Through passive analysis, the scanner takes the data gathered and uses a vulnerability analysis engine to identify what types of devices are on the network, what network services are open, and what vulnerabilities are present.

This includes misconfigured firewalls, routers, servers, operating systems, missing vendor patches, etc. The vulnerabilities are analyzed and compared to the rules database, a repository of security risks that the user can add to or modify.