Core Impact Datasheet

Core Impact

Divider text here
Penetration security testing throughout your organization 

dOWNLOAD pdf

A Penetration Testing Tool for Both New and Advanced Users

Divider text here
Core Impact simplifies testing for new users by providing intuitive, step-by-step wizards and rapid penetration tests so they can automatically gather the information they need. Advanced users can efficiently execute common tasks, saving time while providing a consistent, repeatable process for testing infrastructure. Additionally, experienced penetration testers can take advantage of the vast functionalities available, taking full control over all aspects of the process, including editing and tailoring exploit functions to perform exactly to desired specifications for a given environment. 

Red and Purple teams can use Core Impact’s collaborative workspace to enable organizations to launch specific, targeted attacks against their IT infrastructure, revealing security weaknesses and allowing you to make improvements before facing an actual threat. 

Users of all levels can take advantage of Core Impact’s robust test safety measures. All communication between Impact and its agents are fully encrypted and authenticated, ensuring that threat actors can never hijack these pathways to use them maliciously. Additionally, all agents can self-destruct at a set time so that no back doors are left open, making for a simple, secure clean-up.

Commercial-Grade Exploits for Real World Attack Replication

Divider text here
Core Impact is the most comprehensive penetration testing solution on the market and is the only solution that empowers you to replicate multi-staged attacks that pivot across systems, devices and applications. Using a stable, up-to-date library of commercial-grade exploits, Impact reveals how chains of exploitable vulnerabilities open paths to your organization’s mission-critical systems and assets. Core Impact also allows you to re-test exploited systems to verify that remediation measures or compensating controls are effective and working.

Comprehensive Penetration Testing for Peace of Mind

Divider text here
Core Impact offers diverse testing functionality in order to provide thorough coverage and security insight so organizations know who, how, and what is vulnerable in their IT environments. 

Accurately identify and profile target internal information systems for network penetration testing. Core Impact can help exploit vulnerabilities in critical networks, systems, hosts, and devices by imitating an attacker’s methods of access and manipulating data, as well as testing defensive technologies’ ability to stop attacks. Run web application penetration tests to find weaknesses through detailed web crawling, pivoting attacks to web servers, associated databases, and backend networks to confirm exploitability. 

Easily deploy phishing campaigns for client-side and social engineering tests to discover which users are susceptible and what credentials can be harvested. Use the step by step process to create emails, select targets, and choose between browser redirects or web page clones. Customize each email to challenge users with more sophisticated emails that are harder to identify as fake. Actual emails can be imported from mail clients to increase the authenticity of the attack.

SCADA Pack Add-On Product

Divider text here
Core Security offers an add-on pack with additional SCADA and Industrial Control System exploits for Core Impact. The SCADA pack provides over 140 exploits in various SCADA and ICS that are deployed across many industries, on top of the SCADA and ICS exploits already shipped by default in Core Impact. This enhanced pack is updated with about four new exploits on average a month.

PRODUCT SUMMARY

Divider text here
KEY FEATURES
  • Intuitive testing wizards for ease of use 
  • Extensive threat library of commercial grade exploits
  • Automated cleanup with self-destructing agents
  • Multi-vector testing capabilities 
  • Teaming capabilities in collaborative workspace
  • Tailored reporting to build remediation plans
  • Integrations with other pen testing tools including Metasploit and PowerShell Empire 


PLATFORMS MONITORED
  • Operating Systems like Windows, Linux, and Mac
  • Cloud (Public, Private, Hybrid)
  • Databases
  • Web Services
  • Network Appliances
  • Software Applications
  • Your Critical Data 


SYSTEM REQUIREMENTS
  • Windows 10 Enterprise 64 bit
  • Windows 10 Pro 64 bit
  • Windows Server 2016 Standard 

VULNERABILITY SCAN VALIDATION*
  • Acunetix Web Vulnerability Scanner
  • Burp Suite Professional
  • Cenzic 
  • GFI LANguard
  • HP WebInspect
  • IBM Enterprise Scanner
  • IBM Internet Scanner
  • IBM Rational AppScan
  • McAfee Vulnerability Manager (formerly McAfee Foundstone)
  • Microsoft Baseline Security Analyzer
  • nCircle
  • Nessus
  • Nexpose
  • Nmap
  • NTOSpider
  • Patchlink VMS
  • Qualys Guard
  • Qualys Web Application Scanner
  • Retine
  • SAINT
  • STAT Guardian
  • Tenable Security Center
  • Tripwire IP360 

*A vulnerability scanner is not required to use Core Impact

See Core Impact in Action

Divider text here
Schedule a live demonstration to see how Core Impact can help your organization exploit security weaknesses, increase productivity, and improve efficiencies.
REQUEST A DEMO
© HelpSystems, LLC. All trademarks and registeredtrademarks are the property of their respective owners