Auditor Security Collection
team has just put out a new release. The Auditor Security Collection is a Knoppix-based live CD with a huge selection of security tools
that can be used for security audits and penetration testing.
The latest release includes two different ISO images -- one for systems with Intel B/G wireless cards, and one without.
We tried Auditor on a workstation and notebook computer. Auditor detected all of the hardware, even the wireless card in the notebook, flawlessly. Unlike Knoppix, Auditor does not automatically attempt to get an IP address by DHCP on boot -- the user must do this manually.
There are far too many applications included with Auditor to go into each one individually. The CD includes several classes of applications, found on the KDE menu in the "Auditor" menu. The menu classes include "Footprinting," "Scanning," "Analyzer," "Spoofing," "Bruteforce," "Forensics" and "Password cracker." Suffice it to say that Auditor includes a comprehensive list of tools for any user who needs to perform a security audit.
Of course, Auditor could be applied to less-than-honest endeavors as well. Using Auditor, we were able to quickly start up EtherApe to start monitoring network traffic on our LAN, use Dsniff to scan for passwords sent over the network, and run Nessus to scan for vulnerabilities. Given a laptop, wireless card and close proximity to a unprotected (or under-protected) wireless network, and a user could walk away with quite a few passwords and usernames just by casual browsing.
In addition to scanning and penetration testing, Auditor would come in handy for forensics on compromised computers with tools like Wipe, Sleuthkit, recover and testdisk. Auditor also includes a decent selection of normal productivity tools, which will come in handy for admins and security consultants to produce full reports on the same machine they use for scanning and penetration testing. Auditor includes several text editors, image capture tools, and even vnc2swf for users who need to make Flash movies of their tests.
The Remote-Exploit website also has links to Flash movies demonstrating various uses of the Auditor Security Collection, including cracking 128-bit WEP and decrypting SSL traffic using a Man in the Middle attack.
In short, Auditor is a one-stop shop for Linux users who want a full selection of security testing tools. We'd recommend that any system administrator take a look at Auditor, and consider adding it to their security tool chest. If nothing else, it should provide an eye-opener as to what kinds of easy-to-use tools are available to potential attackers.
to post comments)