Check out the review of Metasploit Pro... the upgraded version of the winner of the pwn-off, Metasploit Express.


Select an option from the HackMiami Pwn-Off drop down menu above

Also, please visit the AntiVirus CVE option from the menu above or click here

The Scorecard



Interface:  The interface is super clean compared to the other applications.  Metasploit Express uses a web browser to interact with the application.  It doesn't matter what OS you are used to, if you have ever surfed the web, you can "Point, Click, Pwn!"

Exploits:  Metasploit Express Generated 16 shells across EIGHT boxes.  The speed at which the targets fell justified the name "express."  

Reporting: With a single click, the evidence collection feature does the dirty work of collecting evidence from the targets.  This feeds into the reporting feature of the tool.  The reports generated out of Metasploit Express include the evidence collected which includes user/password combinations, encryption keys and screen shots of the target machine.  In this case, a picture is worth a thousand words. 

Value: Metasploit Express was the most affordable with a list price of $3,000.

Additional Features:  A favorite feature of Metasploit Express is the Replay Scripts.  By enabling one to replay the attack without requiring the Express Product,a tester would be able to provide value above and beyond just a report. 


Total Score:

Click here to check out the review of the application



Interface:  The interface is familiar to Windows Users.  Drag, Drop, Pwn

Exploits:  Core launched 3 agents with ease.  It may have found more using the Metasploit plug-in. 

Reporting: The reports generated out of the application were easy to read and informative.  They did seem plain however.   

Value: Core topped the price list of our competitors.  If money was no option, I would buy all 3, however usually it does factor into the equation. 

Additional Features:  With a higher price, Core is packed with additional features.  Core includes not only Network Testing, but Web and Client Side/Phishing attack vectors as well.  You will pay for these features however.


Total Score:

Click here to check out the review of the application


Interface:  The interface is a clean interface however it did have some quirks.  The most documented is selecting targets and current callback.  You need to know what your doing.  Thank goodness the company offers plenty of training.   

Exploits:  This is a serious tool for a serious pentester.  Canvas provides enough rope to snag your target machine or hang yourself.  Canvas generated 5 shells, but only after help from the company's support.  Plus points for the number of shells generated however, you have to earn them with this program. 

Reporting: The reports generated out of the application are compiled by using all the knowledge obtained in the pentest.  The details in the report depend on the quality of the test.  If you obtain the knowledge in the test, it is in the report.

Value: Canvas has marketed itself as a fierce competitor against the veteran Core.  Part of the marking strategy is the lower cost of the application compared to Core.  That lower cost comes at the expense of the Interface.  However, if you are a serious penetration tester, you will prefer the complexity. 

Additional Features:  One of the features I found impressive was that Canvas runs on OSX.  Also included in the cost of the product is source code so you can customize to your organization.  


Total Score:

Click here to check out the review of the application