Core Impact's Rapid Penetration Tests

Accessible automations designed to
optimize the use of your security resources

Core Impact’s Rapid Penetration Tests (RPTs) are intuitive wizards that enable testers to swiftly discover, test, and report in just a few simple steps. By leveraging RPTs, testers can maximize their time, elevate their skills, and safely execute tasks on a variety of targets.

Rapid Pen Test Categories

RPTs can be completed across three different vectors:


Uncover and exploit security weaknesses within your infrastructure. These tests target hosts, IPs, or different operating systems attached to the architecture. Examples include servers or network devices.

Client Side

Test the strength of your users with social engineering attacks. These tests focus on end user interaction, using phishing emails to gain access to applications on an employee workstation.

Web Application

Assess the security of web applications by targeting web pages and urls. These tests monitor for the OWASP Top 10 Web Application Security Risks, which include injection flaws, broken access control, misconfigurations, and more.


Each of these vectors have their own set of RPTs, which can be used individually, or chained together for a more comprehensive evaluation. 

Network RPTs

Network Information Gathering

Network Information Gathering provides information on possible targets, making it easier to deploy attacks. Options for this group of modules include network discovery, port scanning, OS identification, and service identification. Third party vulnerability scanner data can also be imported for additional information.


Client-Side RPTs

Information Gathering

The Information Gathering RPT harvests email addresses that are visible from the Internet as well as the organizational intranet. This RPT can uncover these addresses in several ways: crawling the organization’s public facing website, search engines, LinkedIn, or server entries (PGP, DNS, WHOIS). Gathering email addresses from the Internet provides visibility into how widely available these addresses are to attackers.


Web Application RPTs

Information Gathering

This RPT scans the domains of web-based applications, and can identify potentially vulnerable pages or services. This RPT not only scans known web applications, it can also discover web applications on running HTTP servers.


One Step RPTs


Core Impact also provides one-step network and web application tests that runs a complete test in a single step, then provides detailed reports of the test's findings.

Vulnerability Tests

Report Generation


Each vector also has the ability to auto generate reports, which detail both what tests were run and their findings. Core Impact can produce a variety of different reports, like trend reports, full executive reports, activity reports, and more granular reports for specific types of RPTs run. These reports can be used to plan and prioritize remediation efforts, as well as proving compliance to regulations like PCI DSS, GDPR, and HIPAA. 

Get to Know Core Impact

Find out about all of Core Impact's many features like agents, phishing capabilities, reporting, and more.