One of core strengths for CANVAS for the exploitation and penetration testing is it extensive 3rd party exploitation addon/ plug in pack available for extend the functionality or assist in the specific niche exploitation. For those customer who need to perform advance and highly complicate exploitation, you can always depend on the addon pack to perform those testing to cut short the exploitation testing and development cycle by make use of the real world professionals and expert exploitation works.
Below is the summary of common trade exploitation addon pack we are commonly trade together with the CANVAS.
Off course it is no mean to be comprehensive and up to date, as exploitation addon commercial pack is keep evolving.
If it doubt or have specific exploitation testing or development project, you may contact us for your requirement,
we package it as the solution package for your requirement.
Please contact E-SPIN for your Immunity CANVAS and exploitation pack requirement for a solution package that address your operation or project requirement.
D2 EXPLOITATION PACK
D2 Exploitation Pack helps enterprise to replicate real life attacks during penetration tests by providing powerful and efficient exploitation tools, validating vulnerability scans and revealing which data would be at risk.
Efficient exploits and tools
D2 Exploitation Pack helps you to replicate all the steps of a real life attack during a penetration test. It provides you the exploits and the tools you need for:
- Configuration weaknesses
- Server side attack
- Client side attack
- Post exploitation
- Privileges escalation
Vulnerability scan validation
D2 Exploitation Pack can import and validate the exploitability of results from well-known vulnerability scanners. Critical vulnerabilities can be easily identified.
D2 Exploitation Pack is updated each month with new exploits and tools to keep a high level of efficiency.
D2 ELLIOT WEB EXPLOITATION FRAMEWORK
D2 Elliot Web Exploitation Framework helps enterprise to replicate reallife attacks during web application penetration testing by providing a powerful framework and efficient exploits and tools, validating vulnerability scans and revealing which data would be at risk.
Efficient web exploits and tools
D2 Elliot Web Exploitation Framework provides you hundreds of ready-to-use web exploits and tools. Exploit can be used with several optimized payloads especially designed for each kind of vulnerability.
Quick and reliable web exploit development
D2 Elliot Web Exploitation Framework helps security experts to quickly develop reliable web exploits. Several dedicated Python classes have been designed for each major type of web vulnerability like SQLi, Remote Code Execution, Remote File Include, Local File Include, File Upload or File Disclosure. You only have to take care of the vulnerability — not the way to exploit it.
D2 Elliot Web Exploitation Framework offers you an intuitive graphical user interface to exploit web vulnerabilities. This GUI only needs a standard browser without system dependencies.
D2 Elliot Web Exploitation Framework offers you an interactive shell to do everything you need to do without the GUI.
Vulnerability scan validation
D2 Elliot Web Exploitation Framework can import and validate the exploitability of results from well-known web vulnerability scanners. Critical vulnerabilities can be easily identified.
D2 Elliot Web Exploitation Framework is regularly updated with new exploits and tools to keep a high level of efficiency.
AGORA EXPLOITATION PACK
While providing security specialists with 0days, GLEG acknowledges that there is a certain interest to exploits for vulnerabilities discovered by third party researchers. To meet this interest GLEG has made available the “Agora Pack”.
The Agora Pack contains more than 80 exploit modules from the product known as “Argeniss 0day Exploits Pack”, along with exploits for fresh publicly available vulnerabilities and 0days exploits discovered by GLEG. Modules are designed to be used with Immunity CANVAS. Agora content does not intersect with VulnDisco Pack Professional.
Agora Pack Features:
- Includes all exploit modules from the product known as “Argeniss 0day Exploits Pack”
- Includes 0days discovered by GLEG
- Updated once a month mainly with modules for publicly available vulnerabilities
- Only modules for well known software are included, unpatched preferred
- Client side and Server side exploits
- 3 months of updates and support are provided with the initial purchase
- The current version of the pack contains more than 80 modules
- Rich set of exploits at relatively low price
Agora Step Ahead service is also available and allows for an unrestricted license with immediate access to new modules. For more information, please contact E-SPIN.
In an attempt to provide pen testers with a most comprehensive collection of Defense software vulnerabilities illustrated GLEG created the DefPack Exploits Package. Anti-viruses, IDS and IPS systems, Firewalls, Account Management systems, End-point protection software and more are targeted. Defense Software is very special due to its wide usage and critical nature. The pack contains mostly exploits for public vulnerabilities along with some 0days discovered by GLEG.
The “DefPack” features:
- Critical value: Ability to test your defense software and to measure real threat
- Nicest public Defense software vulnerabilities coverage! Including old and newly discovered bugs
- 0 Days exploits: We conduct our own in depth research and provide you with tools and sploits, which could be helpful for Defense software pentesting.
