Penetration Testing mailing list archives

Re: Network Exploitation Tools

From: <darbean () cetin net cn>
Date: 23 Aug 2004 08:49:21 -0000

In-Reply-To: <200408191906.45416@M3T4>

On Thursday 19 August 2004 02:08, darbean () cetin net cn wrote:

According to
http://www.metasploit.com/bh/metasploit.pdf
you captured all, for now.


According to
http://www.metasploit.com/confs/core04/core04_metasploit.pdf
you didn't captured all, for now :)
It said: "Handful of open source projects" in page 7.


Spoonm and I debated this bullet and core04 and finally removed it for 
Black Hat. There are a handful of open-source exploit framework >projects, but none of them have been released yet. A 
couple of them are 
fuzzing/exploit frameworks, another one is a complete pen-test framework 
(exploits are just a component), and still others are combinations of


Would you please give me any hints for the keyword to search the so-called "fuzzing/exploit frameworks" and "complete 
pen-test framework" as you mentioned? I am interested and just can't find what you mentioned by google :( As I known, 
Core Impact had ever declared to be an "Automated Pen-test Framework" in its early version. In the meaning of covering 
the whole proceeding of pen-test from scanning to exploiting, "exploits framework" should be the main important part of 
"pen-test framework".

libraries and templates for adapting public code. It depends on your 
definition I guess, as far as "network exploitation tools" go, Andy 
already summed up the only useful options (FluXaY has exploits, but they 
are somewhat outdated).


In my opinions, FluXay is rather a vulnerability scanner (like Nessus)  than an "exploits framework". Exploits in 
FlyXay are just accessory components.

I am so appreciated for your magic Metasploit and other helpful information :-)

Regards

Darbean

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
-------------------------------------------------------------------------------

Current thread:

Network Exploitation Tools Andy Cuff (Aug 17)
- <Possible follow-ups>
- RE: Network Exploitation Tools Yonatan Bokovza (Aug 18)
- Re: Network Exploitation Tools darbean (Aug 19)
  - Re: Network Exploitation Tools H D Moore (Aug 20)
- Re: Network Exploitation Tools darbean (Aug 20)
- Re: Network Exploitation Tools darbean (Aug 23)