CANVAS is updated frequently, so these screenshots may not reflect
the current state of the product.
Click on the images for larger size.
I'm ready to purchase CANVAS or I'd like more information:
The default startup of
When enabled the CANVAS
world map will reconcile IP addresses with their geographic location and display that to the CANVAS user.
exploitation of a host, the CANVAS user is presented with a listener shell which they can use as a fully interactive shell or to launch
post exploitation commands.
New in the April 2009
release of CANVAS is the ability to interact with the host's command-line directly from the GUI.
One of the many post exploitation
modules available in CANVAS is the getpasswordhashes module that will fetch hashes from the exploited host.
Using MOSDEF CANVAS is able to
use multiple hosts running different operating systems on different architectures as pivot points to attack new targets. This is demonstrated
here using the Node Management node view which shows exploited hosts and their relation to each other.
Launching client side exploits
is easy using the built in HTTP server.
running on Windows Vista Ultimate
Default startup of Immunity CANVAS on Mac OS X.
CANVAS can also be completely driven from the commandline, making incorporating modules into scripts easy.
CANVAS relies heavily on the concept of a 'listener'. A CANVAS Listener is anything
that needs to respond to actions, such as a running exploit module, an open port
waiting for a callback, or a connection to a remote host that has been exploited.
In this screenshot you can see one of the advanced CANVAS tools being used to print
out all the available security tokens in the process that has been exploited. Then
the CANVAS user can switch security tokens to any of the found tokens, and attempt
to access files as the new user.
The Covertness Bar is a special feature of CANVAS that allows certain exploits to
behave differently depending on how covert the user needs it to be. For example,
a high level of covertness can sometimes slip by application firewalls, since
application fragmentation fools the firewall into ignoring the traffic. Reliability
and covertness are opposites on the Covertness Bar, as they are in real life.
CANVAS's multi-threaded architecture allows an advanced user to run multiple
exploits at once, or even combine multiple machines' exploitation attempts into
(GPG key link
or call 212-534-0857
during business hours
EST (US) to order CANVAS with a Visa, Mastercard, or American Express.
Please have your name, your address, the number of seats (in packs of 10) you wish to
license, and how many quarters of support you'd like to have ready.
Immunity's fax number is 917-591-1850
You can also schedule a VNC demo where you VNC into Immunity's lab and we demonstrate
CANVAS to you personally during a conference call with your team.
Immunity does accept net-30 Purchase Orders from recognized companies, and is
available in CCR as "Immunity, Inc.".