In an embodiment, a vulnerability scanner component determines one or more target software objects of a remote file system for a vulnerability scan, and performs, via a file system application programming interface (API), a file system decoding procedure based on information associated with the remote file system to determine a subset of disk blocks of the remote file system that comprise the one or more target software objects. The vulnerability scanner component transmits, to a remote device, a read request associated with the subset of disk blocks, and obtains, in response to the read request, the subset of disk blocks (e.g., rather than a full disk image). The vulnerability scanner component extracts the one or more target software objects from the subset of disk blocks, and performs the vulnerability scan on the extracted one or more target software objects.