Also, from the more practical tools stand
point, do you guys just have everything loaded on one "attack" laptop.
Dual boot, or VmWare?
PHLAK is my favorite it has lots of great features. It is a Knoppix core
with a whole bunch of tools added (and some redundant stuff taken out)
Give this a try, not really an exploit archive, but since everyone is
giving their favorite live-cds, I thought I would share mine.
www.phlak.org Professional Hackers Linux Assault Kit
What security tools does PHLAK have?
Debian Packages:
aide, airsnort, amap, argus-client, argus-server, arpd, arping,
arpwatch, autopsy, bfbtester, biew, bing, cabextract, cflow, cheops,
chkrootkit, chntpw, cracklib2, cryptcat, darkstat, dlint, dnswalk,
driftnet, dsniff, echoping, etherape, ethereal, ethereal-commo,
ethereal-dev, ettercap-commo, ettercap-gtk, farpd, fenris, flawfinder,
fping, fragroute, fragrouter, freeswan, ftp-ssl, gdb, gnupg, gtkrecover,
hammerhead, hping2, httptunnel, httpush, hunt, icmpinfo, icmpush,
idswakeup, ipchains, iproute, iptraf, iputils-ping, irpas, isic, john,
kismet, l2tpd, lde, libcrypt-blowf, libcrypt-cbc-p, libcrypt-ciphe,
libcrypt-crack, libcrypt-gpg-p, libcrypt-hcesh, libcrypt-passw,
libcrypt-rijnd, libcrypt-smbha, libcrypt-sslea, libcrypt-unixc,
libcrypto++-de, libcrypto++-ut, libcrypto++5, lsof, ltrace, macchanger,
mtr, nasm, nast, nbtscan, nemesis, nessus, nessus-plugins, nessusd,
netsed, ngrep, nikto, nmap, nmapfe, nstreams, ntop, openssl, p0f,
packit, paketto, partimage, pnscan, pptpd, rarpd, recover, scanssh,
scli, secpanel, sendip, sing, sleuthkit, smb-nat, socat, spikeprox,
splint, ssh, ssh-askpass-gn, ssldump, strace, stunnel, stunnel4, sudo,
tcpdump, tcpflow, tcpreplay, tcpslice, tcptrace, tethereal, transproxy,
tsocks, valgrind, wipe
Hand-compiled Packages
01-sdi-brutus-eng.pl, ADM-SAMBA-CLIENT, ADMsnmp, SPIKE, WAP_Assessment,
babelweb, cmospwd, dcetest, dcfldd, dd_rescue, ddb-sfe, di,
domainobsencontroll, fatback, ffp, grenzgaenger, hackbot, hellkit,
hjksuite, hydra, ipsorc, isnprober, itunnel, lcrzeox, lj, login_hacker,
mac-robber, manipulate_data, md5deep, memfetch, netcat(compiled
statically with Big-Gaping Security Hole), numby, obiwan, objobf,
ol2mbox, onesixtyone, pandora-linux, photorec, pwl9x, rda, redir,
reverb, revinetd, samba-tng, sara, screamingCobra, secure_delete,
sharefuzz, shiva, slogdump, snapscreenshot, tarballz, tct, thcrut, tnef,
vmap, walker, wardrive, whisker, zylyx
Windows Packages (using wine)
achillies, AINTX, brutus, THC-CUPASS, ispy, nbtdump, photorec, md5deep,
pdd
Thanks,
George Lantz
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
