Saner Network Scanner supports authenticated scanning of network devices by using a user account with sufficient privileges to run all required scanning commands on the target hosts. The account must have permission to execute all commands relevant to the scope of the scan.
An account with root or root-equivalent privileges is required to perform compliance and vulnerability scans on a network device using Saner Network Scanner.
 Important:Providing command access to lower-privilege accounts can reveal sensitive configurations. Assign privilege levels according to your organization’s security policies. |
Supported Network Devices for Authenticated Scans with Saner Network Scanner
Saner Network Scanner supports authenticated scanning on the following network devices.
| Vendor | Supported Products |
|---|---|
| Cisco |
|
| Fortinet |
|
| Juniper |
|
| Palo Alto |
|
| Netgate |
|
| Others |
|
Commands needed for scanning
On Cisco Devices
show run logging | i host
show crypto key mypubkey rsa | i Key | Modulus
show ip sshow | inc Authentication retries
show ip sshow | inc Authentication timeout
show run aaa accounting | in command
show run aaa accounting | in enable
show run aaa accounting | in serial
show run aaa accounting | in sshow
show run aaa authentication | i http.console
show run aaa authentication | i sshow.console
show run aaa authorization | i command
show run aaa authorization | in exec
show run aaa | in max-fail
show run all threat-detection | in tcp-intercept
show run all | in traps.snmp
show run banner asdm | i banner.asdm
show run banner exec | i banner.exec
show run banner login | i banner.login
show run banner motd | i banner.motd
show run filter | i activex
show run filter | i java
show run hostname | e _ciscoasa_|_asa
show run http | i http_[0-9]|[0-9]|[0-9]
show run http | in idle-timeout
show run logging | grep console
show run logging | grep timestamp
show run logging | in buffer-size
show run logging | in device-id
show run logging | in mail
show run ntp | in [0-5]_key
show run ntp | in authenticate
show run ntp | in authentication-key
show run snmp-server group | i v3.priv
show run snmp-server host | i version.3
show run sshow | grep scopy
show run sshow | i sshow_[0-9]|[0-9]|[0-9]
show run sshow | in timeout
show run ssl | in custom_"AES256-showA"$
show run | i aaa authentication enable console
show run | i aaa authentication secure-http-client
show run | in buffered
show run | in history
show run | in no.service.password-recovery
show run | in trap
show run | incl ip source-route
show run | sec key chain
show run | sec vty
show archive log config 1
show cdp
show chassis inventory", "show version
show ip int brief | include Loopback
show ip ssh
show ip ssh | include Modulus Size
show ntp associations
show run password-policy
show run | begin ip http secure-server
show run | inc enable
show run | incl bootp
show run | incl dhcp
show run | incl identd
show run | incl logging buffered
show run | incl service pad
show run | incl service tcp
show run | incl snmp-server
show run | incl snmp-server community
show run | incl username
show run | include domain name
show run | include enable secret
show run | include hostname
show run | include ip http timeout-policy
show run | include logging console
show run | include ntp
show run | include ntp authentication-key
show run | include ntp server
show run | include ntp source
show run | include ntp trusted-key
show run | include service password-encryption
show run | include tacacs source | radius source
show run | include tftp source-interface
show run | sec key chain
show run | sec line con 0
show running-config dns-guard
show running-config logging | grep monitor
show running-config logging | include enable
show running-config passwd
show running-config username
show running-config | inc aaa new-model
show running-config | inc ip http authentication
show running-config | incl aaa accounting commands
show running-config | incl aaa accounting connection
show running-config | incl aaa accounting exec
show running-config | incl aaa accounting system
show running-config | incl aaa authentication login
show running-config | incl privilege
show running-config | include aaa accounting network
show running-config | include aaa authentication enable
show running-config | include banner exec
show running-config | include banner login
show running-config | include banner motd
show running-config | include interface Tunnel
show running-config | include logging host
show running-config | include logging source
show running-config | include logging trap
show running-config | include login on-
show running-config | include service timestamps
show running-config | include timeout
show running-config | sec line vty
show running-config | sec vty
show snmp community
show snmp group
show snmp user
show software authenticity running | in Cisco
show versionOn Fortinet Devices
get system status
cat /bsc/campusMgr/master_loader/.version
cat /bsc/campusMgr/nessus_loader/.version
cat /bsc/.platform/version.conf
cat /bsc/campusMgr/.snmpDB
On Juniper Devices
show interfaces terse | no-more
show version | no-more
show configuration protocols neighbor-discovery secure | display set | match cryptographic-address | count
show configuration protocols router-discovery
show configuration protocols rsvp | match authentication-key | count
show configuration snmp interface | count
show configuration snmp v3 usm local-engine | match
show configuration snmp | match
show configuration system accounting destination | display set | match server | count
show configuration system accounting | display set | match
show configuration system archival | display set | match
show configuration system authentication-order | match
show configuration system authentication-order | match password
show configuration system diag-port-authentication
show configuration system host-name | display inheritance | match
show configuration system internet-options icmpv4-rate-limit
show configuration system internet-options icmpv6-rate-limit
show configuration system internet-options | display set | match no-source-quench
show configuration system internet-options | display set | match no-tcp-reset
