Spoofing Tools
The Auditor collection includes many spoofing tools designed to spoof ARP, DNS, DHCP, ICMP, UDP/TCP/IP, Cisco routing protocols, and Wake on LAN (WOL) protocols. Spoofing tools let you generate for testing purposes (e.g., for checking a firewall or Intrusion Detection System—IDS—rule) most types of packets used for subverting or exploiting vulnerable systems. Use the graphical IP Sorcery Packet Generator or the command-line tools Nemesis or Hping2 to generate most types of TCP/UDP packets from the command line. You can spoof not only the source and destination IP address and port but also many packet characteristics (e.g., you can create a TCP packet with the SYN flag or FIN flags set, you can create a packet of a certain size). For example, use Hping2 to create a custom packet designed to trip a specialized IDS rule that might otherwise be difficult to test.
You can use Auditor to set up basic penetration-testing labs. For example, set up a DNS server, a client computer, and an "attacker" system that runs Auditor. On the attacker, run Arpspoof to impersonate the DNS server's IP address. Also on the attacker, run Dnsspoof with a HOSTS file that contains bogus name-to—IP address mappings. From the client computer, try pinging a legitimate host on your network. Arpspoof will intercept the ARP broadcast for the real DNS server and replace it with the attacker's MAC address. The client will initiate a connection with the attacker to make its DNS query. Dnsspoof on the attacker will answer the request instead of the real DNS server. Many more scenarios are possible and let you get the experience you need to prepare for (or simply learn about) these types of attacks. Of course, try out such experiments on test systems only, and only with the blessings of your manager.
Bluetooth and Wireless Tools
The Auditor collection also includes a Bluetooth scanner and several wireless scanners and auditing tools. To use these wireless scanning programs, configure a wireless connection using a compatible Wi-Fi card, then run one of the wireless scanners such as Kismet or Wellenreiter to log Wi-Fi packets and perform basic Wi-Fi packet analysis. Kismet presents you with detected Wi-Fi clients and wireless Access Points (APs) and reports the type, Service Set Identifier (SSID), and whether the packet is encrypted, among other settings. Auditor also includes several WEP and Light Extensible Authentication Protocol (LEAP) encryption-cracking tools that can demonstrate the importance of using WPA and Temporal Key Integrity Protocol (TKIP) to secure your wireless network. Other tools include a management-packet spoofer, a tool to change your MAC address, and an AP- emulation utility.
Bruteforce and Password-Cracking Tools
Auditor's "bruteforce" tools comprise a collection of attack tools designed to gain entry by hammering programs with an onslaught of character combinations and password files until they find the correct combination. These programs attempt to penetrate applications that use HTTP, LDAP, SMB, SNMP, Secure Shell (SSH), or Virtual Network Computing (VNC). The password-cracking tools include several open-source password-auditing tools that can be used to penetrate weaker Windows passwords or password-protected .zip files.
Other Programs
Auditor's Applications folder contains links to Mozilla's Firefox and Dillo Web browsers, the Gftp FTP client, the Gimp graphics program, and the Gedit text editor. Nearly all these tools can be launched from the Go menu.
The Utilities directory also contains a number of useful tools. You can use Xpdf to view PDF documents; use Rdesktop to launch remote desktop sessions on Windows computers; or use Xvncviewer to launch remote desktop sessions on other VNC-enabled computers. This directory also contains the Coolman manpage viewer, which is useful for reviewing documentation, and the X Northern Captain file manager.
The Documentation directory contains links to the man files for most of the included tools. The documentation is generally the same as that available with each tool and thus varies in depth depending on the tool. Some tools' documentation includes pages of detailed description; others consists of a simple paragraph showing the command and supported parameter switches.
In a Nutshell
All the tools that you'll find in the Auditor security collection are freely available separately on the Internet, but Auditor brings all these tools together in one easy-to-use package. The tools are ones that you should become familiar with. Several of them can be used against you, and their ready availability makes it especially important to be able to recognize them and even use them in your test environment so that you know how to keep this from happening.