.

SecurityForest: Another Exploit Framework

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed May 17, 2006 3:58 pm

SecurityForest: Another Exploit Framework

SecurityForest's Exploitation Framework is similar in concept to the open-source Metasploit Framework and the commercial offerings such as Immunity's CANVAS and Core Security Technology's Impact.

The major difference between the above mentioned frameworks and the SecurityForest Exploitation Framework is that it leverages the massive amount of exploits available in the ExploitTree. These exploits are publically available and do not have to be re-written to be used in the framework (no matter what language and sometimes no matter what OS).

It basically acts as a Graphical User Interface to the ExploitTree which is dynamically updated at the same time as the ExploitTree.

The above mentioned frameworks are great and the Exploitataion Framework doesn't even compare to them on a technical level, it just fills the gap.

The Exploitation Framework is provided for legal penetration testing and research purposes only.


http://www.securityforest.com/wiki/inde ... _Framework

Don
Last edited by don on Wed May 17, 2006 4:00 pm, edited 1 time in total.
CISSP, MCSE, CSTA, Security+ SME
<<

Dengar13

User avatar

Sr. Member
Sr. Member

Posts: 380

Joined: Tue Sep 20, 2005 8:43 am

Location: The Steel City

Post Wed May 17, 2006 4:19 pm

Re: SecurityForest: Another Exploit Framework

Awesome Don!  This is just what I needed.  I had a pen-test last night and this would have been great to use.
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
<<

pcsneaker

Jr. Member
Jr. Member

Posts: 73

Joined: Mon Nov 07, 2005 12:23 pm

Post Sun May 21, 2006 11:26 am

Re: SecurityForest: Another Exploit Framework

I would'nt say that this framework is awesome.

After having a look at this I have to say that there is still a lot of work for the maintainers and the community to do before that framework becomes useable.

If you download the exploit tree you get about 2000 exploits (statistcs give you that number) but in the framework there are definitions for about 20 of them - that means that you can use that 20 out of the box.

If you want to use others you have to add them to the framework - the problem is that there is no documentation of the whole system (at least I could not find it) so you have to figure out yourself if there is the exploit you want to use and after that how to add it to the framework.

Furthermore the website is a little bit confusing - after having downloaded the exploit tree iit took me a while to find where to download the framework.

The idea is not bad but it really needs at least a minimum of documentation to be useable in a pentest...
MCSA:Security (W2k, W2k3)
MCSE:Security (W2k, W2k3)
CPTS, Network+
<<

Dengar13

User avatar

Sr. Member
Sr. Member

Posts: 380

Joined: Tue Sep 20, 2005 8:43 am

Location: The Steel City

Post Sun May 21, 2006 3:58 pm

Re: SecurityForest: Another Exploit Framework

There is a section where you can download and add expolits and you can add your own custom ones if you wanted to.  This should be a great tool once there is more documentation and expolits to choose from. 
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!

Return to Tools

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software