Results 1 to 6 of 6

Thread: Exploitation Framework

  1. #1
    Just burned his ISO
    Join Date
    Jul 2011
    Posts
    10

    Question Exploitation Framework

    Hello,

    I am looking for an exploitation framework to 'get used to'.
    This seems quite out of the blue and the obvious answer would be: "Use Metasploit". But there is a small issue with that.

    The framework I am looking for has / should have the following features:
    - CLI Based Interface (so it can be accessed over SSH).
    - Runs on x86_64 and x86 Linux.
    - Allows me to choose an exploit and attach a payload to it.
    - Is easily extended by my own 0-days.
    - Allows easy IO with other applications.
    - Does not have a Binary installer, but a repository I can pull the source off and then (build) and run it.
    - Is Free as RMS describes it.
    - Does not cost more than $100k a year for unlimited targets and unlimited users.
    - Has a fuzzing part to it.
    - Aids developing exploits. Think Burp Suite, Offset Searcher and Pattern searcher (pop, ret).

    I had a look at Inguma, Metasploit, Canvas and Core Impact.

    Inguma: Still in very Alpha stages. I can help adding functions if I polish up my Python. But the exploit part (seems) undesign.
    Metasploit: Not RMS Free, since Rapid7 took over things are going down-hill. Binary installer isn't what I require.
    Canvas: Seems like an right candidate. But I am unaware of it's costs. Also I never worked with it just had a look at the Videos and heard some talks about it.
    Core: Only Windows?


    I am wondering if there is one I am missing and if someone could maybe give some advice to my needs?

    Thanks

    - Illiac

  2. #2
    Senior Member iproute's Avatar
    Join Date
    Jan 2010
    Location
    Midwest, USA
    Posts
    192

    Default Re: Exploitation Framework

    I know this is the obvious answer, but doesnt metasploit fit most of those requirements? A former co-worker friend put plenty of his own stuff into metasploit. And it has an RPC daemon that can be used for external apps. Also have an SVN repo. As far as users, you could just add users and properly manage permissions with sudo with proper fine tuning. Just my 2 cents, though from the sound of it, you're more talented than I in much of this... I've yet to delve into exploit development for instance. Guess I've spent too much time lately on my telco stuff, but hey, thats my line of work.

  3. #3
    Just burned his ISO
    Join Date
    Jul 2011
    Posts
    10

    Default Re: Exploitation Framework

    I couldn't seem to find the Metasploit 4 repo.

    I thought about using Metasploit 3 and adding functions to it (maybe even fork it).

  4. #4
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: Exploitation Framework

    Quote Originally Posted by Illiac View Post
    I couldn't seem to find the Metasploit 4 repo.
    Repos: apt-cache show framework && apt-get install framework
    Path: /pentest/exploits/framework or /opt/framework
    Have you...g0tmi1k?

  5. #5
    Senior Member iproute's Avatar
    Join Date
    Jan 2010
    Location
    Midwest, USA
    Posts
    192

    Default Re: Exploitation Framework

    Though the URL says framework3, I believe 4 resides on it, as if you dig around on the svn repo a bit (tags rather than trunk) , you can find weekly updates into october of this year.

    Code:
    svn checkout https://www.metasploit.com/svn/framework3/trunk /opt/metasploit3/msf3/
    so that should still be valid for work from 'from-source'. Just change the directory it ends up in if you so desire.
    Last edited by iproute; 10-11-2011 at 01:16 PM.

  6. #6
    Just burned his ISO
    Join Date
    Jul 2011
    Posts
    10

    Default Re: Exploitation Framework

    Quote Originally Posted by g0tmi1k View Post
    Repos: apt-cache show framework && apt-get install framework
    Path: /pentest/exploits/framework or /opt/framework
    Alright, let me correct myself.
    Source Code Repositories.

    @iproute
    Thanks I didn't look at far. I'll have a look.

    Anyone an other thought about the other frameworks?

Similar Threads

  1. Routerpwn, a router exploitation framework
    By hakim in forum BackTrack 5 Tool Requests (NOW CLOSED) Please see sticky
    Replies: 0
    Last Post: 07-27-2011, 03:48 AM
  2. Manual exploitation
    By SephStorm in forum BackTrack 5 General Topics
    Replies: 3
    Last Post: 07-18-2011, 03:08 PM
  3. Need help with Armitage (pre-exploitation)
    By pinky19 in forum Beginners Forum
    Replies: 0
    Last Post: 02-11-2011, 03:57 AM
  4. Metasploit Exploitation
    By espreto in forum Tutoriais e Howtos
    Replies: 0
    Last Post: 06-12-2010, 06:09 PM
  5. Exploitation
    By Stamen in forum OLD Newbie Area
    Replies: 2
    Last Post: 07-29-2008, 09:40 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •