SAINT Documentation
WWDSI
SAINT Home
--------

SAINTwriter

Note: SAINTwriter will be available in Fall 2000. The information in this document is subject to change before the product is released.

SAINTwriter™ is an additional component to SAINT which plugs into SAINT's graphical user interface and allows you to generate a variety customized reports. SAINTwriter™ features six pre-configured reports, four report formats (HTML, text, tab-separated text, and comma-separated text), and over 50 configuration options. This document will cover the following areas:

  1. System Requirements
  2. Installation
  3. Registration
  4. Generating pre-configured reports
  5. Generating custom reports
  6. Command-line usage

System Requirements

SAINTwriter™ requires the following software:
  • SAINT 3.0 or higher
  • PERL 5.004 or higher, which you already have if you're running SAINT
  • A web browser if you wish to use the GUI. (A command line interface is available if you don't have a browser.)
SAINTwriter™ also has the following system requirements:
  • One of the following UNIX platforms:
    • Linux (x86)
    • FreeBSD (x86)
    • Solaris (SPARC)
  • About 100k disk space in addition to that required for SAINT. More may be required if you need to generate large reports.
  • At least 16M memory is recommended. More may be necessary for very large scans.

Installation

Installation of SAINTwriter™ can be done in three easy steps.
  1. Go to http://www.wwdsi.com/saintwriter and follow the instructions for downloading SAINTwriter. Note that you must choose the correct operating system and architecture for your system in order for SAINTwriter to work. If you are not sure which one to download, try one and see if it works. If you see an eight-digit serial number on the registration screen, you chose the right one.
  2. Set executable mode on the file, i.e.
    chmod u+x saintwriter
  3. Place the downloaded file in the saint-x.x/bin directory. For example, if you are using saint-2.1.2, you would enter:
    mv saintwriter saint-2.1.2/bin
That's all there is to it. SAINTwriter is now ready to use.

Registration

SAINTwriter™ can be used for free to generate reports on a limited number of hosts. To use the product in this fashion, simply install it and begin. To report on a larger number of hosts, a license key is required. The key can be generated by registering the product.

To register the product:

  1. Go to http://www.wwdsi.com/saintwriter and follow the instructions for registering the product. The registration procedure will allow you to create a user account and password.
  2. When payment is received, you will be allowed to log into your account and generate a key to use SAINTwriter™. When you generate your key, you will be asked to enter your specific Class C network(s).
  3. Place the key in your saint directory. At this point you can begin using SAINTwriter™.
When you register the product, you will be able to customize your license. Licenses vary in the number of Class C networks that may be included in your key, the maximum number of hosts on those networks that may be included in your reports, and the number of times you may re-generate your key for different sites. The key will correspond to your selection. Once your key is in place, you will be able to use it to generate reports on scans of any set of hosts which meet the conditions of your license. If the scan includes more hosts than your license allows, or if it includes hosts on networks which are not included in your key, then you will see a message indicating that a subset of the scanned hosts will be excluded from the report.

Generating Pre-configured Reports

SAINTwriter™ includes six pre-configured reports designed to quickly provide reports which will be the most useful for specific purposes. To generate a pre-configured report:
  1. From the SAINT GUI, go to Data Analysis, and from there go to SAINTwriter.
  2. Read the descriptions of the six pre-configured reports and select the one which best suits your needs.
  3. Do not choose customize. (This option will be discussed below.)
  4. Choose the report format.
    • HTML is usually the best choice, and is the only format which allows you to see pie charts and bar graphs.
    • Text is a useful alternative if you intend to view the report on a machine without a web browser.
    • Tab-separated and comma-separated reports are useful for importing into documents, spreadsheets, or databases. These formats are useful with the Technical Overview report.
  5. Click on the Continue button to create your report. If you chose HTML format, you will be able to view the report at this point. If you chose a different format, it may appear misformatted. This is okay; it will look right when it is saved.
  6. Save the report. In most browsers, this is done by choosing Save As under the File menu. In Lynx, the procedure is slightly different; at the previous step, highlight the Continue button and press D to save the report.

