The Ethical Hacker Network - SecurityForest: Another Exploit Framework

don

Editor-In-Chief
Administrator
Hero Member

Offline

Posts: 4165

Editor-In-Chief

SecurityForest: Another Exploit Framework

« on: May 17, 2006, 03:58:14 PM »

Quote

SecurityForest's Exploitation Framework is similar in concept to the open-source Metasploit Framework and the commercial offerings such as Immunity's CANVAS and Core Security Technology's Impact.

The major difference between the above mentioned frameworks and the SecurityForest Exploitation Framework is that it leverages the massive amount of exploits available in the ExploitTree. These exploits are publically available and do not have to be re-written to be used in the framework (no matter what language and sometimes no matter what OS).

It basically acts as a Graphical User Interface to the ExploitTree which is dynamically updated at the same time as the ExploitTree.

The above mentioned frameworks are great and the Exploitataion Framework doesn't even compare to them on a technical level, it just fills the gap.

The Exploitation Framework is provided for legal penetration testing and research purposes only.

http://www.securityforest.com/wiki/index.php/Exploitation_Framework

Don


« Last Edit: May 17, 2006, 04:00:18 PM by don »	Logged

CISSP, MCSE, CSTA, Security+ SME

Dengar13

Sr. Member

Offline

Posts: 380

Re: SecurityForest: Another Exploit Framework

« Reply #1 on: May 17, 2006, 04:19:43 PM »

Awesome Don! This is just what I needed. I had a pen-test last night and this would have been great to use.


	Logged

A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!

pcsneaker

Jr. Member

Offline

Posts: 73

Re: SecurityForest: Another Exploit Framework

« Reply #2 on: May 21, 2006, 11:26:40 AM »

I would'nt say that this framework is awesome.

After having a look at this I have to say that there is still a lot of work for the maintainers and the community to do before that framework becomes useable.

If you download the exploit tree you get about 2000 exploits (statistcs give you that number) but in the framework there are definitions for about 20 of them - that means that you can use that 20 out of the box.

If you want to use others you have to add them to the framework - the problem is that there is no documentation of the whole system (at least I could not find it) so you have to figure out yourself if there is the exploit you want to use and after that how to add it to the framework.

Furthermore the website is a little bit confusing - after having downloaded the exploit tree iit took me a while to find where to download the framework.

The idea is not bad but it really needs at least a minimum of documentation to be useable in a pentest...


	Logged

MCSA:Security (W2k, W2k3)
MCSE:Security (W2k, W2k3)
CPTS, Network+

Dengar13

Sr. Member

Offline

Posts: 380

Re: SecurityForest: Another Exploit Framework

« Reply #3 on: May 21, 2006, 03:58:37 PM »

There is a section where you can download and add expolits and you can add your own custom ones if you wanted to. This should be a great tool once there is more documentation and expolits to choose from.


	Logged

A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!

Pages: [1] Go Up

« previous next »