Penetration Testing mailing list archives
RE: WHERE DO YOU KEEP YOUR EXPLOIT ARCHIVE AND DATABASE
From: "Jerry Shenk" <jshenk () decommunications com>
Date: Fri, 11 Feb 2005 11:13:44 -0500
The whoopix live CD has a TON of stuff on it. You might want to throw that in your arsenal. Obviously it won't have everything but, it does have quite a bit. One downside for what you're doing is that the entire CD is an image so getting the files without booting the CD is more difficult. You might want to boot the CD, pull off the pentest library and put that uncompressed on another CD that could be easily popped into any running machine. http://www.whoppix.net/download.php -----Original Message----- From: Steve A [mailto:steve () logicallysecure org] Sent: Thursday, February 10, 2005 8:52 PM To: pen-test () securityfocus com Subject: WHERE DO YOU KEEP YOUR EXPLOIT ARCHIVE AND DATABASE Please excuse this pen testing admin type question . . . . We are looking to undertake a series of penetration tests in areas that preclude easy access to the internet (you know searching etc on the way in and limited media movement both in and out). Now, although we keep our proven exploits with us on read only media, I was wondering how others manage to identify what is exploitable and what is not especially as you never know what you are going to find. Basically, I am looking to build a database (hosting software tbd) and was looking to see how others have tackled the problem of so many exploits/vulnerabilities being out there and knowing what notices to include and what to exclude. Thanks Steve A
Current thread:
- WHERE DO YOU KEEP YOUR EXPLOIT ARCHIVE AND DATABASE Steve A (Feb 11)
- RE: WHERE DO YOU KEEP YOUR EXPLOIT ARCHIVE AND DATABASE Jerry Shenk (Feb 11)
- <Possible follow-ups>
- Re: WHERE DO YOU KEEP YOUR EXPLOIT ARCHIVE AND DATABASE K-OTiK Security (Feb 13)