A COMPREHENSIVE REVIEW OF IOT VULNERABILITY SCANNING: ACTIVE, PASSIVE, AND HYBRID METHODOLOGIES

Abstract

The Internet of Things (IoT) is a rapidly emerging paradigm that has led to billions of devices being exposed to exploitation because there has not been a standard security protocol to regulate the IoT. Compared to conventional IT assets, IoT devices that have limited resources usually do not have inbuilt antivirus features, necessitating vulnerability assessment at the network level. This paper reviews the most recent state-of-the-art IoT security scanning mechanisms published between 2020 and 2025. We distinguish two main taxonomies of existing methods: Active Scanning (where deterministic probing (e.g. Nmap, Shodan) is used to quickly enumerate devices) and Passive Monitoring (where Machine Learning (ML) is used to identify traffic anomalies). Although the ML-based Intrusion Detection Systems (IDS) are highly accurate, our analysis indicates that there is a high computational overhead, which prevents its use on edge gateways. On the other hand, active scanning methods offer lightweight real-time risk analysis with the difficulties of network overload and protocol heterogeneity, such as MQTT and RTSP. This analysis reveals some of the most critical research gaps such as the absence of real-time and lightweight tools for edge deployment, and the inconsistency of protocol detection in the modern world. Lastly, we provide the future directions of scalable and secure IoT ecosystems.