SATAN Documentation

(Security Administrator Tool for Analyzing Networks)

The Basics

1. Introduction
   1. What is SATAN?
   2. Who should use it?
   3. How does it work?

2. System requirements
   1. OS
   2. Platform
   3. Disk space
   4. Memory
   5. Required software tools
      1. perl
      2. fping
      3. Mosaic

Using SATAN

1. Getting started
   1. What you need to do to run SATAN even if you don't want to read documentation
   2. Getting and compiling all those programs if you don't have them already
   3. What are all the files for?

2. The SATAN User Interface
   1. The Basics
   2. Gathering Data
   3. Data Management
   4. Looking at and understanding the results
   5. Hints, Further tricky security implications, or Getting The Big Picture (tm)
   6. The Command-line Interface

SATAN Guts and Technical Stuff

1. Architecture
   1. Architecture overview
   2. Policy engine
   3. Proximity levels
   4. Target acquisition
   5. Subnet scan
   6. Data acquisition
   7. Scanning levels
   8. Inference engine
   9. Reporting and Analysis

2. The most important file of all - satan.cf

3. The SATAN database record format

4. SATAN Rulesets - what makes SATAN Go
   1. Overriding/dropping SATAN data
   2. Generating new facts
   3. Ascertaining host types
   4. Determining network services
   5. Creating internal task lists

5. Adding your own .satan probes

Notes on SATAN

1. Dangers of SATAN
   1. Controlling SATAN
   2. Boundary issues - keeping track of where it goes
   3. Being a very unfriendly neighbor
   4. Attacking vs. probing vs. scanning
   5. Legal problems with running SATAN

2. Design goals
   1. Toolkit approach
   2. Speed/optimization

3. Philosophical Musings
   1. Why build it?
   2. Why does it scan sites other than your own?
   3. Why wasn't there a limited distribution, to only the "white hats"?
   4. Future directions

References

1. Acknowledgements and dedications
2. References
3. Glossary
4. Copyright notice
5. About the authors