[puerto]

Scanning is the second phase of the standard hacker attack procedure. Phases of hacking:

Phase 1—Reconnaissance Phase 2—Scanning Phase 3—Gaining Access Phase 4—Maintaining Access Phase 5—Covering Tracks

Regarding this guy's intention, you're probably right. The main reason why I'm commenting here is that guys with good intentions don't get themselves in the trouble for not knowing what they're doing.

Finding vulnerabilities in software on your machine and hacking other people's systems are entirely different things. By testing software you're not violating anything (except maybe EULA for some licences). By hacking other people's systems, you're committing a crime.

> What do you think would Google do, if this student used scanner(or something else) on gmail and found bug and then told Google about it? At first, they would treat it like an attack. Like almost any other company would do. I have no idea what would happen later.

[Dylan16807]

But you wouldn't call reconnaissance hacking, would you? That's just vaguely looking at the site and information about the company. Step 2, pointed at something like a webserver, does not connect to any systems the person is not supposed to have access to. Only step 3 crosses the line.

[puerto]

Good point, I wouldn't call reconnaissance hacking. For two reasons: 1) It's a passive method 2) It's not done on the attacked system.

Scanning is an active method and it's done on the attacked system. Web scanning is not the same as web crawling (downloading pages of the site). It include all kinds of invasive tests, like SQL Injection, XSS, command injection and other attack attempts. It can cause many kinds of problems, named here in this thread.

From security perspective, scanning is an attack. Everyone who uses these tools should be aware of this.