Core Impact isn't cheap (be prepared to spend at least $30,000), but it is widely considered to be the most powerful exploitation tool available. It sports a large, regularly updated database of professional exploits, and can do neat tricks like exploiting one machine and then establishing an encrypted tunnel through that machine to reach and exploit other boxes.
A Penetration Testing Tool for Both New and Advanced Users
Core Impact simplifies testing for new users by providing intuitive, step-by-step wizards and rapid penetration tests so they can automatically gather the information they need. Advanced users can efficiently execute common tasks, saving time while providing a consistent, repeatable process for testing infrastructure. Additionally, experienced penetration testers can take advantage of the vast functionalities available, taking full control over all aspects of the process, including editing and tailoring exploit functions to perform exactly to desired specifications for a given environment.
Red and Purple teams can use Core Impact’s collaborative workspace to enable organizations to launch specific, targeted attacks against their IT infrastructure, revealing security weaknesses and allowing you to make improvements before facing an actual threat.
Users of all levels can take advantage of Core Impact’s robust test safety measures. All communication between Impact and its agents are fully encrypted and authenticated, ensuring that threat actors can never hijack these pathways to use them maliciously. Additionally, all agents can self-destruct at a set time so that no back doors are left open, making for a simple, secure clean-up.
Commercial-Grade Exploits for Real World Attack Replication
Core Impact is the most comprehensive penetration testing solution on the market and is the only solution that empowers you to replicate multi-staged attacks that pivot across systems, devices and applications. Using a stable, up-to-date library of commercial-grade exploits, Impact reveals how chains of exploitable vulnerabilities open paths to your organization’s mission-critical systems and assets. Core Impact also allows you to re-test exploited systems to verify that remediation measures or compensating controls are effective and working.
Comprehensive Penetration Testing for Peace of Mind
Core Impact offers diverse testing functionality in order to provide thorough coverage and security insight so organizations know who, how, and what is vulnerable in their IT environments.
Accurately identify and profile target internal information systems for network penetration testing. Core Impact can help exploit vulnerabilities in critical networks, systems, hosts, and devices by imitating an attacker’s methods of access and manipulating data, as well as testing defensive technologies’ ability to stop attacks. Run web application penetration tests to find weaknesses through detailed web crawling, pivoting attacks to web servers, associated databases, and backend networks to confirm exploitability.
Easily deploy phishing campaigns for client-side and social engineering tests to discover which users are susceptible and what credentials can be harvested. Use the step by step process to create emails, select targets, and choose between browser redirects or web page clones. Customize each email to challenge users with more sophisticated emails that are harder to identify as fake. Actual emails can be imported from mail clients to increase the authenticity of the attack.
SCADA Pack Add-On Product
Core Security offers an add-on pack with additional SCADA and Industrial Control System exploits for Core Impact. The SCADA pack provides over 140 exploits in various SCADA and ICS that are deployed across many industries, on top of the SCADA and ICS exploits already shipped by default in Core Impact. This enhanced pack is updated with about four new exploits on average a month.
Intuitive testing wizards for ease of use
Extensive threat library of commercial grade exploits
Automated cleanup with self-destructing agents
Multi-vector testing capabilities
Teaming capabilities in collaborative workspace
Tailored reporting to build remediation plans
Integrations with other pen testing tools including Metasploit and PowerShell Empire
Operating Systems like Windows, Linux, and Mac
Cloud (Public, Private, Hybrid)
Your Critical Data
Windows 10 Enterprise 64 bit
Windows 10 Pro 64 bit
Windows Server 2016 Standard
VULNERABILITY SCAN VALIDATION*
Acunetix Web Vulnerability Scanner
Burp Suite Professional
IBM Enterprise Scanner
IBM Internet Scanner
IBM Rational AppScan
McAfee Vulnerability Manager (formerly McAfee Foundstone)
Microsoft Baseline Security Analyzer
Qualys Web Application Scanner
Tenable Security Center
Core Impact is an easy-to-use penetration testing tool with commercially developed and tested exploits that enables your security team to exploit security weaknesses, increase productivity, and improve efficiencies.
Replicate Attacks to Find Security Gaps and Test Defenses
Core Impact gives you visibility into the effectiveness of your defenses and reveals where your most pressing risks exist in your environment. This enables you to assess your organization’s ability to detect, prevent, and respond to real-world, multi-staged threats against your infrastructure, applications, and people.
Validate Remediation Effectiveness
Re-test exploited systems after a penetration test to verify that remediation measures or compensating controls are effective and working.
Test People and Processes
Red and Purple teams can evaluate your security posture using the same techniques employed by today’s cyber-criminals by replicating attacks that reveal how chains of exploitable vulnerabilities open paths to your organization’s mission-critical systems and data.
Red and Purple teamers can put their teams to the test by measuring their ability to identify attacks, track, and validate their effectiveness of processes and procedures.