- CANVAS 網頁安全測試工具
介紹Canvas是Aitel's ImmunitySec出品的一款安全漏洞檢測工具。 它包含150個以上的漏洞利用。對於滲透測試人員來說，Canvas是比較專業的安全漏洞利用工具。 Canvas也常被用於對IDS和IPS的檢測能力的測試。
- • 1.2ghz processor
- • Chip architecture/OS must have Python 2.5 or greater support
- • 1GB RAM
- • 250mb free HD space
- • Good Linux drivers for wired/wireless cards
CANVAS is written and designed to be run on Linux. While Windows and OSX are supported platforms, Linux is where CANVAS really shines. If you are tied to Windows as part of corporate IT policy, CANVAS also runs well in a VM (see the requirements above). For Linux, any modern desktop distribution with solid package management will work. We recommend:
Windows users can download a zip file with all the dependencies (except pycrypto) and installation instructions for that platform from Immunity.
Due to export-control restrictions, we can not ship the pycrypto libraries. You can download a binary installer for Windows at the link shown below.
Mac OSX Users
OSX users can download an installer with most dependencies for that platform from Immunity. You can then download CANVAS as a zip/tar file that you decompress and run CANVAS_ROOT/runcanvas.sh. Please note you would still need to install pyasn1 on your own.
Immunity CANVAS Professional
Immunity's CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide. To see CANVAS in action please see our movies. For users new to CANVAS or experienced users looking to get just a little more out of CANVAS we have PDF based tutorials available for download.
Single User License
- includes one quarter of standard monthly updates and support
- unrestricted (no target IP address limitations)
- full source code
- Your use of CANVAS Professional does not expire when your support period is over.
Supported Platforms and Installations
- Windows (requires Python & PyGTK)
- MacOSX (requires PyGTK)
- All other Python environments such as mobile phones and commercial Unixes (command line version only supported, GUI may also be available)
- CANVAS Professional's completely open design allows a team to adapt CANVAS Professional to their environment and needs.
- all documentation is delivered in the form of demonstration movies
- exploit modules have additional information windows
- currently over 370 exploits, an average of 4 exploits added every monthly release
- Immunity carefully selects vulnerabilities for inclusion as CANVAS exploits. Top priorities are high-value vulnerabilities such as remote, pre-authentication, and new vulnerabilities in mainstream software.
- Exploits span all common platforms and applications
- to provide maximum reliability, exploits always attempt to reuse socket
- if socket reuse is not suitable, connect-back is used
- subsequent MOSDEF session allows arbitrary code execution, and provides a listener shell for common actions (file management, screenshots, etc)
- bouncing and split-bouncing automatically available via MOSDEF
- adjustable covertness level
- regular monthly updates made available via web
- exploit modules and CANVAS engine are updated simultaneously
- customers reminded of monthly updates via email
Exploit Creation Time
- exploits included in next release as soon as they are stable
Effectiveness of Exploits
- all exploits fully QA'd prior to release
- exploits demonstrated via flash movies
- exploit development team available via direct email for support
Ability to make Custom Exploits
- unique MOSDEF development environment allows rapid exploit development
Product Support and Maintenance
- subscriptions include email and phone support M-F 9am - 5pm EST, directly with development team
- minimum monthly updates
- CANVAS is a platform that is designed to allow easy development of other security products. Examples include Gleg, Ltd's VulnDisco, DSquare's D2 Exploitation Pack and the Argeniss Ultimate 0day Exploits Pack.
Disk encryption protects a hard drive in the event of theft or accidental loss by encrypting the entire disk including swap files, system files, and hibernation files. If an encrypted disk is lost, stolen, or placed into another computer, the encrypted state of the drive remains unchanged, ensuring only an authorized user can access its contents.
Traffic files can be selected and replayed at the touch of a button. Traffic files can also be organised into groups for replaying and exporting to other users. Traffic IQ Professional can import many different types of network capture files for replaying including NetMon, Ethereal, TcpDump, WinDump, LibPcap, Redhat Linux. When replaying traffic you have complete control over the parameters used including IP and MAC addresses, ports, time to live (TTL), delay and direction.
2020年2月5日 自動化Web應用安全軟體的先驅-Acunetix發佈了版本13。在新版本中改善了使用者界面，創新導入SmartScan引擎、惡意軟體檢測、整合網路掃描、proof-of-exploit,，增量掃描等等。在這一版本中，進一步加強了Acunetix在網路安全市場上的領先地位。 Acunetix 聚焦於效能和準確，而最新版本能證明了這一點。 CTO Nicolas Sciberras：「您無法在任何其他產品中，找到這些獨特的功能。”