Security Auditor's Research Assistant (SARA) Version Version 7.8.1
ARC
SARA Home

SARA Search

Data Management

Target selection

Data Analysis

Configuration Mgt

Documents/CVE

Troubleshooting

Security Auditor's Research Assistant (SARA)


The Security Auditor's Research Assistant (SARA) is a third generation network oriented security analysis and reporting tool developed by the Advanced Research Corporation. SARA is widely used in the U.S. Government and commercial communities. As such, it has been in-the-field validated on the current security exploits of Unix (Sun, SGI, AIX, Linux) and Microsoft Windows XX. Historically, we have been updating SARA once a month with emergency updates as required.

Hundreds of UNIX and Windows vulnerability probes (indexed by CVE)
Integrated with the National Vulnerability Database
Server mode for controlled enterprise access
SARA ReportWriter (tm)
SARA Report Corrections and Drops
SARA Plugins

Briefing Overview of SARA
Additional Information on SARA

SARA has supported the SANS Top 10/20 list since 2000. However Version 6 of the Top 20 is limited in its list of network testable vulnerabilities. We will continue to strive to support those Top 20 items that are truly testable from a remote platform. However, SARA has dropped its support as SANS test tool.

SARA is controlled by the SATAN license which provides public use of the product. Also, SARA agressively pursues external Open Source interfaces to improve product performace


SARA has enabled the following optional tests:
  • SMB Processing: SAMBA-TNG will provide SMB support
  • HTTPS Processing: Net::SSLeay required. Refer to docs/INSTALL.
  • SARA SSH: sssh is available for ssh analyses
  • SARA SQL: SARA SQL is available for SQL analyses