Core Impact

Core Impact is a professional penetration testing framework tool that can operate in both automated and manual modes. It is very expensive, but sets the standard to measure other tools against. It comes with a constantly updated and state of the art collection of exploit code.

Core can either perform its own reconnaissance or can import data from other recon tools. The long list of exploits available includes client side tactics that be supported by server tools, such as a web server to serve exploit laden pages that are baited by emails. Once a Core exploit is successful, an agent is deployed that enables access via a variety of means, including HTTP. The tester can also choose from several different forms of shells and use a list of automated tools to extract and retrieve information, such as password hashes, routing information, users and groups, a list of processes that are running, screenshots and more. It is possible to set the agent that was deployed on the compromised system as “source” and use that for pivot attacks, doing recon and launching more exploits that originate from the first target system, often avoiding firewall defenses.

Once all of the testing activity has been completed, Core comes with a nice list of reports that can show the host information or all of the activities that were undertaken. Most Core abilities can be launched manually one step at a time, or the “Rapid Penetration Test” (RPT) tool will automatically step through a “soup to nuts” schedule of recon, penetration and agent deployment with little more than a few targeting clicks to launch it.

Core Technologies

CORE IMPACT Pro V8 enables customers to extend the scope and efficiency of their information security testing initiatives, adding two new modules for pinpointing critical web application exposures, as well as new commercial-grade features for scheduling, managing and reporting on enterprise security tests. Building on IMPACT Pro’s real-world network, endpoint and web application testing capabilities, the new version provides customers with actionable data that helps them to cost-effectively address their security risks while ensuring maximum ROI from their IT defenses.

Leave a Reply

You must be logged in to post a comment.