Network devices such as routers, switches, and wireless access points also have vulnerabilities. Like servers, they have their own operating systems with services and features. They are also usually managed remotely using HTTP/S, SSH, or telnet. Because of the central role they play in connecting other devices, a compromised network device can cause serious disruptions, even network outages. As a penetration tester, you will want to look not only for vulnerable services and protocol stacks, but also ways to gain remote administrative access. When scanning network devices, a general scanner will show open ports but might not know how to test the specific devices. Be sure to choose a scanner that can specifically target the network devices you are scanning.

When scanning network devices, consider which IP address the device can be reached on. For example, a router is likely to have at least two IP addresses, but a switch might not have any. You can configure higher-end switches with a management IP address that you can make a remote connection to. Consider scanning all available IP addresses for the network device, just in case packet filtering or policies disallow some traffic on some interfaces.