Immunity was founded in 2002 and was immediately noticed for its breakthrough technologies and industry recognized team. Immunity has since evolved into a global leader in the assessment and penetration testing space. Immunity is known for its aggressive and real-world approach to assessment. By maintaining its independence from external investors, Immunity has grown its unique technology offerings and consulting services based on customer demand.

A concentration on purely offensive techniques and technologies distinguishes Immunity from other professional organizations who attempt to address both offensive and defensive security postures in their service or product lines. Immunity's employees are motivated by a desire to develop new penetration technologies including exploits, implants, and evasion techniques. Immunity's product line remains focused on attack and penetration.

E-SPIN and Immunity

E-SPIN have actively in promoting Immunity full range of products and technologies as part of the company Vulnerability Management solution portfolio - for vulnerability and exploitation testing, reseach, development. E-SPIN is active in provide consulting, supplying, training and maintaining Immunity products for the enterprise, government and military customers (or distribute and resell as part of the complete package) on the region E-SPIN do busineses. The enterprise range from university teaching exploitation to IT security professionals on the vulnerability assessment, penetration testing, or IT security company on the security software development to test against any exploitable vulnerabilities exist in their secure application or cyber security / cyber warfare / military security defense applications.

Please feel free to contact E-SPIN for your inquiry and requirement, so we can assist you on the exact requirement in the packaged solutions that you may required for your operation or project needs.

CANVAS Pro Product Overview

Immunity's CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable  exploit development framework to penetration testers and security professionals worldwide.

Single Installation License

  • includes one year of our standard monthly updates and support
  • unrestricted (no target IP address limitations)
  • full source code

Supported Platforms and Installations

  • Windows (requires Python & PyGTK)
  • Linux
  • MacOSX (requires PyGTK)
  • All other Python environments such as mobile phones and commercial Unixes (command line version only supported,
    GUI may also be available)
  • Architecture
  • CANVAS' completely open design allows a team to adapt CANVAS to their environment and needs.


  • all documentation is delivered in the form of demonstration movies
  • exploit modules have additional information windows
  • Exploits
  • currently over 490 exploits, an average of 4 exploits added every monthly release
  • Immunity carefully selects vulnerabilities for inclusion as CANVAS exploits. Top priorities are high-value vulnerabilities
    such as remote, pre-authentication, and new vulnerabilities in mainstream software.
  • Exploits span all common platforms and applications

Payload Options

  • to provide maximum reliability, exploits always attempt to reuse socket
  • if socket reuse is not suitable, connect-back is used
  • subsequent MOSDEF session allows arbitrary code execution, and provides a listener shell for common actions
    (file management, screenshots, etc)
  • bouncing and split-bouncing automatically available via MOSDEF
  • adjustable covertness level

Exploit Delivery

  • regular monthly updates made available via web
  • exploit modules and CANVAS engine are updated simultaneously
  • customers reminded of monthly updates via email

Exploit Creation Time

  • exploits included in next release as soon as they are stable

Effectiveness of Exploits

  • all exploits fully QA'd prior to release
  • exploits demonstrated via flash movies
  • exploit development team available via direct email for support

Ability to make Custom Exploits

  • unique MOSDEF development environment allows rapid exploit development

Product Support and Maintenance

  • subscriptions include email and phone support M-F 9am - 5pm EST, directly with development team
  • minimum monthly updates


  • CANVAS is a platform that is designed to allow easy development of other security products. Examples include DSquare's D2 Exploitation Pack, Intevydis' VulnDisco, Gleg's Agora and SCADA+ and other industry specific CANVAS exploitation pack (CEP).

SILICA Product Overview

The industry de factor wireless security assessment tools and systems

Understanding the vulnerabilities of your WiFi network can be challenging as users can easily create networks on demand, or even perhaps unintentionally. But as recent events have demonstrated, scanning your WiFi network is an important part of understanding your security posture.

Most vulnerability assessment tools simply take their current network scanners and point them at the wireless infrastructure. This approach does not give you the information that is unique to wireless networks. Immunity has built the first automated, WiFi specific, vulnerability assessment and penetration tool.

Unlike traditional scanners that merely identify possible vulnerabilities, SILICA determines the true risk of a particular access point. SILICA does this by unintrusively leveraging vulnerabilities and determining what assets behind the vulnerable access point can be compromised.

