![]()
|
Extending SAINTOne of the best parts of SAINT is that it is so easy to modify, configure, and add your own probes and vulnerability checks to the system. All of the probes are files that end in .saint and are kept in the bin subdirectory; the rules to add new vulnerability checks are in the rules subdirectory (see the section on saint rules for more information on the rulesets.) SAINT tests for vulnerabilities are roughly done as follows:
Finally, you'll want to create an information file (we call them tutorials.) This explains the vulnerability, tells how to fix or otherwise deal with the problem, points to applicable CERT or vendor advisories, etc. There are examples of these in the html/tutorials/vulnerabilities subdirectory. Important! Look at the canonical output of the tool (see the saint database for more details on this) - for instance, for REXD, it's "REXD access". The filename will be identical to the canonical output, with underbars ("_") instead of spaces, with an ".html" suffix. E.g., for REXD, the filename is REXD_access.html. That's it! Place the executable (or have make do so after processing the source file) in the bin SAINT subdirectory with the rest of the .saint files. It will be run against any target that has an attack level that corresponds to your probe. If you're feeling really womanly or manly, and want to give your news tests or changes to the world, the best thing to do is to generate a patch using the diff command that can be run against the latest released version of SAINT. Feel free to send it to: saint@wwdsi.com Back to the Reference TOC/Index |