SARA

SARA

Category: Vulnerability Scanners
Website: http://www.www-arc.com/sara/
Manufacturer: Advanced Research
Operating System: Unix/Linux

7
Security Threat Rating

Description:
SARA is a vulnerability scanner that, like SAINT, is based on the old SATAN scanner. The UI is web-based making the tool not nearly as easy to use as the best of the competition such as Retina. Vulnerability finding is below average as is the reporting capability. However it is free, open source, and easily modifiable all making it attractive to hackers.

Strengths:
   · SANS top 20 support
   · Open source
   · Updated 2x a month

Weaknesses:
   · Web UI
   · Sub-par vulnerability finding
   · Poor reporting

Target:
Any machine that has a public IP address that a hacker could scan. Public facing servers are the more vulnerable and the likeliest targets

Mitigation/Recommendation:
patched, updated server

Price:
Free

Penetration (7):
Medium high

Simplicity (7):
A beginner can set up a scan and get results. Requires moderate skill to interpret the results and turn them into exploits

Damage Potential (1):
Minimal Data Gathering Only