The PERL directory contains the heart of the utilities that make up the SATAN program. Notice that the html.pl program acts as SATANs web daemon, listening on a TCP port, authenticating HTML page requests, and responding with the appropriate HTML page.
This directory includes the following files:
perl/config.pl. Rewrites the satan.cf file based on changes made through the web interface
perl/cops2satan.pl. Converts COPS warning report into SATAN rules (this is experimental and not accessible from the web interface)
perl/domains.pl. Sifts information by domain names
perl/get_host.pl. Uses gethostbyaddr() or gethostbyname() to find the fully qualified domain name of a host
perl/getfqdn.pl. Uses nslookup to find the fully qualified domain name of a host
perl/hostname.pl. Finds own hostname
perl/hosttype.pl. Classifies host by banner info
perl/html.pl. Acts as HTML server with md5 authentication (this is the SATAN Web daemon)
perl/infer_facts.pl. Generates new facts based on rules
perl/infer_todo.pl. Generates list of new targets based on todo information
perl/misc.pl. Contains utility subroutines
perl/policy-engine.pl. Guides the selection of targets according to policies set in the configuration file
perl/reconfig.pl. Replaces program names in SATAN with pathnames indicated in file.paths
perl/run-satan.pl. Sets up list of targets, executes scans against targets, collects facts, processes todo information, and saves data
perl/satan-data.pl. Includes data management routines
perl/services.pl. Classifies host by services used and provided
perl/severities.pl. Classifies vulnerabilities
perl/shell.pl. Runs a command and uses a timeout to ensure that it finishes
perl/socket.pl. Executes sys_socket binary
perl/subnets.pl. Sifts subnet information
perl/suser.pl. Checks if SATAN is running as root
perl/targets.pl. Generates target lists, executes target probes, and saves scan information
perl/todo.pl. Stores and processes information about hosts discovered while scanning a targetto do information
perl/trust.pl. Maintains trust statistics
perl/status.pl. Maintains time, date, and status file
Note: PERL 5.000 (or later) is required to run SATAN. PERL 5.000 is available from any FTP archive that mirrors the gnu distributions, including the following:
Even though SATAN consists of a large number of PERL, C, and HTML files, building SATAN is quite straightforward and quick. Considering the flexibility of SATANs modular design, the ease of use of SATANs user interface, and the powerful functionality, SATAN is extremely easy to build. (SATANs only possible weakness could be its speedas a result of the large number of PERL scripts and modularity, SATAN is not as fast as a comparable monolithic binary.)
Note that building SATAN basically consists of modifying pathnames to correspond to your system, and compiling the few binary utilities. The entire process takes only a few minutes.
Follow these steps to build SATAN:
1. Edit the paths.pl and paths.sh files in config/ to point to the actual location of utilities on your system.
2. Edit the config/satan.cf file to correspond to your requirements. Specifically, you should consider adding entries to $only_attack_these and $dont_attack_these. These two variables provide control over what hosts are included in SATAN scans. For example, you might want to run scans only against systems inside notreal.com, so you would use the $only_attack_these variable to limit the scans to hosts inside the notreal.com domain.
Note: You can make modifications to satan.cf from within SATAN using the SATAN Configuration Management screen.
3. Run the reconfig script. It patches scripts with the path for PERL 5.00x and a web browser. If the web browser selected by reconfig is inappropriate, edit the config/paths.pl file to point to the web browser of choice. Notice that the variable for a web browser is called $MOSAIC.
4. Run the make command in the satan-1.1.1/ directory. You need to specify a system type, such as irix5.
5. The authors of SATAN recommend that you unset proxy environment variables or browser proxy settings.
6. Su or log in to root.
7. Run the SATAN script. If no command-line arguments are given, the script invokes a small web (HTML) server, html.pl, and the web browser to talk to this HTML server.
At this point, the primary SATAN screen is displayed and you are ready to use SATAN.
To use SATAN from the command line, you must list command-line arguments as indicated by the satan.8 man page. Note that the authors recommend against using the command-line version of SATAN, because the user interface involves many command-line arguments that can be somewhat confusing. The web interface is much easier to use.
Using SATANs HTML Interface
The interactive version of SATAN consists of a sequence of HTML pages that are viewed through the web browser. The general structure consists of a control panel that leads to five different functional areas: data management, target selection, reporting and analysis, configuration management, and documentation. Most screens give a link back to the SATAN Control Panel.