|
SAINTwriter
SAINTwriter is an additional component to
SAINT which plugs into SAINT's graphical user
interface and allows you to generate a variety of customized
reports. SAINTwriter features seven pre-configured
reports, four report formats (HTML, text, tab-separated
text, and comma-separated text), and over 50
configuration options. This document will cover the
following areas:
- System Requirements
- Installation
- Registration
- Generating pre-configured reports
- Generating custom reports
- Command-line usage
System Requirements
SAINTwriter requires the following software:
- SAINT 3.0 or higher
- PERL 5.004 or higher, which you already have if
you're running SAINT
- A web browser if you wish to use the GUI. (A
command line interface is
available if you don't have a browser.)
SAINTwriter also has the following system requirements:
- One of the following UNIX platforms:
- Linux (x86)
- Solaris (SPARC)
- HP-UX 11
- FreeBSD (x86)
- OpenBSD (x86)
- About 100k disk space in addition to that required
for SAINT. More may be required if you need to generate
large reports.
- At least 16M memory is recommended. More may be
necessary for very large scans.
Installation
Installation of SAINTwriter can be done in three easy
steps.
- Go to
http://www.wwdsi.com/saintwriter and follow the
instructions for downloading SAINTwriter. Note that
you must choose the correct operating system and
architecture for your system in order for SAINTwriter to
work. If you are not sure which one to download, try
one and see if it works. If you see an eight-digit
serial number on the registration screen,
you chose the right one.
- Place the downloaded file in your saint-x.x directory,
where x.x is your version of SAINT. For example, if
you are using SAINT 3.0:
mv saintwriter-install.gz saint-3.0
cd saint-3.0
- gunzip the file. (If your browser dropped the .gz
extension from the filename, then first rename it so it ends
in .gz.)
- Set executable mode on the file, i.e.
chmod u+x saintwriter-install
- Run the installation program:
./saintwriter-install
That's all there is to it. SAINTwriter is now ready to use.
Registration
SAINTwriter can be used for free to generate reports
on a limited number of hosts. To use the product in this
fashion, simply install it and begin.
To report on a larger number of hosts, a license key is required.
The key can be generated by registering the product.
To register the product:
- Go to http://www.wwdsi.com/saintwriter
and follow the instructions for registering the product.
The registration procedure will allow you to create
a user account and password.
- When payment is received,
you will be allowed to log into your account and generate
a key to use SAINTwriter. When you generate your
key, you will be asked to enter your specific Class C
network(s).
- Place the key in your saint directory. At
this point you can begin using SAINTwriter.
When you register the product, you will be able to customize
your license. Licenses vary in the number of
hosts that may be included in your reports, and in
the IP address range of the target network.
The key will correspond to your selection.
Once your key is in place, you will be able
to use it to generate reports on scans of any set of hosts
which meet the conditions of your license.
If the scan includes more hosts than your license allows,
or if it includes hosts on networks
which are not included in your key, then you will see
a message indicating that a subset of the scanned hosts
will be excluded from the report.
Generating Pre-configured Reports
SAINTwriter includes seven pre-configured reports
designed to quickly provide reports which will be the
most useful for specific purposes. To generate a pre-configured
report:
- From the SAINT GUI, go to Data Analysis, and
from there go to SAINTwriter.
- Read the descriptions of the seven pre-configured
reports and select the one which best suits your needs.
- For Trend Analysis reports only: Choose the data
sets which you wish to be included in the trend analysis.
Hosts and vulnerabilities will be tracked chronologically
across the data sets you choose, producing history charts
and status classifications.
- Choose the report format.
- HTML is usually the best
choice, and is the only format which allows you to see
pie charts and bar graphs.
- Text is a useful alternative
if you intend to view the report on a machine without a
web browser.
- Tab-separated and comma-separated reports
are useful for importing into documents, spreadsheets,
or databases. These formats are useful with the
Technical Overview report.
- Click on the Continue button to create your report.
You will be able to view the
report at this point.
- Save the report. In most browsers, this is done by
choosing Save As under the File menu.
In Lynx, the procedure is slightly different; at
the previous step, highlight the Continue button
and press D to save the report.
Generating Custom Reports
To generate a custom report, follow the same procedure
as for a pre-configured
report, but select Other as the report type.
Enter a name for the new report type, and choose one of
the seven pre-configured report types to use as a template.
When you
click on the continue button, the configuration
screen will appear. The configuration screen is
a form containing every available SAINTwriter option,
pre-loaded with the default values for the template
you selected. Each item on the configuration screen has
a description of what the item does to the report, so
a description of the individual options will not be
discussed here.