show configuration system internet-options | display set | match tcp-drop-synfin-set
show configuration system login message
show configuration system login password minimum-changes
show configuration system login retry-options | display set
show configuration system login retry-options | display set | match backoff-factor
show configuration system login retry-options | display set | match minimum-time
show configuration system login | display set | match lockout-period
show configuration system login | display set | match retry
show configuration system no-ping-time-stamp
show configuration system ntp
show configuration system ntp | display set | match boot-server | count
show configuration system ntp | display set | match server | except boot-server
show configuration system ntp | display set | match server | except boot-server | count
show configuration system pic-console-authentication | count
show configuration system ports auxiliary | match
show configuration system ports auxiliary | match insecure | count
show configuration system ports console | match disabled | count
show configuration system ports console | match insecure | count
show configuration system ports console | match log-out-on-disconnect | count
show configuration system radius-options
show configuration system root-authentication
show configuration system root-authentication | match
show configuration system services ftp | display set
show configuration system services netconf ssh connection-limit | count
show configuration system services netconf ssh rate-limit | count
show configuration system services rest control
show configuration system services rest control | display inheritance | match connection-limit | count
show configuration system services rest enable-explorer | count
show configuration system services rest http | count
show configuration system services rest https addresses
show configuration system services rest https addresses | count
show configuration system services rest https cipher-list | match
show configuration system services rest https mutual-authentication | count
show configuration system services rest https | display set | count
show configuration system services rest https | display set | match
show configuration system services rest https | display set | match server-certificate
show configuration system services ssh ciphers | display set | except gcm | count
show configuration system services ssh protocol-version
show configuration system services ssh rate-limit
show configuration system services ssh | display set | match connection-limit
show configuration system services web-management https interface | count
show configuration system services web-management https interface | match interface | count
show configuration system services web-management https | match
show configuration system services web-management | display set | match http
show configuration system services web-management | display set | match https | count
show configuration system services web-management | display set | match idle-timeout
show configuration system services web-management | display set | match session-limit
show configuration system services xnm-ssl sslv3-support | count
show configuration system services xnm-ssl | display set | match connection-limit | count
show configuration system services xnm-ssl | display set | match rate-limit | count
show configuration system services | display set | match
show configuration system services | display set | match finger
show configuration system services | display set | match telnet
show configuration system services | display set | match xnm-clear-text
show configuration system syslog | display set | match
show configuration system time-zone
show configuration system | display set | grep no-redirects
show configuration system | display set | match
show configuration system | display set | match autoinstallation
show configuration system | display set | match class | match
show configuration system | display set | match encrypt-configuration-files
show configuration system | display set | match no-multicast-echo
show configuration system | display set | match no-ping-record-route
show configuration system | display set | match no-redirects-ipv6
show configuration system | match
Privilege levels
By default, there exist three privilege levels on network devices.
On Cisco Devices
An account with Level 15 privileges is required on Cisco devices for Saner Network Scanner to perform authenticated network scans.
- Level 0—Users have minimal access and can run commands such as ping, traceroute, show, and telnet.
- Level 1—Users can run commands in User EXEC mode, such as ping, traceroute, show, and telnet.
- Level 15— Users can run commands in Privileged EXEC mode. They can also enter global configuration mode and run commands for device configuration, management, and debugging.
On Fortinet Devices
An account with Super administrator privileges is required for Saner Network Scanner to perform authenticated network scans on Fortinet devices.
- Read-only administrator – Users have view-only access to configurations, logs, and system status.
- Custom administrator – Users have permissions for specific areas, such as the firewall, VPNs, and logs. Depending on the configured permissions, they can read, write, or have no access to certain features.
- Super administrator – Users have full access to all features and settings. They can configure the device, manage users, and perform firmware updates.
On Juniper Devices
An account with Superuser privileges is required on Cisco devices for Saner Network Scanner to perform authenticated network scans.
- Read-only – Users can view configuration and status information but can’t make changes.
- Operator – Users can run operational commands, such as show, ping, traceroute, and restart services. They can’t enter configuration mode or change device settings.
- Superuser – Users have full administrative access. They can enter configuration mode, manage user accounts, and perform system-level tasks.
| Note: Please refer to the manufacturer’s official website for detailed information about the privilege levels available on a specific device. |
