Very Computer

SAINT (based upon SATAN) is a freely available
network security scanner which runs on UNIX
platforms. This release includes all of the new
checks found in SAINT 1.4.1 beta 1, with additional
checks for sadmind, Trinoo, DRAT backdoor,
SSH, and QPOP vulnerabilities.  This release
also fixes a number of bugs that were present
in earlier versions.

SAINT 1.4.1 is available at
http://www.wwdsi.com/saint

Sam Kline
Information Security Specialist
World Wide Digital Security, Inc.

Sent via Deja.com http://www.deja.com/
Before you buy.

thanks,
Kevin

--
In vino veritas
http://www.eden.com/~ktneely

  perl reconfig
  make linux
  ./saint

]Does anyone hae any hints on setting this up on Linux?  I looked at
]their website and the system is primarily designed for SunOS and IRIX,
]neither of which I have.  I have a RedHat 6.1 box sitting next to me
]and would like to use it to scan a (primarily) windows NT network,
]espeially now that SAINT looks for the RDS bug in IIS.

Compile it and run it. No problem, at least on a REdhat 5.2 system. Just
ran it over Christmas.

Quote:

> Does anyone hae any hints on setting this up on Linux?  I looked at
> their website and the system is primarily designed for SunOS and IRIX,
> neither of which I have.  I have a RedHat 6.1 box sitting next to me
> and would like to use it to scan a (primarily) windows NT network,
> espeially now that SAINT looks for the RDS bug in IIS.

In response to your original question, SATAN (the
precursor of SAINT) was originally tested on Solaris
and IRIX, but it will run on almost any UNIX/Linux
that has PERL 5.x.

Sam Kline
Information Security Specialist
World Wide Digital Security, Inc.

Sent via Deja.com http://www.deja.com/
Before you buy.

  make linux-glibc21

This worked for me (while "make linux" did not).

--

High Energy Theoretical Physics     Tel: 734-763-4325
Department of Physics               Fax: 734-763-2213
University of Michigan, Ann Arbor   http://feynman.physics.lsa.umich.edu/~myers

make[1]: Entering directory `/usr/local/saint-1.4.1'
cd src/misc; make "LIBS=" "XFLAGS=-I/usr/local/saint-1.4.1/include
-D_BSD_SOURC
E -DSYS_ERRLIST_DECLARED -DAUTH_GID_T=int -g" "RPCGEN=rpcgen"
make[2]: Entering directory `/usr/local/saint-1.4.1/src/misc'
cc -O -I. -I/usr/local/saint-1.4.1/include  -D_BSD_SOURCE
-DSYS_ERRLIST_DECLARED
 -DAUTH_GID_T=int -g   -c rex.c -o rex.o
In file included from /usr/include/rpc/rpc.h:45,
                 from rex.c:23:
/usr/include/rpc/xdr.h:303: parse error before `uint8_t'
/usr/include/rpc/xdr.h:305: parse error before `uint16_t'
/usr/include/rpc/xdr.h:307: parse error before `uint32_t'
/usr/include/rpc/xdr.h:309: parse error before `uint64_t'
In file included from /usr/include/rpc/rpc.h:56,
                 from rex.c:23:
/usr/include/rpc/auth_des.h:40: parse error before `uint32_t'
/usr/include/rpc/auth_des.h:40: warning: no semicolon at end of struct
or union
/usr/include/rpc/auth_des.h:47: field `adc_fullname' has incomplete type

/usr/include/rpc/auth_des.h:48: parse error before `uint32_t'
/usr/include/rpc/auth_des.h:48: warning: no semicolon at end of struct
or union
/usr/include/rpc/auth_des.h:54: parse error before `uint32_t'
/usr/include/rpc/auth_des.h:54: warning: no semicolon at end of struct
or union
/usr/include/rpc/auth_des.h:55: warning: data definition has no type or
storage
class
/usr/include/rpc/auth_des.h:63: field `adv_ctime' has incomplete type
/usr/include/rpc/auth_des.h:67: parse error before `uint32_t'
/usr/include/rpc/auth_des.h:67: warning: no semicolon at end of struct
or union
rex.c: In function `rex_command':
rex.c:178: warning: passing arg 3 from incompatible pointer type
rex.c:178: warning: passing arg 5 from incompatible pointer type
rex.c: In function `rex_exit':
rex.c:222: warning: passing arg 3 from incompatible pointer type
rex.c:222: warning: passing arg 5 from incompatible pointer type
make[2]: *** [rex.o] Error 1
make[2]: Leaving directory `/usr/local/saint-1.4.1/src/misc'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/usr/local/saint-1.4.1'
make: *** [linux] Error 2

Any help would be greatly appreciated.

Stephen Kehl

o Is there some way of launching Saint against a specific list
of targets. The current situation seems to be that you can either
launch against a single target or a whole subnet. I have a finite number
or machines I would like to test, but there are in no sort of "subnet".

--
Bill "Houdini" Weiss
PGP key: http://home.att.net/~bill_weiss/bill_weiss.asc
ICQ#: 43270740

--
666 ^ (-1) - Imaginary number of the Beast

Quote:> o Is there some way of launching Saint against a specific list
> of targets. The current situation seems to be that you can either
> launch against a single target or a whole subnet. I have a finite
number
> or machines I would like to test, but there are in no sort

SAINT-1.4.1 allows you to specify a list of
addresses to scan, but only when being run from
the command line.  The syntax for this would be:

./saint [options] <address1> <address2> <address3> ...

./saint -h (to display a list of options)

After the scan completes, you can then view the
results in the usual manner by running saint
and choosing "Data Analysis" from the menu.

The next release of SAINT will allow you to scan
a list of hosts, an address range,
a subnet, or any combination of the above from
either the GUI or the command line. This will
probably be available in February or March.

Sam Kline
Information Security Specialist
World Wide Digital Security, Inc.

Sent via Deja.com http://www.deja.com/
Before you buy.

--

High Energy Theoretical Physics     Tel: 734-763-4325
Department of Physics               Fax: 734-763-2213
University of Michigan, Ann Arbor   http://www.umich.edu/~myers