SAINTscanner and exploit
Strengths: Vulnerability and penetration testing in one easy-to-use product
Weaknesses: Available only for Linux or Mac architectures
Verdict: We were really pleased to see how well this workhorse has matured over the years
SAINTscanner and SAINTexploit are two great tools wrapped up to work together to provide an in-depth view of vulnerabilities throughout a network. While the scanner uncovers the vulnerabilities, it is Saint Exploit that is the true star of this combination. It can run various exploits remotely, locally and through an already compromised target on to others throughout the network.
We found this product to be quite easy to use. Installation is done on a Linux platform, but we found we did not have to be Linux gurus to run it. The installation steps really were the only command-based piece, and the documentation outlined this process quite well. Once installed, all administration is done through an intuitive GUI with simple tab-top navigation. These tools were also very well integrated with each other in the same interface, so there was no bouncing back and forth between them.
This solution performed very nicely in our test environment. After scanning was complete, creating reports was quick and easy with SAINTwriter. These reports gave an excellent amount of detail in an easy-to-read format. You can also view results quickly in the GUI itself, and all the results can be organised by severity, name or host.
Documentation is in the form of a single PDF document. This guide includes all the necessary installation requirements and tasks, as well as a great amount of detail on configuring and using the product. We found this information to be well organised and easy to follow. However, we would have liked to see some screenshots for better and easier understanding of the product.
Saint includes office-hour phone and email technical support, while 24/7 assistance can be purchased for an additional ten per cent of the list price. Other support available on the website includes product documentation, updates, FAQs, compliance information and exploit lists.
At just under £1,400, this product is a good alternative or addition to an already existing penetration tool for almost any size environment. It combines an easy-to-use look and feel with some highly comprehensive testing ability.