Netcat is known as the network Swiss army knife of testing tools. A command line tool for reading and writing data across TCP and UDP connections, it can create nearly any connection needed in either direction, making it invaluable for exploring networks and servers during penetration testing. It is a perfect tool for setting up back doors and may be called from other programs. Thus your use of the tool may be automated or scripted. A wide range of Netcat derivatives now exist for specialized applications such as SSL or portable thumb drive based use.
Kismet wireless sniffer
Kismet, a powerful 802.11 (layer 2) wireless detection program, serves as your reconnaissance tool for wireless hosts. Kismet identifies potential wireless targets for exploitation. When viewing its logs, look first for access points that are not encrypted, and then for those using default configurations.
Unlike other wireless sniffers Kismet uses any wireless card that uses rfmon (raw monitoring) mode. This offers flexibility over other solutions. Kismet is capable of capturing both beaconing and nonbeaconing networks. The interface is neat and clean and allows for easy drill down for advanced information on a particular network. Its most interesting feature may be the ability to use Kismet with a GPS system to create maps of wireless networks.
Assuming that all of your wireless systems are using some type of encryption, you’ll need some way to crack them. The best method is to use TCPDump or WinDump to capture large amounts of traffic to the access point under test. You can then bring the resulting data set into Aircrack to attempt decryption of the communications to the access point.
Aircrack WLAN cracker
Aircrack is a password cracking program for use with both WEP and WPA networks. It needs a large enough
Click for larger view.
Two new tools have been added to the suite recently that allow for encrypted packet creation and virtual tunnels. Aircrack may also be installed in a virtual machine.
Aircrack supports a wide range of wireless cards, though a new driver or patch may be required for your card. Combining both a Windows GUI and command line interfaces, Aircrack is nevertheless easy to navigate.
Aircrack is another tool that requires some time to master, but given the reliance of wireless networks in today's enterprise may prove invaluable to your team.