performing-agentless-vulnerability-scanning
Configure and execute agentless vulnerability scanning using network protocols, cloud snapshot analysis, and API-based discovery to assess systems without installing endpoint agents.
What this skill does
# Performing Agentless Vulnerability Scanning ## Overview Agentless vulnerability scanning assesses systems for security weaknesses without requiring endpoint agent installation. This approach leverages existing network protocols (SSH for Linux, WMI for Windows), cloud provider APIs for snapshot-based analysis, and authenticated remote checks. Modern cloud platforms like Microsoft Defender for Cloud, Wiz, Datadog, and Tenable perform out-of-band analysis by taking disk snapshots and examining OS configurations and installed packages offline. The open-source tool Vuls provides agentless scanning based on NVD and OVAL data for Linux/FreeBSD systems. This skill covers configuring agentless scans across on-premises, cloud, and containerized environments. ## When to Use - When conducting security assessments that involve performing agentless vulnerability scanning - When following incident response procedures for related security events - When performing scheduled security testing or auditing activities - When validating security controls through hands-on testing ## Prerequisites - SSH key-based authentication configured on Linux/Unix targets - WMI/WinRM access on Windows targets with appropriate credentials - Cloud provider API credentials (AWS IAM, Azure RBAC, GCP IAM) - Network access from scanner to target systems on required ports - Service account with read-only access to target system configurations - Python 3.8+ for custom scanning automation ## Core Concepts ### Agentless vs Agent-Based Scanning | Aspect | Agentless | Agent-Based | |--------|-----------|-------------| | Deployment | No software installation needed | Agent install on every endpoint | | Network dependency | Requires network connectivity | Works offline with cloud sync | | Performance impact | Minimal on target systems | Light continuous overhead | | Coverage depth | Depends on protocol/credentials | Deep local access | | Cloud snapshot analysis | Native capability | Not applicable | | Ideal for | Cloud VMs, IoT, legacy systems, OT | Managed endpoints, laptops | ### Agentless Scanning Methods | Method | Protocol | Target OS | Port | Use Case | |--------|----------|-----------|------|----------| | SSH Remote Commands | SSH | Linux/Unix | 22 | Package enumeration, config audit | | WMI Remote Query | WMI/DCOM | Windows | 135, 445 | Hotfix enumeration, registry checks | | WinRM PowerShell | WS-Man | Windows | 5985/5986 | Remote command execution | | SNMP Community | SNMP v2c/v3 | Network devices | 161 | Device fingerprinting, firmware check | | Cloud Snapshot | Provider API | Cloud VMs | N/A | Disk image analysis | | Container Registry | HTTPS | Container images | 443 | Image vulnerability scanning | | API-Based | REST/HTTPS | SaaS/Cloud | 443 | Configuration assessment | ### Cloud Snapshot Analysis Flow ``` 1. Scanner requests disk snapshot via cloud API 2. Cloud provider creates snapshot of VM root + data disks 3. Scanner mounts snapshot in isolated analysis environment 4. Scanner examines OS packages, configurations, file system 5. Snapshot is deleted after analysis (no persistent copies) 6. Results sent to central management console ``` ## Workflow ### Step 1: SSH-Based Agentless Scanning (Linux) ```bash # Create dedicated scan SSH key pair ssh-keygen -t ed25519 -f /opt/scanner/.ssh/scan_key -N "" \ -C "[email protected]" # Deploy public key to targets via Ansible # ansible-playbook deploy_scan_key.yml # Test connectivity to target ssh -i /opt/scanner/.ssh/scan_key -o ConnectTimeout=10 \ scanner@target-host "cat /etc/os-release && dpkg -l 2>/dev/null || rpm -qa" ``` ```python import paramiko import json class AgentlessLinuxScanner: """SSH-based agentless vulnerability scanner for Linux systems.""" def __init__(self, key_path): self.key_path = key_path def connect(self, hostname, username="scanner", port=22): """Establish SSH connection to target.""" client = paramiko.SSHClient() client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) key = paramiko.Ed25519Key.from_private_key_file(self.key_path) client.connect(hostname, port=port, username=username, pkey=key, timeout=30, banner_timeout=30) return client def get_os_info(self, client): """Detect OS type and version.""" _, stdout, _ = client.exec_command("cat /etc/os-release", timeout=10) os_release = stdout.read().decode() info = {} for line in os_release.strip().split("\n"): if "=" in line: key, val = line.split("=", 1) info[key] = val.strip('"') return info def get_installed_packages(self, client): """Enumerate installed packages.""" # Try dpkg (Debian/Ubuntu) _, stdout, _ = client.exec_command( "dpkg-query -W -f='${Package}|${Version}|${Architecture}\\n'", timeout=30 ) output = stdout.read().decode().strip() if output: packages = [] for line in output.split("\n"): parts = line.split("|") if len(parts) >= 2: packages.append({ "name": parts[0], "version": parts[1], "arch": parts[2] if len(parts) > 2 else "", "manager": "dpkg" }) return packages # Try rpm (RHEL/CentOS/Fedora) _, stdout, _ = client.exec_command( "rpm -qa --queryformat '%{NAME}|%{VERSION}-%{RELEASE}|%{ARCH}\\n'", timeout=30 ) output = stdout.read().decode().strip() packages = [] for line in output.split("\n"): parts = line.split("|") if len(parts) >= 2: packages.append({ "name": parts[0], "version": parts[1], "arch": parts[2] if len(parts) > 2 else "", "manager": "rpm" }) return packages def check_kernel_version(self, client): """Get running kernel version.""" _, stdout, _ = client.exec_command("uname -r", timeout=10) return stdout.read().decode().strip() def check_listening_ports(self, client): """Enumerate listening network services.""" _, stdout, _ = client.exec_command( "ss -tlnp 2>/dev/null || netstat -tlnp 2>/dev/null", timeout=10 ) return stdout.read().decode().strip() def scan_host(self, hostname, username="scanner"): """Perform full agentless scan of a host.""" print(f"[*] Scanning {hostname}...") client = self.connect(hostname, username) result = { "hostname": hostname, "os_info": self.get_os_info(client), "kernel": self.check_kernel_version(client), "packages": self.get_installed_packages(client), "listening_ports": self.check_listening_ports(client), } client.close() print(f" [+] Found {len(result['packages'])} packages on {hostname}") return result ``` ### Step 2: WinRM-Based Agentless Scanning (Windows) ```python import winrm class AgentlessWindowsScanner: """WinRM-based agentless vulnerability scanner for Windows.""" def __init__(self, username, password, domain=None): self.username = username self.password = password self.domain = domain def connect(self, hostname, use_ssl=True): """Create WinRM session.""" port = 5986 if use_ssl else 5985 transport = "ntlm" user = f"{self.domain}\\{self.username}" if self.domain else self.username session = winrm.Session( f"{'https' if use_ssl else 'http'}://{hostname}:{port}/wsman", auth=(user, self.password), transport=transport, server_cert_validation="ignore"
Related in Backend & APIs
jfrog
IncludedInteract with the JFrog Platform via the JFrog CLI and REST/GraphQL APIs. Use this skill when the user wants to manage Artifactory repositories, upload or download artifacts, manage builds, configure permissions, manage users and groups, work with access tokens, configure JFrog CLI servers, search artifacts, manage properties, set up replication, manage JFrog Projects, run security audits or scans, look up CVE details, query exposures scan results from JFrog Advanced Security, manage release bundles and lifecycle operations, aggregate or export platform data, or perform any JFrog Platform administration task. Also use when the user mentions jf, jfrog, artifactory, xray, distribution, evidence, apptrust, onemodel, graphql, workers, mission control, curation, advanced security, exposures, or any JFrog product name.
cupynumeric-migration-readiness
IncludedPre-migration readiness assessor for porting NumPy to cuPyNumeric. Use BEFORE substantial porting work begins when the user asks whether code will scale on GPU, whether they should migrate to cuPyNumeric, which NumPy patterns transfer cleanly, what must be refactored before porting, or mentions pre-port assessment, scaling analysis, or refactor planning. Inspect the user's source code, look up NumPy usage, cross-reference the cuPyNumeric API support manifest, and distinguish distributed-scaling-friendly patterns from blockers such as unsupported APIs, scalar synchronization, host round-trips, Python/object-heavy control flow, shape/data-dependent branching, and in-place mutation hazards. Produce a verdict of READY, LIGHT REFACTOR, SIGNIFICANT REFACTOR, or NOT RECOMMENDED, with concrete refactor pointers.
alibabacloud-data-agent-skill
IncludedInvoke Alibaba Cloud Apsara Data Agent for Analytics via CLI to perform natural language-driven data analysis on enterprise databases. Data Agent for Analytics is an intelligent data analysis agent developed by Alibaba Cloud Database team for enterprise users. It automatically completes requirement analysis, data understanding, analysis insights, and report generation based on natural language descriptions. This tool supports: discovering data resources (instances/databases/tables) managed in DMS, initiating query or deep analysis sessions, real-time progress tracking, and retrieving analysis conclusions and generated reports. Use this Skill when users need to query databases, analyze data trends, generate data reports, ask questions in natural language, or mention "Data Agent", "data analysis", "database query", "SQL analysis", "data insights".
token-optimizer
IncludedReduce OpenClaw token usage and API costs through smart model routing, heartbeat optimization, budget tracking, and native 2026.2.15 features (session pruning, bootstrap size limits, cache TTL alignment). Use when token costs are high, API rate limits are being hit, or hosting multiple agents at scale. The 4 executable scripts (context_optimizer, model_router, heartbeat_optimizer, token_tracker) are local-only — no network requests, no subprocess calls, no system modifications. Reference files (PROVIDERS.md, config-patches.json) document optional multi-provider strategies that require external API keys and network access if you choose to use them. See SECURITY.md for full breakdown.
resend-cli
IncludedUse this skill when the task is specifically about operating Resend from an AI agent, terminal session, or CI job via the official resend CLI: installing/authenticating the CLI, sending/listing/updating/cancelling emails, batch sends, domains and DNS, webhooks and local listeners, inbound receiving, contacts, topics, segments, broadcasts, templates, API keys, profiles, or debugging Resend CLI/API failures. Trigger on mentions of Resend CLI, `resend`, `resend doctor`, `resend emails send`, `resend domains`, `resend webhooks listen`, `resend emails receiving`, or agent-friendly terminal automation.
alibabacloud-odps-maxframe-coding
IncludedUse this skill for MaxFrame SDK development and documentation navigation on Alibaba Cloud MaxCompute (ODPS). Helps answer MaxFrame API, concept, official example, and supported pandas API questions; create data processing programs; read/write MaxCompute tables; debug jobs (remote or local); and build custom DPE runtime images. Trigger when users mention MaxFrame, MaxCompute with MaxFrame, ODPS table processing, DPE runtime, MaxFrame docs/examples, DataFrame/Tensor operations, or GPU runtime setup. Works for both English and Chinese queries about Alibaba Cloud data processing with MaxFrame.