Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: [Dailydave] RE: Network Exploitation Tools aka ExploitationEngines
From: "Clement Dupuis" <cdupuis () cccure org>
Date: Sat, 4 Sep 2004 20:52:10 -0400

CANVAS is completely programmed in Python.

You can no only look at the exploit but also the interface :-)

As I have said in the past, core impact has more beautifying, more wrapping,
and more people behind it supporting it but at the price that CANVAS is
sold, you can definitively afford CANVAS and it does a great job.

There were some stability issues with the earlier version of CANVAS but
overall I have found that it was a great tool for what it is intended:
PENTEST

Core Impact has more features wrapped but you pay for these features such
has having NMAP integrated etc... etc...  One of the beef I had with core
impact was the fact that it was tied to specific version of WinPcap and you
were out of luck at time if you were running the latest version of NMAP with
the latest version of Winpcap.

Ask both vendors for a demo.  See for yourself, try it yourself, that's
probably the best way to find out which one better fill your needs.

Clement


-----Original Message-----
From: dailydave-bounces () lists immunitysec com [mailto:dailydave-
bounces () lists immunitysec com] On Behalf Of Kurt Seifried
Sent: Saturday, September 04, 2004 7:55 PM
To: Clarke, Tyronne (Contractor); pen-test () securityfocus com;
dailydave () lists immunitysec com
Cc: focus-ms () securityfocus com
Subject: Re: [Dailydave] RE: Network Exploitation Tools aka
ExploitationEngines

Based upon experienced findings during live testing, which product
provides
you with most clarity of comprehensive information( CANVAS or CORE
Impact? ). You >mentioned CANVAS allows you to look under the hood and
analyze the exploits but what about CORE Impact.


Core impact uses Python for the exploits, so you can look under the hood
quite easily so to speak.


Kurt Seifried, kurt () seifried org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave


------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]