I am looking for an exploitation framework to 'get used to'.
This seems quite out of the blue and the obvious answer would be: "Use Metasploit". But there is a small issue with that.
The framework I am looking for has / should have the following features:
- CLI Based Interface (so it can be accessed over SSH).
- Runs on x86_64 and x86 Linux.
- Allows me to choose an exploit and attach a payload to it.
- Is easily extended by my own 0-days.
- Allows easy IO with other applications.
- Does not have a Binary installer, but a repository I can pull the source off and then (build) and run it.
- Is Free as RMS describes it.
- Does not cost more than $100k a year for unlimited targets and unlimited users.
- Has a fuzzing part to it.
- Aids developing exploits. Think Burp Suite, Offset Searcher and Pattern searcher (pop, ret).
I had a look at Inguma, Metasploit, Canvas and Core Impact.
Inguma: Still in very Alpha stages. I can help adding functions if I polish up my Python. But the exploit part (seems) undesign.
Metasploit: Not RMS Free, since Rapid7 took over things are going down-hill. Binary installer isn't what I require.
Canvas: Seems like an right candidate. But I am unaware of it's costs. Also I never worked with it just had a look at the Videos and heard some talks about it.
Core: Only Windows?
I am wondering if there is one I am missing and if someone could maybe give some advice to my needs?