Getting Started with Core Impact | Glossary of Key Terms

Here are some key terms you should know when using Core Impact

Workspaces
Individual projects in Impact are grouped into a structure called a workspace. Each workspace exists independently of each other. Information within a workspace can be imported or exported, as well as shared via Impact's teaming functionality. 

Agents
Impact uses the term Agent in two different, but overlapping, ways.The most common way is that of the binary agent, where agent refers to the software payload or implant that is deployed via an exploit or other means onto a target system. The secondary way is to denote an interface by which a penetration tester can manipulate another system via Impact.

Entities
Inside of Impact, most objects of interest, like hosts, identities, web pages, etc are represented as entities. Information that is useful about these entities are stored as a group of properties. To help with organization, properties can be nested.

Hosts
Hosts are the mainstay of any penetration test with Impact, and are the type of entity that you will be interacting with most frequently. They are most typically created by the Information Gathering Rapid Pentest functionality, but they can also be created manually. Properties on a host can be edited manually by right-clicking on the host, and selecting properties. 

Vulnerabilities
When Impact identifies an issue that is reportable, a special class of entity called a Vulnerability is created. Information including the CVE (if known), and if it was successfully exploited will be attached for reporting purposes. The ability to create Vulnerabilities is also exposed via libraries, so if you extend Impact's functionality with your own code, you have the ability to create Vulnerabilities as well. 

Modules
Most Impact functionality and all of Impact's exploits are build as standalone programs called Modules. Impact's modules are written in the Python programming language. Modules can be run as part of automations, scripted as part of Macros, or run individually. Parameters can be adjusted to change the behavior of individual modules based on the needs of the operator.