Core Impact in 20 Minutes | Reporting

Core Impact reporting provides a comprehensive summary of the work completed during a penetration test in an easy, concise way. In this video, you'll learn all about Core Impact's reporting capabilities, which includes many out-of-the-box and custom options.

 

 

 

 

Penetration testers need some way to show their work in a deliverable to provide to the leadership with a concise summary of their findings. Fortunately, Core Impact has some great reporting functionality built in to streamline the process and save time.

You can generate reports from the main dashboard of Core Impact and you can select your report category including general, web application, network, and client side depending on the types of tests you conducted previously. You’ll need to make selections around the workspace if you do it from the dashboard.

Core Impact Main Dashboard for Reporting

 

Network Reports

Otherwise, you can open your workspace you want to report on. We’re assuming you’ve conducted the penetration test already and followed the RPT steps prior to this point. For this example, we’ll start on the network side by clicking “Report Generation” in the RPT steps on the left-hand side. The Report Generation Wizard screen with appear and walk you through the steps to generate the reports you need. You can export the reports into Microsoft Excel or PDF format.

Core Impact Network Report Generation Wizard Screen

If you create the report in Excel, you can make some changes as needed before finalizing it as a PDF. There are a number of different tabs included in the report and you can even customize the pictures to meet your organization’s needs.
 

Web Application Vulnerability Report

The Web Application Vulnerability report can be run on the Web Application side of the tool and includes a high level summary of the vulnerabilities that were utilized within the test and the results of the tests. The reports can also include various graphs as you need.

Core Impact Web Application PDF Report

In the report details, there are vulnerability details which highlight the specific webpages tested and the backend information, capabilities, constraints, and the type of exploit or channel used.

Core Impact Web Application Vulnerability Report

Custom Templates

You can also use Core Impact to create custom template reports. If there is something you like about a report, but want to make a change to it and not have to do it every time you run the report. You can duplicate the report and name it whatever you’d like.

Once you create the new template, you can edit it to look the way you want. Within the Excel reports, it is Pivot tables working in the backend so you can adjust the types of charts shown or the data selection. When you save all the changes you’ve made to the template, they will be kept for the next time you run the report.

Core Impact Custom Report Generation Wizard Screen

Once you have a custom template saved, you can find it in the module side under “Reports and your “User” folder.

Core Impact Network Reporting Module Screen

Client Side Reporting

From a client side perspective, you can also show who clicked on links, how many people clicked on links, and trend analysis.