Adding your own .satan probes


One of the best parts of SATAN is that it is so easy to modify, configure, and add your own probes to the system. All of the probes are files that end in .satan; if you want to add another test - perhaps checking for the latest sendmail bug or something - there are four things that must be done:

  1. Create an executable that checks for the problem you'd like to scan for. It generally will take one argument - a hostname that is the target of the probe.
  2. Have the probe output a valid SATAN output record - see the SATAN database format document for more on this.
  3. If it is a C program or something that must be processed or compiled before being run, either modify an existing SATAN makefile to do so, or create your own.
  4. Decide what severity level it will be run at; either light, normal, or heavy, and modify the appropriate variable in the satan.cf file.
That's it! Place the executable (or have make do so after processing the source file) in the main SATAN directory with the rest of the .satan files. It will be run against any target that has an attack level that corresponds to your probe.
Next Section (Dangers of SATAN)

Back to the TOC/Index