At the top of the configuration screen is a hyperlinked table
of contents to help you navigate through the form. When
you are finished customizing the report, click on the
Go button to save the changes and generate the
report.
The sections of the configuration screen are as follows:
- Charts, Lists, and Technical Details are the
three main sections of the report. Charts present an
overview in the form of pie charts, bar graphs, and tables.
Lists are tables which present more specific information on hosts
and vulnerabilities. Technical details, the most in-depth part
of the report, contains text from SAINT's tutorials. These
sections of the configuration form are where you choose
exactly what parts will and will not be included in the
report, and other options which affect
the way the information is presented.
- Vulnerabilities: This section allows you
to specify which vulnerabilities to include in the report.
There are options to select all vulnerabilities in
a given severity level, and options to select specific
vulnerability categories and services. This part of the
form is generated dynamically; only the vulnerability
categories and services relevent to the current scan
results will be presented as options.
- Sorting: This section allows you to specify
the order in which the hosts, subnets, vulnerability
categories, and tutorials will be sorted.
- Hosts: This section allows you to narrow
your report down to specific domains, IP address
ranges, or host types.
- Format: This section contains the same
format options as the previous screen. If the format
has already been chosen, it will not need to be changed.
- Trend Analysis: This section allows you to choose
which data sets to analyze in Trend Analysis reports, and
offers several options which affect how the status categories
are formed.
- Other options: This section contains
miscellaneous options.
- Go: Go to this section when you are finished
configuring the report. Clicking on the Go button
will save any changes and generate the report. The
configuration changes will be available for future use
by choosing Other as the report type, and selecting
the report type by name from the drop-down menu.
Command-line Usage
The SAINTwriter graphical user interface acts
as a user-friendly wrapper for SAINTwriter. If the
GUI is not desired, SAINTwriter can be used directly
from the command line instead. This may be desirable
when non-HTML reports are being generated, or on
machines which don't have a browser.
To use SAINTwriter from the command line, change
to the saint-x.x directory (e.g.
saint-3.4). The syntax is:
bin/saintwriter [-s] [-v] [-c configuration]
The -s option causes SAINTwriter to output the
serial number and then exit.
The -v option causes SAINTwriter to output the
version number and then exit.
The -c option specifies
the configuration file. This is typically one of the seven
reports: full.cf, long_exec.cf, short_exec.cf, tech.cf, linked_tech.cf,
detail.cf, or trend.cf. But the configuration file can be anything that exists
in the config/saintwriter
directory. If the -c option is omitted, the default
configuration file is full.cf.
The output from SAINTwriter goes directly to standard output,
so you'll usually want to redirect standard output to a
file, e.g.
bin/saintwriter -c full.cf > report.html
Reports can be customized by editing the corresponding
configuration file in the config/saintwriter
directory. (This is also where you need to put
the registration code.) As in SAINT, all
options in SAINTwriter have a corresponding variable in
the SAINTwriter configuration file. The default configuration
files contain descriptive comments to help you configure
the report, and the configuration variables appear in
approximately the same order as in the GUI's configuration
screen.
The only tricky parts to editing the configuration by hand
are in the Vulnerabilities section and the Trend Analysis
section, and only if you are selecting specific categories rather than
an entire severity level or multiple data sets for trend analysis.
These options are created
dynamically by the GUI based on the scan results, so
they do not have corresponding variables in the configuration
file by default.
If you wish to select a specific vulnerability category
or service, you must create a new variable and set its value
to "on". The variable name is the severity color, followed by
an underscore, followed by the category or service name, with spaces
replaced by underscores. The new variable should be placed between
the "begin vulnerabilities" comment and the "end vulnerabilities"
comment. For example, if you wish to tell SAINTwriter to include
all "http cgi access" vulnerabilities with "red" (critical)
severity, the configuration would look like this:
# Begin vulnerabilities (do not remove this line)
$red_http_cgi_access = "on";
# End vulnerabilities (do not remove this line)
Of course, this is not necessary if the $allreds
variable is set to "on", because this variable
already includes all "red" vulnerabilities.
If you wish to select a data set to include in a trend
analysis report, you must create a new variable whose name
is the word "dataset", followed by the name of the data set
in curly brackets ({}). The value of the variable should
be set to "on". The new variable should be placed between
the "begin data sets" comment and the "end data sets" comment.
For example, to tell SAINTwriter to analyze the data sets
called "Jan", "Feb", and "Mar", the configuration would look
like this:
# Begin data sets (do not remove this line)
$dataset{'Jan'} = "on";
$dataset{'Feb'} = "on";
$dataset{'Mar'} = "on";
# End data sets (do not remove this line)
Back to the Documentation TOC/Index
|