SARA Home
SARA Search
Data Management
Target selection
Data Analysis
Configuration Mgt
Documents/CVE
Troubleshooting
Security Auditor's Research Assistant (SARA)
The Security Auditor's Research Assistant (SARA) is a third generation network oriented security analysis and reporting tool developed by the Advanced Research Corporation. SARA is widely used in the U.S. Government and commercial communities. As such, it has been in-the-field validated on the current security exploits of Unix (Sun, SGI, AIX, Linux) and Microsoft Windows XX. Historically, we have been updating SARA once a month with emergency updates as required.
Hundreds of UNIX and Windows vulnerability probes (indexed by CVE)
Integrated with the National Vulnerability Database
Server mode for controlled enterprise access
SARA ReportWriter (tm)
SARA Report Corrections and Drops
SARA Plugins
Briefing Overview of SARA
Additional Information on SARA
SARA has supported the SANS Top 10/20 list since 2000. However Version 6 of the Top 20 is limited in its list of network testable vulnerabilities. We will continue to strive to support those Top 20 items that are truly testable from a remote platform. However, SARA has dropped its support as SANS test tool.
SARA is controlled by the SATAN license which provides public use of the product. Also, SARA agressively pursues external Open Source interfaces to improve product performace
SARA has enabled the following optional tests:
- SMB Processing: SAMBA-TNG will provide SMB support
- HTTPS Processing: Net::SSLeay required. Refer to docs/INSTALL.
- SARA SSH: sssh was not built. Refer to docs/INSTALL.
- SARA SQL: SARA SQL is available for SQL analyses