We’ll start by discovering a few RADIUS client programs that have an integrated authenticator and supplicant functionality, which allow you to easily test and monitor your RADIUS server from within a program and also see the RADIUS server responses. Then we’ll check out programs to help you better understand and validate the RADIUS and 802.1X security vulnerabilities.
Radlogin is a free web-based RADIUS client, installable on Windows, Sparc Solaris, FreeBSD and Linux platforms. It’s developed by IEA Software, which also offers RADIUS servers and solutions. You can use Radlogin to simulate, debug and monitor most RADIUS and Network Access Servers (NAS).
Its testing functionality lets you simulate RADIUS authentication, accounting and CoA/Disconnect requests with custom fields, built in counter variables, random characters and pseudo session IDs. Its debugging functionality displays and validates the raw RADIUS attribute packet information from your NAS or RADIUS server. Its monitoring capabilities give you the ability to keep stats on up to hundreds of RADIUS servers and supports email alerts.
Radclient is an open source Linux-based RADIUS client command-line program, included with the FreeRADIUS server. You can send accounting, authentication, status, and disconnect packets to a RADIUS server via the command-line using the attributes you specify and it will show the replies.
You can type the attributes and values at the command-line or they can be pulled from a specified file. It then encodes these using the dictionary, encrypts the User-Password and CHAP-Password, and sends them to the remote server.
NTRadPing is a free RADIUS client program offered by MasterSoft, developer of the DialWays server. It’s available for Windows as a standalone or portable program that doesn’t require installation. It sends packets and displays the replies on the GUI. You can select preconfigured packet types and attributes, or define your own custom ones.
You can quickly input server, user, packet, and attribute details on the GUI. The RADIUS dictionary is defined in an included file and can be customized with vendor specific attributes if needed.
Once everything is set, hit send and you’ll see any replies. You can easily save all the settings and load them at a later time. It even has a Help button that gives you some pertinent info.
Radius Test by RadUtils is a Windows shareware RADIUS testing tool featuring a GUI and command-line access. Though not exactly a free product, you still may be able to use it for your needs before having to purchase a license. There’s a fully-functional 15-day trial before you must purchase a license for $29.95.
Like the other RADIUS client programs, it has integrated 802.1X authenticator functionality and serves as the NAS (access point) and supplicant (client). You can send simulated authentication and accounting requests to the RADIUS server and see the replies. You can create profiles to save authentication or accounting requests for various purposes. Additionally, you can repeat send packets, send packets in parallel and even schedule packets.
It supports a wide range of EAP types: EAP-MD5, EAP-MSCHAPV2, EAP-OTP, EAP-GTC, EAP-TLS, EAP-PEAP, EAP-TTLS, and EAP-LEAP.
RadPerf is offered free by Network RADIUS SARL, a consulting firm lead by one of FreeRADIUS’s founders. It’s a command-line RADIUS client program that runs on Windows, Mac OS X and Linux. It’s aimed at load-testing RADIUS servers to see if they’re production-ready and can handle the amount of traffic you require.
It generates the authentication and/or accounting packets at your desired rate, reading login credentials from a CSV file. You can use it to simulate traffic pikes, long-lived user sessions, and end-to-end user behavior. It also offers a report comparing the results against your accepted values and displays the total accepted packets per second.
EAPeak, developed by SecureState, is a Wi-Fi penetration tool designed to help network administrators and security consultants understand the vulnerabilities of their enterprise 802.1X-secured networks. It’s not designed to completely crack or hack a wireless network, but to retrieve details that could help professionals understand the weaknesses in the EAP authentication process.
It attempts to retrieve details on the exact EAP type used and clients logging into the network, including user names and identity strings that are sent in the clear. And with their Oct 2011 release, it shows details regarding what certificates the EAP types are using on the network and supports exporting the captured certificates.
XTest by Viper Lab is another 802.1X security assessment tool but designed for wired connections and is open source. Additionally, it goes a step further than EAPeak by offering the ability to run offline dictionary attacks against the user passwords. Furthermore if you unplug an authorized client, connect a hub, you can then capture and use a successful authentication of a valid 802.1X client to gain unauthorized access to a network. This was developed to help demonstrate weaknesses of 802.1X and understanding of general physical security risks.
FreeRADIUS Wireless Pwnage Edition (WPE)
FreeRADIUS Wireless Pwnage Edition (WPE) isn’t a program or tool, but a patch for the popular open source FreeRADIUS server. It can help demonstrate RADIUS vulnerabilities more quickly and easily by customizing the server configuration and adding some additional features. It simplifies the setup of FreeRADIUS and adds logging for WPE and many EAP types. Installation details and security presentation are given on the project site and a tutorial on putting it into practice is offered on another site.