There are a few alternatives you can use if you do not have one of the previously described applications. You can use an open source project such as Metasploit or Security Forrest's exploitation framework. Metasploit's features are equivalent to Core Impact or Canvas. See Chapter 7 for more information on Metasploit. SecurityForest is more of an exploit collection than a framework; while it has a lot of exploits, it has neither the flexibility nor the advanced evasion features of Core Impact, Canvas, or Metasploit.
Find these tools at the following sites:
Before framework applications were available, hackers had to exchange exploits coded in C. They had to fix or change the code for a specific function, then compile and run it. You can still find these kinds of exploits at the packetstorm web site (packetstorm.linuxsecurity.com), which has an archive of old exploits as well as some newer ones.
—Nicolas Beauchesne