October 17, 2017, 06:08:23 AM
Welcome, Guest. Please login or register.

CMFP (Certified Metasploit Framework Professional) Course is out! http://www.top-hat-sec.com/cmfp.html

Author Topic: Which is Best  (Read 1653 times)

Offline slyfox

  • Experienced
  • ***
  • Posts: 118
  • Internets: +10/-0
Which is Best
« on: July 21, 2016, 12:41:20 PM »
Has anyone tried all three of the tools below. Any idea which might be best. Obviously they each have their points. These are the free versions, but the last one [ExploitPack] is the cheapest for purchasing exploits, l think - about $300 for 37,000 exploits. lt comes with 370.
Most have heard of the firsts two.

CSPLOIT

or

ARMITAGE

or

EXPLOIT PACK - http://exploitpack.com
« Last Edit: July 21, 2016, 12:44:38 PM by slyfox »

Offline c0ldg0ld

  • Si Vis Pacem, Para Bellum
  • Global Moderator
  • Elite
  • *****
  • Posts: 526
  • Internets: +34/-0
    • Public Key
Re: Which is Best
« Reply #1 on: July 21, 2016, 01:18:59 PM »
Well Armitage is just a GUI front end for Metasploit isn't it?  That would mean all the exploits in there are free.  Likewise exploit DB and tons of places on the net can get you free exploits for things.  I couldn't see paying for it when just about everything out there is available for free one way or another.
rm -rf /bin/laden

Time is an illusion. Lunchtime doubly so.


Public Key

Offline H4v0K

  • Administrator
  • Elite
  • *****
  • Posts: 1019
  • Internets: +986/-1
Re: Which is Best
« Reply #2 on: July 21, 2016, 01:39:33 PM »
Has anyone tried all three of the tools below. Any idea which might be best. Obviously they each have their points. These are the free versions, but the last one [ExploitPack] is the cheapest for purchasing exploits, l think - about $300 for 37,000 exploits. lt comes with 370.
Most have heard of the firsts two.

CSPLOIT

or

ARMITAGE

or

EXPLOIT PACK - http://exploitpack.com

It would all depend on what you are trying to accomplish.
These are all easy GUI tools that if something don't work your kinda lacking unless ur able to fix the exploit and if you can do that you really don't need these tools.

The only way it would be worth paying for "exploit pack" is if the 0days they talk about are real. Which im curious about.

But they all have a free version so why not just try all of them and see what you like best.

Also all the exploits from Exploit-DB are in kali Linux "searchsploit" . But not all exploits from Exploit-DB are in MSF or Armitage ,incase you didn't know .

Offline slyfox

  • Experienced
  • ***
  • Posts: 118
  • Internets: +10/-0
Re: Which is Best
« Reply #3 on: July 21, 2016, 02:07:30 PM »
Yeah, thanx guys.

Quote
Well Armitage is just a GUI front end for Metasploit isn't it?  That would mean all the exploits in there are free.  Likewise exploit DB and tons of places on the net can get you free exploits for things.  I couldn't see paying for it when just about everything out there is available for free one way or anothe

Yes, c0ldg0ld, l agree, but adding 37,000 exploits might be a pain lol.
l think Csploit is a front-end for Metasploit too, or it's incorporated somehow.
l know it's easy to add an exploit module to Exploit Pack.
So, unless we're purchasing 0-Days [as H4v0K says] , lt's probably not worth it.



Quote
The only way it would be worth paying for "exploit pack" is if the 0days they talk about are real. Which im curious about.

That's a good point H4v0K. l suppose all the exploits in Core lmpact, lmmunity Canvas, Cobalt Strike etc are genuine [probably they buy them from top programmers].

Quote
Also all the exploits from Exploit-DB are in kali Linux "searchsploit" . But not all exploits from Exploit-DB are in MSF or Armitage ,incase you didn't know

l didn't know that. Perhaps they just include them in the paid for version.
« Last Edit: July 21, 2016, 02:11:42 PM by slyfox »

Offline ch3rn0byl

  • Top Hat Member
  • Experienced
  • ********
  • Posts: 187
  • Internets: +1337/-0
  • Grumpy Old Man with Mounds of Salt
Re: Which is Best
« Reply #4 on: July 21, 2016, 02:11:36 PM »
tons of places on the net can get you free exploits for things.  I couldn't see paying for it when just about everything out there is available for free one way or another.
I'd be very, very careful with public exploits hehe ;)
The quieter you become, the more you are unlikely to sound stupid.

Offline slyfox

  • Experienced
  • ***
  • Posts: 118
  • Internets: +10/-0
Re: Which is Best
« Reply #5 on: July 31, 2016, 12:45:22 PM »
Quote
I'd be very, very careful with public exploits hehe

ch3rn0byl, what do you mean by 'public exploits'? where would be safe 'public' places for exploits? l notice you've donated to Exploit Database, so l assume that's ok.

l think ExploitPack is working best on my macbook.

Offline ch3rn0byl

  • Top Hat Member
  • Experienced
  • ********
  • Posts: 187
  • Internets: +1337/-0
  • Grumpy Old Man with Mounds of Salt
Re: Which is Best
« Reply #6 on: July 31, 2016, 02:49:41 PM »
Quote
I'd be very, very careful with public exploits hehe

ch3rn0byl, what do you mean by 'public exploits'? where would be safe 'public' places for exploits? l notice you've donated to Exploit Database, so l assume that's ok.

l think ExploitPack is working best on my macbook.
Public exploits such as exploits found in the public ie exploitdb, securityfocus, etc.
I did get one on exploitdb!! But i wouldnt do anything like that, now would i?? hehe
read here: https://community.rapid7.com/community/metasploit/blog/2010/04/04/penetration-testing-learn-assembly
but if your quick to run exploits blindly, please let me know! Maybe i can give you one to run ;) hehe
ExploitPack?? mehh
The quieter you become, the more you are unlikely to sound stupid.