Skip Navigation Linksimmunity-canvas



​Immunity CANVAS 網頁安全漏洞偵測


Single Installation License

  • includes one year of our standard monthly updates and support
  • unrestricted (no target IP address limitations)
  • full source code​

​Supported Platforms and Installations

  • Windows (requires Python & PyGTK)
  • Linux
  • MacOSX (requires PyGTK)
  • All other Python environments such as mobile phones and commercial Unixes
    (command line version only supported, GUI may also be available)


  • CANVAS' completely open design allows a team to adapt CANVAS to their environment and needs.


  • all documentation is delivered in the form of demonstration movies
  • exploit modules have additional information
  • currently over 800 exploits
  • Immunity carefully selects vulnerabilities for inclusion as CANVAS exploits. Top priorities are high-value vulnerabilities such as remote, pre-authentication, and new vulnerabilities in mainstream software.
  • Exploits span all common platforms and applications​
  • Payload Options
  • to provide maximum reliability, exploits always attempt to reuse socket
  • if socket reuse is not suitable, connect-back is used
  • subsequent MOSDEF session allows arbitrary code execution, and provides a listener shell for common actions (file management, screenshots, etc)
  • bouncing and split-bouncing automatically available via MOSDEF
  • adjustable covertness level

Exploit Delivery

  • regular monthly updates made available via web
  • exploit modules and CANVAS engine are updated simultaneously
  • customers reminded of monthly updates via email

Exploit Creation Time

  • exploits included in next release as soon as they are stable

Effectiveness of Exploits

  • all exploits fully QA'd prior to release
  • exploits demonstrated via flash movies
  • exploit development team available via direct email for support

Ability to make Custom Exploits

  • unique MOSDEF development environment allows rapid exploit development

Product Support and Maintenance

  • subscriptions include email and phone support M-F 9am - 5pm EST, directly with development team
  • minimum monthly updates


  • CANVAS is a platform that is designed to allow easy development of other security products. Examples include DSquare's D2 Exploitation Pack, Intevydis' VulnDisco, Gleg's Agora and SCADA+ and Enable's VoIPPack.