Vulnerability scanner software only scans what it is configured for. Depending on the type of scan, the tool scans specific interfaces to invoke a response from the targeted devices. For example, if you want the tool to detect outdated operating system versions in your network, it will test the network devices accordingly.

Once it detects a device running on an outdated operating system, it will flag it as a vulnerability in the final scan report. Besides just identifying a vulnerability, certain vulnerability scanning software also review a vulnerability against a database of vulnerabilities to classify it and assign a risk rating to it. In the end, the tool generates a report with all these details.