Leading Provider of Commercial-Grade Penetration Testing Software Builds Integration with Widely Used Open-Source Exploit Framework
BOSTON, MA – Feb. 16, 2010 - Core Security Technologies, provider of CORE IMPACT Pro, the most comprehensive product for proactive enterprise security testing, today announced that it has created a fully supported technical integration between its flagship software solution and the Metasploit open-source exploit framework.
With today’s organizations using penetration testing to strategically test their vulnerabilities and IT defenses, Core Security now offers both professional penetration testers and operational security staffers who use IMPACT Pro the ability to tap directly into the open-source functionality of Metasploit to carry out vulnerability analysis.
By providing the opportunity to use Metasploit in concert with IMPACT Pro, penetration testers will now be able to appreciate all the benefits of Core’s commercial-grade, automated solution – with its massive library of professionally developed exploits, efficient and easy-to-use interface and in-depth reporting capabilities – alongside the well known open source project.
Through the integration, testers will now be able to:
- Bring a system compromised during testing with Metasploit into the IMPACT environment and deploy an IMPACT Pro Agent. The Agent is a patented, syscall proxy payload that allows users to:
- Launch IMPACT Pro’s full range of automated penetration testing capabilities from the compromised system.
- Leverage IMPACT’s broad selection of commercial-grade exploits, plus multiple pre- and post-exploitation capabilities for in-depth, comprehensive attack replication.
- Pivot penetration tests to other systems, mimicking an attacker’s attempts at identifying and exploiting paths of weakness to backend systems and data.
- Use IMPACT Pro’s automated Rapid Penetration Test (RPT) to exploit vulnerabilities, then launch Metasploit’s db-autopwn feature and subsequently upload the results back into IMPACT Pro. This allows users with less training and expertise to view Metasploit testing information within the IMPACT environment.
“We’ve long respected the work of H.D. Moore, his team and the community of Metasploit contributors in creating a rich exploit framework that offers experienced testers a range of capabilities, and we wanted to make it easier for those who want to use Metasploit alongside CORE IMPACT Pro to do so,” said Fred Pinkett, vice president of product management at Core Security. “By offering professional testers and security staff greater ability to centralize their assessments and incorporate their Metasploit efforts into their IMPACT Pro deployments, we feel that we’re providing the market with an expanded opportunity to carry out even more inclusive and valuable penetration tests.”
The IMPACT Pro-Metasploit integration will officially arrive in the next version of CORE IMPACT Pro, due to ship from Core Security in April 2010.
“As someone who utilizes both CORE IMPACT Pro and Metasploit, it’s invaluable to see Core moving towards integrating in this way,” said Steve Shead, Director of IT & Information Security Officer and at CafePress.com. “It will give testers more scope for comprehensive testing and assessment, and another avenue of cross checking by importing Metasploit test results back into IMPACT Pro. It’s gratifying to see Core targeting their development efforts into providing automated penetration testing capabilities that are as flexible and dynamic as humanly possible; ultimately this means they listen to the needs of their customers and, more importantly, take action.”
“The integration of the Metasploit framework with IMPACT Pro will define a new era for vulnerability confirmation,” said Chris Nickerson, CEO of Lares Consulting. “Professional penetration testers and enterprises alike will now benefit from the exploits of Metasploit while being able to leverage the powerful technology and reporting of IMPACT Pro. The most reliable commercial tool blended with the bleeding edge research of the open source community will surely be a hit for all.”
Disclaimer: While IMPACT Pro is now integrated with Metasploit, Core Security cannot guarantee the reliability and predictability of Metasploit exploits used in conjunction with its solutions.
About Core Security Technologies
Core Security Technologies is the leader in comprehensive penetration testing software solutions that IT executives rely on to expose vulnerabilities, measure operational risk and assure security effectiveness. The company’s CORE IMPACT product family offers a comprehensive approach to assessing the security of network systems, endpoint systems, wireless networks, email users and web applications against complex threats. All CORE IMPACT security testing solutions are backed by trusted vulnerability research and leading-edge threat expertise from the company’s Security Consulting Services, CoreLabs and Engineering groups. Based in Boston, Mass. and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at: http://www.coresecurity.com.
Tim Whitman or Lauren O’Leary