| |
|
|
|
|
|
|
| |
|
|
|
Edit all scanning options
Select an option to change:
| What probe level should be used? | Heavy
|
| Which TCP and UDP ports should be scanned at the heavy level? | TCP: 10008, 10202, 10203, 12168, 12754, 13701, 13722-13724, 13782, 14247, 14942, 15104, 16660, 17781, 20031, 20432, 21700, 25702, 27374, 27665, 32766, 32982, 33270, 33567, 33568, 36010, 36794, 40080, 40180, 41002, 41080, 41443, 41523, 42800, 50000, 50001, 51100, 54345, 60008, 1-1102, 1104-1525, 1527-5404, 5406-9029, 9031-10000
UDP: 1-19, 53, 67-69, 111, 123, 137-139, 161-162, 177, 1434, 1812, 1813, 1900, 3401, 5060, 5135, 5151, 5632, 7777, 8999, 9900, 17185, 65535, 20-52, 54-66, 70-110, 112-122, 124-136, 140-160, 163-176, 178-1433, 1435-1760, 1763-1811, 1814-1899, 1901-2050, 32767-33500 |
| Which TCP ports should be scanned for host type detection? | Heavy+: 21, 22, 23, 25, 53, 79, 80, 109, 110, 111, 113, 135, 137, 138, 139, 143, 389, 443, 445, 512, 513, 514, 515, 6000
Others: 22, 53, 80, 111, 135, 389, 443, 445, 6000 |
| How many passwords should be guessed against each account? | 2 |
| What password strings should be guessed? | "", "%l", "password", "%b", "%l1"
|
| Dictionary file for password guesses | None |
| Delay between password guesses | No delay |
| What strings do you want to send hosts as part of a TCP scan? | Heavy+: "GET / HTTP/1.0\r\n\r\nQUIT\r\n\r\n"
Others: "GET / HTTP/1.0\r\n\r\nQUIT\r\n\r\n" |
| Should dangerous tests be performed? | No |
| Probe just the target, or its entire subnet (subnet expansion)? | Just the target |
| How many links away from root page should web servers be probed? | 2 |
| Which web directories should always be checked? | /cgi-bin/, /scripts/ |
| Define timeout values (short, medium, long, extra long) | Extra Long: 450
Long: 180
Medium: 75
Short: 30 |
| Which of the above timeout values should be used for each SAINT check? | Medium |
| What timeout values should be used for TCP and UDP port scans? | TCP: 1250
UDP: 120 |
| Parameters for TCP port scans | Initial timeout: 20 secs
Shorter timeout: 5 secs
Timeouts until switch to shorter timeout: 10
Max concurrent connections: 40
Delay between ports: 0 secs
|
| What is the maximum number of threads that can run concurrently? | 0 |
| How far out from the original target should be probed? | 0 |
| As probes move out to less proximate hosts, how much should the probe level be dropped? | 1 |
| What should SAINT do when probes go below 0 probe level? | Stop |
| Does 72.244.26.7 appear in rhosts, hosts.equiv or NFS exports files of hosts being probed? | No - untrusted |
| Targets' Netmask(s) | 255.255.255.0, 255.255.255.128, 255.255.255.192 |
| SNMP Community Strings | |
| Hosts allowed to be probed | |
| Hosts NOT to probe | |
| Use DNS nslookup or gethostbyname function to look up fully-qualified (host.domain) host names? | gethostbyname |
| Firewall mode? | No Firewall |
| Verify Password? | No |
| TCP ports to scan to determine whether a host is alive when firewall mode is enabled | 21, 22, 25, 53, 80, 139, 143, 443, 445, 515 |
| Display DOD-CERT Information Assurance Vulnerability Alert (IAVA) numbers? | No |
| Fast exclusions? | No |
| Should an e-mail alert be sent when scanning is completed? | No |
|
|
| |
|
|
|
 |
|
| |
|
|
 |
| |
|
|
|
|
|
|
