Re: Pentesting tool - Commercial

And add the fuzzer for SQL and PHP, the ease of pentesting through mail either using attachments or links, the SDK to add your own modules and the toolbox Core Security has added into Impact.

Talking about the exploits themselves is so wrong when discussing these frameworks.
And as Erin is pointing out, some of the exploits has a huge amount of targets...

This doesn't mean I don't like or use Metasploit, Canvas or any other...I just want to point out that the quality of a product is not based a number, and Core Impact has proven its quality many times, and in many ways.

Erin Carroll wrote:
On Tue, 26 Feb 2008, Andre Gironda wrote:

Core Impact is fine, but what about the other 400 exploits packaged
with CANVAS, Gleg/Argeniss, and Metasploit? I haven't even included
the CANVAS sharing alliance or D2 pack statistics, which I don't
really have readily available. Core Impact barely has 200 exploits
all by itself.

Core is currently at 463 modules with 661 exploit target entry points. But your point about other applications to look at is valid, especially Canvas. Metasploit is great when you want to play with the code guts etc but if you require spiffy reports it is not the app's forte.

Just sayin'

--
Erin Carroll
Moderator, SecurityFocus pen-test mailing list
"Do Not Taunt Happy-Fun Ball"

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Relevant Pages

  • Re: Core Impact vs. Canvas vs. Metasploit
    ... - Metasploit & CANVAS work awesome, but lack the report features of CORE IMPACT ... Download FREE whitepaper on how a managed service can ... Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. ...
    (Pen-Test)
  • RE: [Dailydave] RE: Network Exploitation Tools aka ExploitationEngines
    ... Ooops I forgot my disclaimer in my last message about Core versus CANVAS. ... My opinion of CANVAS and Core Impact are strictly personal and not ... Ethical Hacking at the InfoSec Institute. ... learn to write exploits and attack security infrastructure. ...
    (Pen-Test)
  • Re: Pentesting tool - Commercial
    ... with CANVAS, Gleg/Argeniss, and Metasploit? ... the CANVAS sharing alliance or D2 pack statistics, ... Metasploit is great when you want to play with the code guts etc but if you require spiffy reports it is not the app's forte. ...
    (Pen-Test)
  • RE: [Dailydave] RE: Network Exploitation Tools aka ExploitationEngines
    ... CANVAS is completely programmed in Python. ... As I have said in the past, core impact has more beautifying, more wrapping, ...
    (Pen-Test)
  • Re: [Full-disclosure] Exploit for MS06-040 Out?
    ... Core Impact and Canvas both have exploits out. ... On Wednesday 09 August 2006 13:10, Matt Davis wrote: ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)