Scanner + Exploit
August 04, 2008
$2,695 for a Class C network
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Vulnerability/penetration testing in one easy-to-use product.
- Weaknesses: Available only for Linux or Mac architectures.
- Verdict: We were really pleased to see how well this workhorse has matured over the years. It came within a hair of being our Recommended product.
Saint Scanner and Saint Exploit 6.7.11 are two great tools wrapped up to work together to provide an in-depth view of vulnerabilities throughout a network. To be sure of total security risk, the integration of these products allows for not only vulnerability assessment, but also the attempt at exploiting those vulnerabilities. While the Scanner uncovers the vulnerabilities, it is Exploit that is the true star of this combination. Exploit can run various exploits remotely, locally and through an already compromised target onto others throughout the network.
We found this product to be quite easy to use. Installation is done on a Linux platform, but we found we did not have to be Linux experts to run it. The installation steps really were the only command-based piece of this product, and the documentation outlined these step quite well.
Once installed, all of the administration is done through an intuitive GUI, with simple tab top navigation. We also found that these products were very well integrated with each other in the same interface, so there was no bouncing back and forth between them.
This product performed nicely in our test environment. After scanning was complete, we found that creating reports was quick and easy with Saintwriter. These reports gave an excellent amount of detail in a nice easy to read format. It is also possible to view results quickly in the GUI itself, and all the results can be organized by severity, name or host.
Documentation comes in the form of a single PDF document. This guide includes all the necessary installation requirements and tasks, as well as a great amount of detail on configuring and using the product. We found this documentation to be well organized. However, we would have liked screen shots for easier understanding.
Saint includes eight hours a day/five days a week phone and email technical support, while 24/7 support can be purchased for 10 percent of the list price.
At just under $2,700, this solution is a good alternative, or addition to, an already existing penetration tool for almost any size environment. It combines an easy-to-use look and feel with some highly comprehensive testing ability.
Sign up to our newsletters
SC Magazine Articles
- Long list of devices believed to be affected by NetUSB vulnerability
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- Study: Employees acknowledge risky security behavior, continue to engage in it
- Logjam attack exposes data passed over TLS connections
- Google releases Chrome 43, addresses 37 bugs
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- Thousands of Bellevue Hospital Center patients notified of data breach
- Study: 86 percent of websites contain at least one 'serious' vulnerability
- Investigation ongoing in reported multimillion member Adult FriendFinder breach
- Report: $19M breach settlement between MasterCard, Target terminated
- FTC gives thumbs up to companies that cooperate during breach probes