Additionally while traditional scanners can enumerate the vulnerabilities of a particular target, they cannot evaluate whether a mitigating control is in place on the target or in the surrounding environment. With SILICA’s unique methodology it can report on whether vulnerability can be successfully exploited.

More than simple scanning, the benefits of using SILICA include:

  • Improved security posture
  • Simplified trouble shooting
  • Network mapping
  • Create real threat profiles and vulnerability assessments
  • Build WiFi risk and vulnerability analysis for PCI, SOX
  • Rogue access point detection
  • Auditing wireless client security

SILICA Benefits Statement 

With SILICA you can:

  • Recover WEP, WPA 1,2 and LEAP keys
  • Passively hijack web application sessions for email, social networking and Intranet sites.
  • Map a wireless network and identify its relationships with associated clients and other access points.
  • Identify vendors, hidden SSIDs and equipment passively.
  • Scan and break into hosts on the network using integrated CANVAS exploit modules and commands to recover screenshots, password hashes and other sensitive information.
  • Perform man-in-the-middle attacks to find valuable information exchanged between hosts.
  • Generate reports for wireless and network data.
  • Hijack wireless client connections via access point impersonation.
  • Passively inject custom content into client's web sessions.
  • Take full control of wireless clients via CANVAS's client-side exploitation framework (clientD).
  • Decrypt and easily view all WEP and WPA 1/2 traffic.

HIPAA Typical SILICA users include:

1. Forensics teams working to re-create an incident.

2. Security Management teams that want a purpose-build vulnerability scanning and exploitation tool for their WiFi network, including remote identification of systems and mobile devices even when running personal firewalls.

3. Network administrators who want to discover ad-hoc, unauthorized clients, or weakly authenticated WiFi access points, and to test/recover WEP, LEAP and WPA 1,2 keys.

4. Compliance officers looking for real risk management profiles.

5. Security Assessment teams that are tired of the false positives from traditional scanners use SILICA's man-in-the-middle and aggressive remote exploitation capability.

SILICA Functionality and Product Features 

  • Access Point recon and analysis
  • Automated client discovery
  • Access Point exploits
  • Automated exploit launch and run
  • Automated SSID discovery
  • WEP, WPA 1/2 and LEAP credential recovery
  • WPS attacks, including offline bruteforcing
  • Man-In-The-Middle capability
  • Fake AP attacks, including KARMA, SSL-Strip, Spoofed Certificates and Service Impersonation
  • Browser Session Hijacking
  • Number of hosts analyzed simultaneously: 256
  • Average time to compromise a host: < 1 minute
  • Average time to break a WEP network: 10 minutes
  • Average time to break a LEAP, WPA 1/2 network: depends on key strength
  • Report Format: HTML, DOCX
  • Report retrieval: USB
  • Frequency ranges: 802.11 a/b/g/n
  • Installation: Virtual Machine
  • Wireless cards: Alfa AWUS052NH Dual-Band Wireless USB Adapter (included)

SILICA leverages Ubuntu 14.04 LTS 64bit and is supplied as a virtual machine.

Included with SILICA there is a high performance Alfa WiFi USB adapter that greatly increases the wireless performance over the base WiFi chip sets that are included in most commercial laptops.

This self-contained solution provides support for 802.11 a/b/g/n networks. This product is ideal for security personnel who wish to integrate WiFi testing into an existing test platform with our security testing tools.

One of core strengths for CANVAS for the exploitation and penetration testing is it extensive 3rd party exploitation addon/ plug in pack available for extend the functionality or assist in the specific niche exploitation. For those customer who need to perform advance and highly complicate exploitation, you can always depend on the addon pack to perform those testing to cut short the exploitation testing and development cycle by make use of the real world professionals and expert exploitation works.

Below is the summary of common trade exploitation addon pack we are commonly trade together with the CANVAS.

Off course it is no mean to be comprehensive and up to date, as exploitation addon commercial pack is keep evolving.

If it doubt or have specific exploitation testing or development project, you may contact us for your requirement,
we package it as the solution package for your requirement.

Please contact E-SPIN for your Immunity CANVAS and exploitation pack requirement for a solution package that address your operation or project requirement.

