And add the fuzzer for SQL and PHP, the ease of pentesting through mail
either using attachments or links, the SDK to add your own modules and
the toolbox Core Security has added into Impact.
Talking about the exploits themselves is so wrong when discussing these
frameworks.
And as Erin is pointing out, some of the exploits has a huge amount of
targets...
This doesn't mean I don't like or use Metasploit, Canvas or any
other...I just want to point out that the quality of a product is not
based a number, and Core Impact has proven its quality many times, and
in many ways.
Erin Carroll wrote:
On Tue, 26 Feb 2008, Andre Gironda wrote:
Core Impact is fine, but what about the other 400 exploits packaged
with CANVAS, Gleg/Argeniss, and Metasploit? I haven't even included
the CANVAS sharing alliance or D2 pack statistics, which I don't
really have readily available. Core Impact barely has 200 exploits
all by itself.
Core is currently at 463 modules with 661 exploit target entry points.
But your point about other applications to look at is valid,
especially Canvas. Metasploit is great when you want to play with the
code guts etc but if you require spiffy reports it is not the app's
forte.
Just sayin'
--
Erin Carroll
Moderator, SecurityFocus pen-test mailing list
"Do Not Taunt Happy-Fun Ball"
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
