Exploit Frameworks

by Dave Breslin
May 10, 2012

HostsAndPlugins

This report template provides both summarized and detailed information to complement the Exploits By Platform dashboard template. The sample above was cut from one of four chapters. The table at the top lists hosts with vulnerabilities that can be exploited by Immunity CANVAS. The table at the bottom reports Nessus plugin family totals for Immunity CANVAS exploitable vulnerabilities. The example report provided, use the download link below, was produced in a laboratory environment and is not intended for use in the competitive analysis of Metasploit, Core Impact or Immunity CANVAS.

The report template uses the filter technique described in the Exploits By Platform post to filter on vulnerabilities that can be exploited by a specific exploit framework. Here's a  snippet from a Nessus v2 results file listing the tags mentioned:

<exploit_framework_canvas>true</exploit_framework_canvas>
<exploit_framework_core>true</exploit_framework_core>
<exploit_framework_metasploit>true</exploit_framework_metasploit>

The "Exploit Framework Summary" chapter provides a trending graph to indicate an increase or decrease over time of framework exploitable vulnerabilities. The graph also trends the total number of vulnerabilities known to have exploits regardless of availability within a specific framework which is referred to on the graph as "Vulns with Known Exploits". A list of vulnerabilities discovered through the most recent Nessus scanning that can be exploited by each framework is also provided as a quick reference.

The "Core Impact", "Canvas" and "Metasploit" chapters follow the same format and break down the information on vulnerabilities exploitable within each framework by hosts, Plugin Family, Microsoft Bulletin and CVE. A trending graph is also provided at the beginning of each chapter which is similar to the one provided in the “Exploit Framework Summary” chapter but narrowed in focus to the appropriate framework. A detailed Nessus report for each framework exploitable vulnerability is provided and grouped by host:

Toc

 

The severity levels of low, medium, high and critical used throughout the template refer to the Nessus classification for vulnerabilities. Info severity rated vulnerabilities have been filtered out and are not reported by the template.

The four trend graphs found in the template were created using the line chart element found in the GUI driven SecurityCenter report builder and have been set to report the last 5 days which can be easily changed:

Adjusttimeframe

 

Please note when looking at Nessus vulnerability counts that the relationship between Nessus vulnerability and CVE reference can be one to many (one Nessus vulnerability can have one or more CVE references). A Nessus vulnerability may also have no CVE reference.  Also, when looking at vulnerability counts reported by Microsoft Bulletin IDs that there can be vulnerabilities that are not Microsoft Bulletin related.