Vulnerability scanners are the automated tools that identify the vulnerabilities and mis-configurations of hosts. As security is the first preference to conduct any business so, these scanners are very useful in many ways like they help to identify the software version that are going to be outdated, missing patches, system upgrades, and even validate compliance from the organization’s security policy.

where can i use it ?

You can vulnerability scanner to scan your business or corporate network and detect insider threats. Many vulnerability scanner available in It field and I preferd Promisec (http://www.promisec.com)Vulnerability scanning tools.

In short, most web application vulnerability scanners first crawl your web application, then run different security tests on the pages discovered during crawling. I work at Detectify and our web application vulnerability scanner works like this:

The scanner first gathers information about infrastructure (such as subdomains and hosts), then crawls the web application to find unique URLs. We also fingerprint during this phase in order to resolve the CMS and the technology stack.

The next step is exploitation, where security tests are performed based on the information gathered in the previous phases. For example, if you are running a CMS like WordPress or Drupal, tests covering vulnerabilities in this specific CMS will also be included in the exploitation phase.

Finally, the scan report is generated and false positives are removed.

https://esds.co.in/security/vtmscan