RE: WHERE DO YOU KEEP YOUR EXPLOIT ARCHIVE AND DATABASE

["Jerry Shenk" <jshenk () decommunications com>]

The whoopix live CD has a TON of stuff on it.  You might want to throw
that in your arsenal.  Obviously it won't have everything but, it does
have quite a bit.  One downside for what you're doing is that the entire
CD is an image so getting the files without booting the CD is more
difficult.  You might want to boot the CD, pull off the pentest library
and put that uncompressed on another CD that could be easily popped into
any running machine.

http://www.whoppix.net/download.php


-----Original Message-----
From: Steve A [mailto:steve () logicallysecure org] 
Sent: Thursday, February 10, 2005 8:52 PM
To: pen-test () securityfocus com
Subject: WHERE DO YOU KEEP YOUR EXPLOIT ARCHIVE AND DATABASE


Please excuse this pen testing admin type question . . . .
 
We are looking to undertake a series of penetration tests in areas that
preclude easy access to the internet (you know searching etc on the way
in and limited media movement both in and out).  
 
Now, although we keep our proven exploits with us on read only media, I
was wondering how others manage to identify what is exploitable and what
is not especially as you never know what you are going to find.
Basically, I am looking to build a database (hosting software tbd) and
was looking to see how others have tackled the problem of so many
exploits/vulnerabilities being out there and knowing what notices to
include and what to exclude.
 
Thanks
 
Steve A