HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 21 guests and 3 members online
EH-Net Donations

Enter Amount:
$
Google Ads
EH-Net News Feeds
Latest Additions
Book Recommendations



 
Advertisement

You are here: Home arrow Forum arrow Resourcesarrow Toolsarrow SecurityForest: Another Exploit Framework
Ethical Hacker Community Forums
January 08, 2009, 10:11:54 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: ChicagoCon 2009 - May 4 - 9. Boot Camps & an Ethical Hacking Conf. www.chicagocon.com
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: SecurityForest: Another Exploit Framework  (Read 2600 times)
0 Members and 1 Guest are viewing this topic.
don
Editor-In-Chief
Administrator
Hero Member
*****
Online Online

Posts: 2441


Editor-In-Chief


View Profile WWW
« on: May 17, 2006, 03:58:14 PM »
Quote
SecurityForest's Exploitation Framework is similar in concept to the open-source Metasploit Framework and the commercial offerings such as Immunity's CANVAS and Core Security Technology's Impact.

The major difference between the above mentioned frameworks and the SecurityForest Exploitation Framework is that it leverages the massive amount of exploits available in the ExploitTree. These exploits are publically available and do not have to be re-written to be used in the framework (no matter what language and sometimes no matter what OS).

It basically acts as a Graphical User Interface to the ExploitTree which is dynamically updated at the same time as the ExploitTree.

The above mentioned frameworks are great and the Exploitataion Framework doesn't even compare to them on a technical level, it just fills the gap.

The Exploitation Framework is provided for legal penetration testing and research purposes only.

http://www.securityforest.com/wiki/index.php/Exploitation_Framework

Don
« Last Edit: May 17, 2006, 04:00:18 PM by don » Logged
CISSP, MCSE, CEH, Security+ SME
Dengar13
Full Member
***
Offline Offline

Posts: 224



View Profile
« Reply #1 on: May 17, 2006, 04:19:43 PM »
Awesome Don!  This is just what I needed.  I had a pen-test last night and this would have been great to use.
Logged
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
pcsneaker
Jr. Member
**
Offline Offline

Posts: 73


View Profile
« Reply #2 on: May 21, 2006, 11:26:40 AM »
I would'nt say that this framework is awesome.

After having a look at this I have to say that there is still a lot of work for the maintainers and the community to do before that framework becomes useable.

If you download the exploit tree you get about 2000 exploits (statistcs give you that number) but in the framework there are definitions for about 20 of them - that means that you can use that 20 out of the box.

If you want to use others you have to add them to the framework - the problem is that there is no documentation of the whole system (at least I could not find it) so you have to figure out yourself if there is the exploit you want to use and after that how to add it to the framework.

Furthermore the website is a little bit confusing - after having downloaded the exploit tree iit took me a while to find where to download the framework.

The idea is not bad but it really needs at least a minimum of documentation to be useable in a pentest...
Logged
MCSA:Security (W2k, W2k3)
MCSE:Security (W2k, W2k3)
CPTS, Network+
Dengar13
Full Member
***
Offline Offline

Posts: 224



View Profile
« Reply #3 on: May 21, 2006, 03:58:37 PM »
There is a section where you can download and add expolits and you can add your own custom ones if you wanted to.  This should be a great tool once there is more documentation and expolits to choose from. 
Logged
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.7 | SMF © 2006-2007, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.034 seconds with 24 queries.
 
Sponsors

cwnp_moto__120x90.gif

Polls
How many security events including conferences and training do you attend a year:
 
Support EH-Net

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.
cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2009 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.