[SATAN IMAGE]Getting started

What you need to do to run SATAN even if you don't want to read documentation

In a nutshell, all you really have to do is type make, edit the configuration file (config/satan.cf) if desired, and then run SATAN; to use the HTML interface to run SATAN you may simply type satan, then use SATAN Target selection to choose a target. To run SATAN from the command line you would type something like satan victim.com.

Remember - you should run SATAN as "root"!

After the probe is done, you can then go into the HTML interface (again, just type satan), go to the SATAN Reporting & Data Analysis section. Look at the Vulnerabilities section first, then examine the other methods (Information and Trust).

One important caveat!

Remember, if you have the tcpd wrappers or some other mechanism that does a reverse finger, turn off that feature before running SATAN! There is a reasonable chance that someone else out on the network will have the same feature turned on, and you do NOT want to enter into a "finger war" or infinite loop of fingers going back and forth between you and your targets, each of you slowly getting buried in mail and/or logs. Make sure to turn it back on after finishing the data collection, of course!

Getting and compiling all those programs if you don't have them already

You'll need perl5 (see system requirements) as well as a C compiler to get SATAN running properly. To compile and prepare SATAN, look at the first section of the SATAN tutorial.

What are all the files for?

SATAN creates and uses quite a few files, but a user typically only has to really be concerned with one - the configuration file, (config/satan.cf.) Besides the program files that actually run SATAN, the following files are read or generated by SATAN:
  1. bin/* These are the programs that SATAN depends on for data acquisition.
  2. config/* Configuration files that SATAN need to find other programs, and for default settings.
  3. html/*. All of these files are either html pages or perl programs to generate the pages for the user interface.
  4. perl/* Code modules used by either SATAN or by the data acquisition tools.
  5. results/database-name. SATAN databases. Each database is made up of three files:
    1. all-hosts. This is a list of all the hosts that SATAN found out about during the scan, including hosts that it never touched.
    2. facts. This is a list of all the output records emitted by the *.satan tools. These records are what gets processed by SATAN to generate the reports.
    3. todo. This lists all the hosts and probes that SATAN actually ran against the hosts. With this table, SATAN knows what probes it can skip when you scan the hosts again.
  6. rules/*. The rules that SATAN uses to assess the situation and infer facts from the existing information. Extremely flexible (simply perl code that is interpreted), this is one of the most powerful features of SATAN. See the rules section for more.
  7. src/* The source code to some of the SATAN support programs.
Back to the Introductory TOC/Index