Generating Custom Reports

To generate a custom report, follow the same procedure as for a pre-configured report, selecting the report type you want to customize. But do check the customize box. When you click on the continue button, the configuration screen will appear. The configuration screen is a form containing every available SAINTwriter option, pre-loaded with the default values for the report type you selected. Each item on the configuration screen has a description of what the item does to the report, so a description of the individual options will not be discussed here.

At the top of the configuration screen is a hyperlinked table of contents to help you navigate through the form. When you are finished customizing the report, click on the Go button to save the changes and generate the report.

The sections of the configuration screen are as follows:

  • Registration: This section is where you put your registration code. If you entered it previously, it will already be there.
  • Charts, Lists, and Technical Details are the three main sections of the report. Charts present an overview in the form of pie charts, bar graphs, and tables. Lists are tables which present more specific information on hosts and vulnerabilities. Technical details, the most in-depth part of the report, contains text from SAINT's tutorials. These sections of the configuration form are where you choose exactly what parts will and will not be included in the report, and other options which affect the way the information is presented.
  • Vulnerabilities: This section allows you to specify which vulnerabilities to include in the report. There are options to select all vulnerabilities in a given severity level, and options to select specific vulnerability categories and services. This part of the form is generated dynamically; only the vulnerability categories and services relevent to the current scan results will be presented as options.
  • Sorting: This section allows you to specify the order in which the hosts, subnets, vulnerability categories, and tutorials will be sorted.
  • Hosts: This section allows you to narrow your report down to specific domains, IP address ranges, or host types.
  • Format: This section contains the same format options as the previous screen. If the format has already been chosen, it will not need to be changed.
  • Other options: This section contains miscellaneous options.
  • Go: Go to this section when you are finished configuring the report. Clicking on the Go button will save any changes and generate the report.

Command-line Usage

The SAINTwriter™ graphical user interface acts as a user-friendly wrapper for SAINTwriter. If the GUI is not desired, SAINTwriter can be used directly from the command line instead. This may be desirable when non-HTML reports are being generated, or on machines which don't have a browser.

To use SAINTwriter™ from the command line, change to the saint-x.x directory (e.g. saint-2.1.2). The syntax is:

bin/saintwriter [-s] [-c configuration]
The -s option causes SAINTwriter to output the serial number and then exit.

The -c option specifies the configuration file. This is typically one of the six reports: full.cf, long_exec.cf, short_exec.cf, tech.cf, linked_tech.cf, or detail.cf. But the configuration file can be anything that exists in the config/saintwriter directory. If the -c option is omitted, the default configuration file is full.cf.

The output from SAINTwriter goes directly to standard output, so you'll usually want to redirect standard output to a file, e.g.

bin/saintwriter -c full.cf > report.html
Reports can be customized by editing the corresponding configuration file in the config/saintwriter directory. (This is also where you need to put the registration code.) As in SAINT, all options in SAINTwriter have a corresponding variable in the SAINTwriter configuration file. The default configuration files contain descriptive comments to help you configure the report, and the configuration variables appear in approximately the same order as in the GUI's configuration screen.

The only tricky part to editing the configuration by hand is in the Vulnerabilities section, and only if you are selecting specific categories rather than an entire severity level. These options are created dynamically by the GUI based on the scan results, so they do not have corresponding variables in the configuration file by default. If you wish to select a specific vulnerability category or service, you must create a new variable and set its value to "on". The variable name is the severity color, followed by an underscore, followed by the category or service name, with spaces replaced by underscores. The new variable should be placed between the "begin vulnerabilities" comment and the "end vulnerabilities" comment. For example, if you wish to tell SAINTwriter to include all "http cgi access" vulnerabilities with "red" (critical) severity, the configuration would look like this:

# Begin vulnerabilities (do not remove this line)
$red_http_cgi_access = "on";
# End vulnerabilities (do not remove this line)
Of course, this is not necessary if the $allreds variable is set to "on", because this variable already includes all "red" vulnerabilities.

Back to the Documentation TOC/Index