Saint Scanner + Exploit
Strengths: Simple to setup, good user interface and well-organized reports. Exploit attempts penetration for found vulnerabilities.
Weaknesses: Not easy to find support on the website, some support tools found on many vendor websites are not present on the SAINT site.
Verdict: Still a good workhorse, Saint now sports penetration capabilities. While not the best performer in our tests, still, solid results were the order of the day.
We have been watching Saint a long time. Saint, as many old-timers may recall, began life as an open source version of Satan, one of the first serious open source vulnerability scanners. Eventually the tool was commercialized and it has maintained many of its open source roots. It is a work horse, dependable and, until recently, a bit difficult to deploy unless you were pretty good with Linux. The display was, at best, plain vanilla. All that has changed with the current release.
Today’s Saint is a solid combination of scanner and pen testing tool. It is easy to set up from the Linux command prompt and the website provides access to the required license key. The clean, well-organized user interface makes it easy to launch scans or penetration tests and the data collection window makes viewing results easy.
We found the number of vulnerabilities that SAINT found to be typical of many vulnerability scanners. Unlike most products we tested, Saint uses "Critical", "Areas of Concern", and "Potential Problems" instead of the more common "High", "Medium" and "Low" to describe findings. We found that Saint Scanner identified about 89 percent of the known vulnerabilities in our test bed. However, Saint also attempts to penetrate and just because a vulnerability appears to exist does not mean that it can be exploited.
Saint uses SAINTexpress to perform automatic updates before each scan and we found the reporting generally well-conceived. Functionally and from the standpoint of performance the product carries out all basic functions to a satisfactory level. This is what the product purports to do and it delivers.
Support is adequate, consisting of email and phone support. There is 24-7 phone support available as an extra cost option. We would have liked to see a more obvious support page on the web site. There is no tab for "Support" and we had to search the site to find any support information. Also missing we frequently asked questions and user forums, features that are becoming the norm on many developer web sites across the industry.
Pricing is based upon the scope of the license. For example, the combination of Scanner and Exploit of a Class C address space is $4,390 while an unlimited license is $15,895. This pricing places SAINT in the middle of the cost spectrum for this kind of tool.
Saint Scanner + Exploit has been rated Recommended by SC Magazine.