- Weak points analyses: Some systems suffer from weaknesses like hardcoded passwords and etc. We provide tools to test such cases.
The MedPack is an attempt to collect most medical software vulnerabilities in a one exploit Pack. GLEG covers the software that is widely used in Medical Care and Dental accounting. This Pack could be of interest for security specialists working in this particular field.
The “MedPack” features:
- Most of vulns are 0days discovered by GLEG.
- Growing value – Due to low real systems patch rank
- We try to cover most of the public Medical vulns! Including old and newly discovered bugs
- 0 Days exploits for Medical software vulnerabilities. We conduct our own in depth research!
- Weak points analyses. Some systems suffer from weaknesses like hardcoded passwords and etc.
One of the current trends in exploitation is targeting SCADA systems (Stuxnet). The SCADA+ pack speaks to this new trend by providing its customers with exploits for both public vulnerabilities and 0day vulnerabilities in SCADA systems. If you serve an industry that does any type of automation, the SCADA+ pack should be on your radar for running the most realistic attack scenarios and penetration tests for your customers. Attackers are very interested in your clients’ SCADA systems, you have to be too.
SCADA+ Step Ahead service is also available and allows for an unrestricted license with immediate access to new modules. For more information, please contact E-SPIN
THE PROTOVER TEST SUITE
The ProtoVer Test Suite combines the results of InteVyDis’s complied work over the years.
- Network protocols tests: DNS, DHCP, IMAP, LDAP, NFS, RADIUS, SMTP, SNMP, SOCKS, SSH, SSL and more
- File formats tests: ACE, ALZ, ARJ, CAB, CHM, DOC, GZ, HLP, LHA, RAR, ZIP, ZOO, PPT, ELF, PE, TNEF, WMF and more
- written in pure Python and provided with full source code
VULNDISCO PACK PROFESSIONAL
VulnDisco Pack Professional is the Immunity CANVAS add-on which consists of more than 300 modules targeting unpatched vulnerabilities.
- The richest set of exploits for unpatched vulnerabilities available on the market.
- Targeted on well known software products.
- Client side and server side vulnerabilities.
- Updated once a month.
For more information about VulnDisco please contact E-SPIN
INTEVYDIS (INTELLIGENT – VULNERABILITY – DISCOVERY) STEP AHEAD PACK
With the Step Ahead Pack, all modules are provided under the terms of Developer license, which allows you to create patches, workarounds, signatures and use them for commercial needs.
- 1 year of updates and support
- Up-to-the-minute information: You will receive all the information being developed for VulnDisco Pack Professional on the earliest stage of development. Some exploit modules from SA never appear in normal VulnDisco Pack Professional.
- VulnDisco Pack Professional unlimited Developer license with 1 year of updates and support
- ProtoVer testsuite unlimited license with 1 year of updates and support
For more information about the Step Ahead Pack please contact E-SPIN
EnableSecurity VoIPPack for CANVAS is a set of tools that are designed to work with Immunity CANVAS software. The tools target VoIP systems such as PBX servers, IP Phones and SIP gateways. The tools currently feature:
- sipscan – Scans the network for SIP devices and identifies the user-agent and if the device is a PBX
- sipenumerate – Enumerates extensions on a PBX server
- sipcrack – Launches password attacks on the PBX server
- sipautohack – Given a target network, this module will scan for SIP devices, enumerate any
- extensions on all PBX servers found and try to guess their password
Update: 31-May-2016 With Sandro Gauci, CEO at Enable Security email exchange with our E-SPIN Management, Enable Security took VoIP Pack off the market since they unable to continue supporting its development. Despite VoIP Pack is no longer available, you may provide what your interest and needs are, so we can communicate with developer or maybe working on new service/product that may be of interest.
WHITE PHOSPHORUS EXPLOITATION PACK
White Phosphorus is one of the newest exploit packs to be made available for Canvas, with development beginning in 2010. White Phosphorus aims to provide customers with fully weaponised reliable exploits and tools for use during penetration testing assignments.
White Phosphorus Exploit Pack includes;
- Monthly updates, and unlimited IP address usage
- 0Day vulnerabilities from private research
- Modules for publicly reported vulnerabilities
- Exploits include server side, client side, and privilege escalation
- Useful modules and standalone tools for penetration testing
White Phosphorus Exploit Pack features;
- Payload selection, allows you to select the right payload for the situation
- Port forwarding through multiple canvas nodes, provides the ability to use native clients across
- exploited networks
- All exploits bypass DEP /always on and ASLR where possible
- Fully tested for reliability in our lab environment before release
Update: Discontinue from Developer