Category:Exploitation Framework
From SecurityForest
Exploitation frameworks are applications that allow for the automated exploitation of vulnerable systems. Typically, corporations use these frameworks to perform penetration testing on their internal systems. However, hackers also frequently take advantage of the automated test-and-penetrate mechanisms that these frameworks offer.
Exploitation Frameworks
- Metasploit - http://www.metasploit.com/
Open-source platform for developing, testing, and using exploit code
- Metasploit took the security world by storm when it was released in 2004. No other new tool even broke into the top 15 of this list, yet Metasploit comes in at #5, ahead of many well-loved tools that have been developed for more than a decade. It is an advanced open-source platform for developing, testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits, as you can see in their online exploit building demo. This makes writing your own exploits easier, and it certainly beats scouring the darkest corners of the Internet for illicit shellcode of dubious quality. Similar professional exploitation tools, such as Core Impact and Canvas already existed for wealthy users on all sides of the ethical spectrum. Metasploit simply brought this capability to the masses.
- Core Impact - http://www.coresecurity.com/?module=ContentMod&action=item&id=32 CORE IMPACT is the first automated, comprehensive penetration testing product for assessing specific information security threats to an organization
- Core Impact isn't cheap (be prepared to spend tens of thousands of dollars), but it is widely considered to be the most powerful exploitation tool available. It sports a large, regularly updated database of professional exploits, and can do neat tricks like exploiting one machine and then establishing an encrypted tunnel through that machine to reach and exploit other boxes. If you can't afford Impact, take a look at the cheaper Canvas or the excellent and free Metasploit Framework. Your best bet is to use all three.
- CANVAS - http://www.immunitysec.com/products-canvas.shtml Immunity's CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide
- Canvas is a commercial vulnerability exploitation tool from Dave Aitel's ImmunitySec. It includes more than 150 exploits and is less expensive than Core Impact, though it still costs thousands of dollars. You can also buy the optional VisualSploit Plugin for drag and drop GUI exploit creation. Zero-day exploits can occasionally be found within Canvas.
- SecurityForest's Exploitation Framework - http://www.securityforest.com/wiki/index.php/Exploitation_Framework SecurityForest's very own , exploitation framework
- SecurityForest's Exploitation Framework is similar in concept to the open-source Metasploit Framework and the commercial offerings such as Immunity's CANVAS and Core Security Technology's Impact .The major difference between the above mentioned frameworks and the SecurityForest Exploitation Framework is that it leverages the massive amount of exploits available in the ExploitTree. These exploits are publically available and do not have to be re-written to be used in the framework (no matter what language and sometimes no matter what OS).
It basically acts as a Graphical User Interface to the ExploitTree which is dynamically updated at the same time as the ExploitTree.
