Immunity's CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide. To see CANVAS in action please see our movies. For users new to CANVAS or experienced users looking to get just a little more out of CANVAS we have PDF based tutorials available for download.
Single Installation License
includes one year of our standard monthly updates and support
unrestricted (no target IP address limitations)
full source code
Supported Platforms and Installations
Windows (requires Python & PyGTK)
Linux
MacOSX (requires PyGTK)
All other Python environments such as mobile phones and commercial Unixes (command line version only supported, GUI may also be available)
Architecture
CANVAS' completely open design allows a team to adapt CANVAS to their environment and needs.
Documentation
all documentation is delivered in the form of demonstration movies
exploit modules have additional information
currently over 500 exploits
Immunity carefully selects vulnerabilities for inclusion as CANVAS exploits. Top priorities are high-value vulnerabilities such as remote, pre-authentication, and new vulnerabilities in mainstream software.
Exploits span all common platforms and applications
Payload Options
to provide maximum reliability, exploits always attempt to reuse socket
if socket reuse is not suitable, connect-back is used
subsequent MOSDEF session allows arbitrary code execution, and provides a listener shell for common actions (file management, screenshots, etc)
bouncing and split-bouncing automatically available via MOSDEF
adjustable covertness level
Exploit Delivery
regular monthly updates made available via web
exploit modules and CANVAS engine are updated simultaneously
customers reminded of monthly updates via email
Exploit Creation Time
exploits included in next release as soon as they are stable
Effectiveness of Exploits
all exploits fully QA'd prior to release
exploits demonstrated via flash movies
exploit development team available via direct email for support
Ability to make Custom Exploits
unique MOSDEF development environment allows rapid exploit development
Product Support and Maintenance
subscriptions include email and phone support M-F 9am - 5pm EST, directly with development team
minimum monthly updates
Development
CANVAS is a platform that is designed to allow easy development of other security products. Examples include DSquare's D2 Exploitation Pack, Intevydis' VulnDisco, Gleg's Agora and SCADA+ and Enable's VoIPPack.