D2 Exploitation Pack

D2 Exploitation Pack helps enterprise to replicate real­ life attacks during penetration tests by providing powerful and efficient exploitation tools, validating vulnerability scans and revealing which data would be at risk.

Efficient exploits and tools
D2 Exploitation Pack helps you to replicate all the steps of a real ­life attack during a penetration test. It provides you the exploits and the tools you need for:

  • Reconnaissance
  • Configuration weaknesses
  • Server side attack
  • Client side attack
  • Post exploitation
  • Privileges escalation

Vulnerability scan validation
D2 Exploitation Pack can import and validate the exploitability of results from well-­known vulnerability scanners. Critical vulnerabilities can be easily identified.

Frequent updates
D2 Exploitation Pack is updated each month with new exploits and tools to keep a high level of efficiency.

D2 Elliot Web Exploitation Framework

D2 Elliot Web Exploitation Framework helps enterprise to replicate real­life attacks during web application penetration testing by providing a powerful framework and efficient exploits and tools, validating vulnerability scans and revealing which data would be at risk.

Efficient web exploits and tools

D2 Elliot Web Exploitation Framework provides you hundreds of ready-to-use web exploits and tools. Exploit can be used with several optimized payloads especially designed for each kind of vulnerability.

Quick and reliable web exploit development

D2 Elliot Web Exploitation Framework helps security experts to quickly develop reliable web exploits. Several dedicated Python classes have been designed for each major type of web vulnerability like SQLi, Remote Code Execution, Remote File Include, Local File Include, File Upload or File Disclosure. You only have to take care of the vulnerability -- not the way to exploit it.

Intuitive GUI

D2 Elliot Web Exploitation Framework offers you an intuitive graphical user interface to exploit web vulnerabilities. This GUI only needs a standard browser without system dependencies.

Interactive shell

D2 Elliot Web Exploitation Framework offers you an interactive shell to do everything you need to do without the GUI.

Vulnerability scan validation

D2 Elliot Web Exploitation Framework can import and validate the exploitability of results from well-known web vulnerability scanners. Critical vulnerabilities can be easily identified.

Frequent updates

D2 Elliot Web Exploitation Framework is regularly updated with new exploits and tools to keep a high level of efficiency.

Agora Exploitation Pack

While providing security specialists with 0days, GLEG acknowledges that there is a certain interest to exploits for vulnerabilities discovered by third party researchers. To meet this interest GLEG has made available the "Agora Pack".

The Agora Pack contains more than 80 exploit modules from the product known as "Argeniss 0day Exploits Pack", along with exploits for fresh publicly available vulnerabilities and 0days exploits discovered by GLEG. Modules are designed to be used with Immunity CANVAS. Agora content does not intersect with VulnDisco Pack Professional.

Agora Pack Features:

  • Includes all exploit modules from the product known as "Argeniss 0day Exploits Pack"
  • Includes 0days discovered by GLEG
  • Updated once a month mainly with modules for publicly available vulnerabilities
  • Only modules for well known software are included, unpatched preferred
  • Client side and Server side exploits
  • 3 months of updates and support are provided with the initial purchase
  • The current version of the pack contains more than 80 modules
  • Rich set of exploits at relatively low price

Agora Step Ahead service is also available and allows for an unrestricted license with immediate access to new modules. For more information, please contact E-SPIN.


In an attempt to provide pen testers with a most comprehensive collection of Defense software vulnerabilities illustrated GLEG created the DefPack Exploits Package. Anti-viruses, IDS and IPS systems, Firewalls, Account Management systems, End-point protection software and more are targeted. Defense Software is very special due to its wide usage and critical nature. The pack contains mostly exploits for public vulnerabilities along with some 0days discovered by GLEG.

The "DefPack" features:

  • Critical value: Ability to test your defense software and to measure real threat
  • Nicest public Defense software vulnerabilities coverage! Including old and newly discovered bugs
  • 0 Days exploits: We conduct our own in depth research and provide you with tools and sploits, which could be helpful for Defense software pentesting.
  • Weak points analyses: Some systems suffer from weaknesses like hardcoded passwords and etc. We provide tools to test such cases.


