Extending SAINT

One of the best parts of SAINT^™ is that it is so easy to modify, configure, and add your own probes and vulnerability checks
to the system. All of the probes are files that end in .saint
and are kept in the bin subdirectory; the rules to add new
vulnerability checks are in the rules subdirectory (see the
section on saint rules for more information on the rulesets.) SAINT™ tests for vulnerabilities are roughly done as follows:

Initial data collection, via .saint files. Save this info into the database (ASCII text files). This will be either informational or vulnerability data.
When the user fires up the HTML browser, SAINT™ examines the database for explicit vulnerabilities, then checks the rulesets to see if it can infer other vulnerabilities (such as finding an old sendmail version or something.)

If you want to add another .saint test - perhaps checking for the latest sendmail bug or something - there are a few things that must be done, depending on your test:

Create an executable that checks for the problem you'd like to scan for. It generally will take one argument - a hostname that is the target of the probe.
Have the probe output a valid SAINT™ output record - see the SAINT database format document for more on this.
If it is a C program or something that must be processed or compiled before being run, either modify an existing SAINT™ makefile to do so, or create your own.
Decide what severity level it will be run at; either light, normal, or heavy, and modify the appropriate variable in the saint.cf file.

If you want to modify the rulesets, see the saint rules section to see how to create a rule that will check for a vulnerability.

Finally, you'll want to create an information file (we call them tutorials.) This explains the vulnerability, tells how to fix or otherwise deal with the problem, points to applicable CERT or vendor advisories, etc. There are examples of these in the html/tutorials/vulnerabilities subdirectory.

Important! Look at the canonical output of the tool (see the saint database for more details on this) - for instance, for REXD, it's "REXD access".

The filename will be identical to the canonical output, with underbars ("_") instead of spaces, with an ".html" suffix. E.g., for REXD, the filename is REXD_access.html.

That's it! Place the executable (or have make do so after processing the source file) in the bin SAINT™ subdirectory with the rest of the .saint files. It will be run against any target that has an attack level that corresponds to your probe.

If you want to give your news tests or changes to the world, the best thing to do is to generate a patch using the diff command that can be run against the latest released version of SAINT™. Feel free to send it to: saint@wwdsi.com