RE: RE: Network Exploitation Tools aka ExploitationEngines

["Clement Dupuis" <cdupuis () cccure org>]

CANVAS is completely programmed in Python.

You can no only look at the exploit but also the interface :-)

As I have said in the past, core impact has more beautifying, more wrapping,
and more people behind it supporting it but at the price that CANVAS is
sold, you can definitively afford CANVAS and it does a great job.

There were some stability issues with the earlier version of CANVAS but
overall I have found that it was a great tool for what it is intended:
PENTEST

Core Impact has more features wrapped but you pay for these features such
has having NMAP integrated etc... etc...  One of the beef I had with core
impact was the fact that it was tied to specific version of WinPcap and you
were out of luck at time if you were running the latest version of NMAP with
the latest version of Winpcap.

Ask both vendors for a demo.  See for yourself, try it yourself, that's
probably the best way to find out which one better fill your needs.

Clement


> -----Original Message-----
> From: dailydave-bounces () lists immunitysec com [mailto:dailydave-
> bounces () lists immunitysec com] On Behalf Of Kurt Seifried
> Sent: Saturday, September 04, 2004 7:55 PM
> To: Clarke, Tyronne (Contractor); pen-test () securityfocus com;
> dailydave () lists immunitysec com
> Cc: focus-ms () securityfocus com
> Subject: Re: [Dailydave] RE: Network Exploitation Tools aka
> ExploitationEngines
>
> > Based upon experienced findings during live testing, which product
> provides
> > you with most clarity of comprehensive information( CANVAS or CORE
> > Impact? ). You >mentioned CANVAS allows you to look under the hood and
> > analyze the exploits but what about CORE Impact.
>
>
> Core impact uses Python for the exploits, so you can look under the hood
> quite easily so to speak.
>
>
> Kurt Seifried, kurt () seifried org
> A15B BEE5 B391 B9AD B0EF
> AEB0 AD63 0B4E AD56 E574
> http://seifried.org/security/
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunitysec com
> http://www.immunitysec.com/mailman/listinfo/dailydave


------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave