Core Impact Reporting

Automated pen testing reports that provide the
details needed to take your next steps


Robust reporting capabilities are a critical part of Core Impact’s centralized toolset, as pen test reports are used to plan and prioritize remediation efforts, as well as prove compliance for regulations like PCI DSS, GDPR, and HIPAA. 

Manual pen test reporting can be a time-consuming effort that varies in details and quality. Core Impact’s automated reporting features ensure consistency and increase efficiency, creating a thorough record for all aspects of a pen testing engagement.

Reporting Categories and Formats

A number of reports, including the executive summary, cover all three vectors, and are classified under general reports. There are also vector specific reports covering the three types of pen tests that Core Impact performs:

Left Column


These reports cover tests that target your infrastructure, like hosts, IPs, or different operating systems attached to the architecture.

Middle Column
Leveraging Phishing to Measure Security Awareness


These reports cover social engineering tests, targeting end user interaction through the deployment of phishing emails.

Right Column
Browser pivot

Web Applications

These reports cover tests of web applications targeting web pages and urls while monitoring for the OWASP Top 10 Web Application Security Risks.


Reports are typically formatted as spreadsheets, with some offering charts and graphs that can be tailored as needed. Final versions of reports can also be generated as pdfs to deliver to clients or stakeholders.

General Reports

Executive Report

This summary report fully covers every pen testing activity Core Impact completed throughout an engagement, along with the test results. Data includes summaries of:

  • Exploited vulnerabilities
  • Discovered hosts and network devices
  • Targeted users
  • Most exploited vulnerabilities by operating system
  • Most exploited vulnerabilities overall


Network Reports

Network Report

This report provides details about hosts that were discovered and any vulnerabilities that were successfully exploited.


Client-Side Reports

Client-Side Penetration Test Report

This report includes detailed summaries of client-side pen tests, including attack types, exploits used, and email messages sent to deliver attacks or link them to a malicious site.


Web Application Reports

Web Apps Executive Report

This summary report provides the information obtained during the pen test, including discovered hosts, compromised vulnerabilities, and executed tasks.





The MITRE ATT&CK framework is a matrix of tactics and techniques used by real-world threat actors that has become a standard in defensive security, helping cybersecurity professionals create threat models to better prepare against risks that threaten the safety of critical data. Core Impact offers two reporting types that map and categorize engagements in MITRE.


The ATT&CK Navigator Report

Based on the techniques executed during an engagement, this report uses the MITRE layer to classify and prioritize risk, and includes the option of exporting results with the ATT&CK Navigator JSON format.

Reporting with the Plextrac Integration

Business report icon


Gather all your pen testing data in one place. With Core Impact’s integration with Plextrac, you can collect reporting information from vulnerability scanners and any other tools used during your pen test, consolidating the information so it can be shared as one comprehensive report.

Get to Know Core Impact

CTA Text

Find out about all of Core Impact's many features like agents, phishing capabilities, reporting, and more.