Adding your own .satan probes
One of the best parts of SATAN is that it is so easy to modify, configure,
and add your own probes to the system. All of the probes are files that
end in .satan; if you want to add another test -
perhaps checking for the latest sendmail bug or something - there are
four things that must be done:
- Create an executable that checks for the problem you'd like to scan
for. It generally will take one argument - a hostname that is the
target of the probe.
- Have the probe output a valid SATAN output record - see the
SATAN database format document for more on
this.
- If it is a C program or something that must be processed or
compiled before being run, either modify an existing SATAN makefile to
do so, or create your own.
- Decide what severity level it will be run at; either light,
normal, or heavy, and modify the appropriate variable
in the satan.cf file.
That's it! Place the executable (or have make do so after
processing the source file) in the main SATAN directory with the rest of
the .satan files. It will be run against any target that
has an attack level that corresponds to your probe.
Next Section (Dangers of SATAN)
Back to the TOC/Index