SARA

The Security Auditor's Research Assistant is a Unix-based network scanner that can detect a set of known vulnerabilities on a host or network and can follow trust relationships to detect remote vulnerabilities that affect the primary target.

SARA evolved out of SAINT which, in turn, evolved out of SATAN. The core engine remains the same, with updated vulnerability tests and an improved user interface. In default mode, it gathers information on its primary targets via port scanning and interrogation of open ports. In exploratory mode it also analyzes the trust dependencies of its targets and scans any trusted systems for vulnerabilities. It does not require any permissions on the hosts being scanned, and one of the major concerns in using it is keeping it from wandering into inappropriate hosts. It uses an intuitive hypertext interface for both running the tests and reporting the results.

URL: http://www-arc.com/sara/sara.html

The documentation states that SARA has been run successfully on

SunOS 4.1.3_U1
SunOS 5.3-5.7
Irix 5.3-6.5
Slackware Linux (3.x, 4.x)
Red Hat Linux (4.x, 5.x, 6.x),

and that the developers believe it will also run on AIX, BSD, HP-UX, SunOS 5, SYSV-R4, and Ultrix 4.x.

Pros

It's open source.
It has a good user interface.
It works on a wide variety of platforms.
It's supported by regular updates.
It provides a clear visualization of trust relationships and network topology.

Cons

It may violate policy or law by following trust to inappropriate hosts.
It's a memory hog.

Rating: Recommended. SARA is a well regarded network scanner, and is currently supported by twice-monthly vulnerability updates. It is also refreshingly easy to use.

Axes:
Static vs. Dynamic: Dynamic
Library vs. Instrumenting: Library
Testing vs. Production: Production
Opaque vs. Clear: Opaque
List vs. Heuristic: List
Conservative vs. Liberal: Either, depending on settings
Concurrent vs. Single Program: Concurrent
Alert vs. Fix: Alert with suggestions for fix

Evaluated by Homer Briggs on 8/21/2000