The MedPack is an attempt to collect most medical software vulnerabilities in a one exploit Pack. GLEG covers the software that is widely used in Medical Care and Dental accounting. This Pack could be of interest for security specialists working in this particular field.

The "MedPack" features:

  • Most of vulns are 0days discovered by GLEG.
  • Growing value - Due to low real systems patch rank
  • We try to cover most of the public Medical vulns! Including old and newly discovered bugs
  • 0 Days exploits for Medical software vulnerabilities. We conduct our own in depth research!
  • Weak points analyses. Some systems suffer from weaknesses like hardcoded passwords and etc.


One of the current trends in exploitation is targeting SCADA systems (Stuxnet). The SCADA+ pack speaks to this new trend by providing its customers with exploits for both public vulnerabilities and 0day vulnerabilities in SCADA systems. If you serve an industry that does any type of automation, the SCADA+ pack should be on your radar for running the most realistic attack scenarios and penetration tests for your customers. Attackers are very interested in your clients' SCADA systems, you have to be too.

SCADA+ Step Ahead service is also available and allows for an unrestricted license with immediate access to new modules. For more information, please contact E-SPIN

The ProtoVer Test Suite

The ProtoVer Test Suite combines the results of InteVyDis's complied work over the years.


  • Network protocols tests: DNS, DHCP, IMAP, LDAP, NFS, RADIUS, SMTP, SNMP, SOCKS, SSH, SSL and more
  • File formats tests: ACE, ALZ, ARJ, CAB, CHM, DOC, GZ, HLP, LHA, RAR, ZIP, ZOO, PPT, ELF, PE, TNEF, WMF and more
  • written in pure Python and provided with full source code

VulnDisco Pack Professional

VulnDisco Pack Professional is the Immunity CANVAS add-on which consists of more than 300 modules targeting unpatched vulnerabilities.

  • The richest set of exploits for unpatched vulnerabilities available on the market.
  • Targeted on well known software products.
  • Client side and server side vulnerabilities.
  • Updated once a month.

For more information about VulnDisco please contact E-SPIN

InteVyDis (Intelligent - Vulnerability - Discovery) Step Ahead Pack

With the Step Ahead Pack, all modules are provided under the terms of Developer license, which allows you to create patches, workarounds, signatures and use them for commercial needs.


  • 1 year of updates and support
  • Up-to-the-minute information: You will receive all the information being developed for VulnDisco Pack Professional on the earliest stage of development. Some exploit modules from SA never appear in normal VulnDisco Pack Professional.
  • VulnDisco Pack Professional unlimited Developer license with 1 year of updates and support
  • ProtoVer testsuite unlimited license with 1 year of updates and support

For more information about the Step Ahead Pack please contact E-SPIN

EnableSecurity VoIPPack

EnableSecurity VoIPPack for CANVAS is a set of tools that are designed to work with Immunity CANVAS software. The tools target VoIP systems such as PBX servers, IP Phones and SIP gateways. The tools currently feature:

  • sipscan - Scans the network for SIP devices and identifies the user-agent and if the device is a PBX
  • sipenumerate - Enumerates extensions on a PBX server
  • sipcrack - Launches password attacks on the PBX server
  • sipautohack - Given a target network, this module will scan for SIP devices, enumerate any
  • extensions on all PBX servers found and try to guess their password

Update: 31-May-2016 With Sandro Gauci, CEO at Enable Security email exchange with our E-SPIN Management, Enable Security took VoIP Pack off the market since they unable to continue supporting its development. Despite VoIP Pack is no longer available, you may provide what your interest and needs are, so we can communicate with developer or maybe working on new service/product that may be of interest.

White Phosphorus Exploitation Pack

White Phosphorus is one of the newest exploit packs to be made available for Canvas, with development beginning in 2010. White Phosphorus aims to provide customers with fully weaponised reliable exploits and tools for use during penetration testing assignments.

