SARA Home
SARA Search
Data Management
Target selection
Data Analysis
Configuration Mgt
Documents/CVE
Troubleshooting

|
Security Auditor's Research Assistant (SARA)
The Security Auditor's Research Assistant (SARA) is a third generation
network oriented security analysis and reporting tool developed by the
Advanced Research Corporation. SARA is widely used in the U.S. Government
and commercial communities. As such, it has been in-the-field validated on
the current security exploits of Unix (Sun, SGI, AIX, Linux) and Microsoft
Windows XX. Historically, we have been updating SARA once a month with emergency updates as required.
Hundreds of UNIX and Windows vulnerability probes (indexed by CVE)
Integrated with the National Vulnerability Database
Server mode for controlled enterprise access
SARA ReportWriter (tm)
SARA Report Corrections and Drops
SARA Plugins
Briefing Overview of SARA
Additional Information on SARA
SARA has supported the SANS Top 10/20 list since 2000. However Version 6
of the Top 20 is limited in its list of network testable vulnerabilities.
We will continue to strive to support those Top 20 items that are truly
testable from a remote platform. However, SARA has dropped its support
as SANS test tool.
SARA is controlled by the SATAN license
which provides public use of the product. Also, SARA agressively pursues
external Open Source interfaces to improve product performace
SARA has enabled the following optional tests:
- SMB Processing: SAMBA-TNG will provide SMB support
- HTTPS Processing: Net::SSLeay required. Refer to docs/INSTALL.
- SARA SSH: sssh is available for ssh analyses
- SARA SQL: SARA SQL is available for SQL analyses
|