Most vulnerability scanners will operate by evaluating a number of different responses to attempt to determine whether a system is vulnerable to a specific attack. In some cases, a vulnerability scan may be as simple as establishing a TCP connection with the remote service and identifying a known vulnerable version by the banner that is self-disclosed. In other cases, a complex series of probes and specially crafted requests may be sent to a remote service in an attempt to solicit responses that are unique to services that are vulnerable to a specific attack. In the preceding example, it is likely that the author of the script identified a way to solicit a unique response that would only be generated by either patched or non-patched systems and then used this as a basis to determine the exploitability of any given remote system.