SAINT (software) - SAINTexploit Penetration Testing Tool

SAINTexploit Penetration Testing Tool

The integrated penetration testing tool, SAINTexploit, demonstrates the path an attacker could use to breach a network and quantifies the risk to the network. SAINTexploit includes a Web site emulator and e-mail forgery tool.

Penetration testing tools from SAINT are designed to simulate both internal and external real-world attacks. This type of testing identifies the methods of gaining access to a target and understanding the techniques used by attackers. There are many levels and types of penetration testing and the scope of the project should be well defined. Targets included in the scope could include popular protocols, network devices, databases, Web applications, desktop applications, and various flavors of operating systems.

SAINT focuses on the development of exploits where a shell can be established. A shell, or shellcode, is where all exploits included offer a command shell/direct connection to the target from the computer performing the testing. Exploits target operating systems, desktop applications, databases, Web applications, protocols, and network devices. The most common exploit types included in SAINTexploit include the following:

• Remote Exploit – These attacks are launched across the Internet or network against a vulnerable target without the user having previous access to the system.

• Client Exploit – The victim must access the attacker’s resource for a successful attack to take place. Common client exploits include e-mail forgery attacks, enticing the user to visit a Web site, or to open a file.

• Local Exploit – In order to launch a local attack, the attacker must have previous access to the victim. (Also known as privilege elevation and tunneling). In this case, the victim's machine is used as the launch pad for connecting to other vulnerable targets.