White Phosphorus Exploit Pack includes;

  • Monthly updates, and unlimited IP address usage
  • 0Day vulnerabilities from private research
  • Modules for publicly reported vulnerabilities
  • Exploits include server side, client side, and privilege escalation
  • Useful modules and standalone tools for penetration testing

White Phosphorus Exploit Pack features;

  • Payload selection, allows you to select the right payload for the situation
  • Port forwarding through multiple canvas nodes, provides the ability to use native clients across
  • exploited networks
  • All exploits bypass DEP /always on and ASLR where possible
  • Fully tested for reliability in our lab environment before release

Update: Discontinue from Developer

INNUENDO Product Overview

INNUENDO: Ensuring your intrusion detection investments

You've spent hundreds of thousands of dollars on state of the art intrusion detection solutions for your Enterprise...but is any of it actually effective?

Enter INNUENDO, a sophisticated post-compromise implant framework that models advanced data exfiltration attacks on your enterprise.

The philosophy behind INNUENDO is simple: to find the real thing you have to calibrate your detection tools and teams with the real thing.

Obviously you can not deploy STUXNET, FLAME or DUQU across your enterprise. However, you CAN deploy INNUENDO, a trusted implant framework that is up to par with even the most sophisticated state-sponsored malware out there.

INNUENDO can behave in many different ways on your network. It models a wide variety of exfiltration methodologies and covert networking tactics, to test whether your intrusion detection investment is performing the way it should be.

  • INNUENDO raises the bar for the state of the art in persistence and data exfiltration solutions. Based on a flexible, modular architecture, INNUENDO offers nation-grade advanced attack capabilities to commercial penetration testing teams.
  • This allows for a wide range of communication channels which are easily integrated into your INNUENDO solution.
  • Examples include: HTTPS, DNS, ICMP, PDF, Social Media, and steganographic injection into popular image hosting services. Persistence can be maintained via any one of many ways, determined at deploy time.
  • That means no static indications of compromise! Persistence methods are modular and updatable throughout the life of the deployment. INNUENDO functionality can be written, deployed and updated in Python without ever touching disk and is encrypted and signed for a specific INNUENDO instance on deployment.
  • Each deployed INNUENDO has a unique SHA1 hash which prevents one-stop binary fingerprinting.
  • INNUENDO can be deployed entirely from memory via e.g. a CANVAS exploit, a post-exploitation CANVAS module, or from another INNUENDO instance.
  • INNUENDO can run as an injected DLL or as its own process. INNUENDO instances employ strong encryption for C&C messages, which renders the communications opaque to listeners and frustrates post-event forensics.

Please feel free to contact E-SPIN for your inquiry and requirement, so we can assist you on the exact requirement in the packaged solutions that you may required for your operation or project needs.

E-SPIN McAfee Application Data Monitor Product Overview

SCADA+ Exploitation Pack for CANVAS

Due to the product continuous update in nature, so we prepare this post for those who interest to know what is include inside. Latest update will be show on the top, while older update will be auto show below. This post will keep update and the post date will follow the latest date, so it

D2 Exploitation Pack for CANVAS

Due to the product continuous update in nature, so we prepare this post for those who interest to know what is include inside. Latest update will be show on the top, while older update will be auto show below. This post will keep update and the post date will follow the latest date, so it
With security researchers at Kasperksy Lab recent uncared a sophisticated cybercrime outfit called Dark Tequila, which targets banking customers in Mexico and other Latin American nations. It become headline now due to uncovered since 2013, with all the antivirus house and platform of sophisticated technologies being deployed and make every endpoint and server being protected.
E-SPIN please to announce for the following latest round of the technology update and upgrade for the following related product lines compiled from the various technical resources for easy reading in one go: D2 Elliot Web Exploitation Framework 1.14, August 7 2018 D2 Elliot has been updated with 11 new web exploits. Payloads and workflows
E-SPIN Data Center Site Cleaning
For those who subscribed with CANVAS Exploitation Pack (CEP) for CANVAS Pro, be note for the following CEP updates that may applicable to your case. SCADA+ 1.71 ver. of Scada+ contains 4 modules. List: – UCanCode ActiveX UCCPrint Control Remote Code Execution Vulnerability [0-Day] – Saia PG5 WebEditor 8.3 – Code Execution Vulnerability [0-Day] –
INNUENDO – An Advanced Penetration Testing tool for modeling Advanced Attackers Immunity provides a premiere suite of software and network security assessment tools that cover every phase of your offensive information security life-cycle. From tip-of-spear exploitation through CANVAS and SILICA, to long term Nation-State grade persistence with INNUENDO, the Immunity product line up will keep