Core Impact Agents

Patented technology for effective and efficient management of remote host communications

What Are Agents?


An agent is a binary implant injected into the memory or file system of a targeted or compromised remote host. Core Impact agents can be directed with an easy-to-use interface, enabling testers to execute multiple tasks including information gathering, crawling a web application, or escalating privileges. Additionally, all agents have built-in antivirus evasion techniques for maximum efficiency. All communications to and from agents are encrypted and authenticated, ensuring that the pen testing process remains secure.

With our patented Core Agents, dynamic interactions with the remote host are simple, reliable, and secure. And with several versatile agents to choose from, you’ll have the flexibility you need for comprehensive pen testing.

Types of Agents

For comprehensive testing of your entire IT infrastructure, both OS agents and logical agents are available. OS agents are used primarily for network and client side tests, while logical agents are typically deployed for web application tests.


OS Agents


OS agents operate similarly to malware, serving as a conduit to the remote host and providing access to a user seeking to exploit the target system. These agents are typically utilized in a network or a client-side test.

OS agents can be deployed in three different ways in order to suit the needs and goals of different types of pen tests.


Memory Resident

Card image cap

The memory resident agent runs within the memory space of the exploited service or application. It can run in very limited memory space (approx. 81-125kb), and because it does not interfere with the hard drive, it is very stealthy and can bypass most antivirus solutions.

If Core Impact disconnects from the agent, the service is restarted, or the system is rebooted, the agent will automatically be erased.



Logical Agents


A logical agent is primarily used for web application tests and has the ability to exploit web app vulnerabilities. There are different types of logical agents depending on what needs to be executed. Some logical agents include SQL injection, PHP file inclusion, cross site scripting, and command injection.

In certain circumstances, logical agents can be leveraged to install an OS agent that provides access to the network, and has the option to set a kill by date with the temporal agent functionality.

Chaining Agents


While the primary purpose of a Core Impact agent is to perform operations on a targeted system, agents can also perform operations on other agents. This process, known as “chaining” allows you to connect a new agent to an existing agent using its preexisting communication channel. This allows you to maintain a single connection, instead of having to create a new connection every time an agent is added. This not only streamlines the process, it also allows for more sophisticated exploits.




A local agent which lives on Core Impact’s console is typically the starting point for all attacks. However, Core Impact allows for pivoting, which means that if an agent is deployed onto a target system or device, you can set that agent as the origin point for attacks. Pivoting to remote source agents can make certain network and web apps tests more effective.

Communication Methods


Core Impact’s agents provide reliable, stable communication so tasks can be completed efficiently and effectively. Different channels are used depending on the network scenario, so Core Impact provides several options to ensure multiples areas of the infrastructure can be tested.

Additionally, a special Crypto channel is available to provide encryption, and can be layered on top of the cannel that provides communication.

Communication channels include:

  • Connect to Target (bind) – Direct connection to the target system
  • Connect from Target (reverse) – Direct connection from the target system
  • Reuse Connection – Connection through the same port used for the exploit
  • HTTPS Channel – Communication occurs through HTTP tunnel
  • DNS – Communication occurs through a domain channel
  • SQL – Communication occurs through databases

Get to Know Core Impact

Find out about all of Core Impact's many features like Rapid Pen Tests, phishing capabilities, reporting, and more.