- CANVAS (proprietary)
- Exploit gallery and development framework
- Core Impact (proprietary)
- All-inclusive automated testing framework
- Nmap with custom scripts
- Can used for • footprinting • scanning • vulnerability analysis
- Also to carry out attacks e.g. as DoS tool
- Automated testing cannot fully replace manual testing but as it has its own advantages and disadvantages
- Automated testing advantages
- Help the initial analysis to understand where potential vulnerabilities exist
- Enable the testers to build efficient exploit strategies to confirm the security vulnerabilities and weaknesses.
- Same pen test multiple times from different entry points
- Reduces costs
- Automated testing disadvantages
- It can miss unforeseen instances
- Usually works from "inside" of the network
- Fails to work in complex scenarios
- Usually does not exploit the vulnerabilities
- Not as creative as humans (yet 😉) in e.g. social engineering
- 📝 Framework for building and performing exploit attacks against targets.
- Source code | Website
- Modular architecture allowing code re-use instead of copying or re-implement on a per-exploit basis
- Developing and executing exploit code against a remote target machine.
- Database of vulnerabilities and platform to execute different exploits for them.
- Fuzzing tools to discover vulnerabilities
- Automated exploitation of known vulnerabilities such as weak passwords for e.g. Telnet, SSH, HTTP.
- Manual exploitation and manual brute forcing
- Zenmap (Nmap GUI)
- Web application testing (OWASP Top 10)
- Dynamic payloads for anti-virus evasion
- Has web interface
- 💡📝 A free alternative is Armitage that's open-source GUI.
- 📝 Payload that provides control over an exploited target system
- Runs as a DLL loaded inside of any process on a target machine
- Resides entirely in memory and writes nothing to disk
- Generates stand-alone payload
- 📝 Combines
- Payload generation (old tool:
msfpayload
)-p <payload-name>
e.g.-p windows/meterpreter/bind_tcp
-f <format>
e.g.-f exe
or-f raw
(shellcode)
- Encoding (old tool:
msfencode
)- Used to avoid antivirus detection
- Done by
-b
or-e
flags -i <number>
allows encoding multiple times for more stealth
- Payload generation (old tool:
- E.g.
msfvenom -a x86 --platform Windows -p windows/shell/bind_tcp -e x86/shikata_ga_nai -b '\x00' -f python
- See also msfvenom | Hiding files
- All-in-one centralized console for all of the options available in the MSF
- Contains the most features and is the most stable MSF interface
- E.g. flow for using unreal exploit:
- Run
msfconsole
- You can search for a service e.g.
unrealirc
- ❗Disclosure date is not same as when vulnerability found, it can be before but not published.
- Use with
use exploit/unix/irc/unreal_ircd_3281_backdoor
- There can be multiple payloads, check with
show payload
and then set withset PAYLOAD <name>
- Set required options (
show options
to list) andset <option-name> <option-value>
to set
- There can be multiple payloads, check with
- Run exploit using
exploit
- Hopefully you'll end up in terminal session as root :)
- Run