public-Facing '
'Application](https://attack.mitre.org/techniques/T1190)).',
'external_references': [{'external_id': 'T1595.002',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/techniques/T1595/002'},
{'description': 'OWASP. (n.d.). OAT-014 Vulnerability '
'Scanning. Retrieved October 20, '
'2020.',
'source_name': 'OWASP Vuln Scanning',
'url': 'https://owasp.org/www-project-automated-threats-to-web-applications/assets/oats/EN/OAT-014_Vulnerability_Scanning'}],
'id': 'attack-pattern--5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4',
'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
'phase_name': 'reconnaissance'}],
'modified': '2025-10-24T17:48:48.647Z',
'name': 'Vulnerability Scanning',
'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
'revoked': False,
'spec_version': '2.1',
'type': 'attack-pattern',
'x_mitre_attack_spec_version': '3.2.0',
'x_mitre_deprecated': False,
'x_mitre_detection': '',
'x_mitre_domains': ['enterprise-attack'],
'x_mitre_is_subtechnique': True,
'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'x_mitre_platforms': ['PRE'],
'x_mitre_version': '1.0'}