The Wayback Machine - https://web.archive.org/web/20110831002603/http://www.coresecurity.com/content/core-impact-overview
info@coresecurity.com | +1.617.399.6980   Core Blog Core Blog Twitter LinkedIn
Products
SHARE
CORE IMPACT Pro
Replicate Real-World Attacks and Reveal Critical IT Security Exposures with CORE IMPACT Pro Penetration Testing Software



CORE IMPACT Pro is the most comprehensive software solution for assessing the real-world security of:

Backed by Core Security’s ongoing vulnerability research and leading-edge threat expertise, IMPACT Pro allows you to take security testing to the next level by safely replicating a broad range of threats to your organization’s sensitive data and mission-critical infrastructure – providing extensive visibility into the cause, effect and prevention of data breaches.

Click below to see how CORE IMPACT Pro answers critical questions about your IT security posture.

Identify and Validate Vulnerabilities across Your Diverse Environment

CORE IMPACT Pro replicates sophisticated data breach threats that target and traverse security weaknesses throughout your diverse environment. With IMPACT, you can assess your organization’s IT security posture in the same way an attacker would:

  • profile systems in a stealthy, low-impact way – mimicking the evasive techniques of an actual attack
  • exploit vulnerabilities in network systems, web applications, client-side systems, wireless networks, and network devices
  • gain root (administrator) access on a compromised system through privilege escalation
  • reveal the implications of an attack by replicating an attacker’s attempts to access and steal or manipulate data on compromised systems
  • pivot among multiple vulnerabilities following paths of exposure across different systems and infrastructure layers to access critical assets
  • generate reports containing actionable data about critical exposures, at-risk systems and data, and remediation recommendations
  • re-test to ensure the efficacy of patches and other remediation

Click image to zoom

Core Security’s CORE IMPACT Pro software enables you pivot security assessments between different IT layers.

Maintain Precise Control over Penetration Tests - or Go Automated

CORE IMPACT’s users include everyone from operational security staff to red team penetration testers. The product offers multiple methods of interaction for different types of users, including:

  • Wizard-driven Rapid Penetration Tests: automate all steps of the pen testing process
  • Manual capabilities: programmatically interact with specific exploits and other modules for more granular control
  • One-step testing: “set it and forget it” capabilities for running scheduled network, client-side, and web application tests
  • Automatic, scheduled testing: run one-step tests on a repeated basis
  • Macros: automate custom testing workflows
  • Module customization: all modules are written in Python and user-customizable
  • Module creation: write your own Python exploits and other modules, which IMPACT can then integrate into the testing process

Rely on a Truly Commercial-Grade Penetration Testing Solution

Since 2001, CORE IMPACT has evolved to offer the deepest level of professionally developed and updated penetration testing capabilities available today. CORE IMPACT…

  • tests for threats to web applications, network systems, endpoints, email users, wireless networks, and network devices
  • has always been built in-house by experienced researchers, exploit writers, and product engineers
  • undergoes intensive, nightly QA testing
  • is updated as threats evolve (~20-30 new and updated exploits per month)
  • features a broad array of pre- and post-exploitation capabilities
  • targets a wide range of operating systems, services and applications

Leverage the Broadest and Deepest Commercial-Grade Penetration Testing Capabilities Available

Client-Side Penetration Testing of Endpoints and End Users

CORE IMPACT Pro makes it easy for you to test the security of endpoint systems and the effectiveness of security awareness programs. The software guides you through every step of testing end-user susceptibility to social engineering threats and assessing endpoint systems for critical vulnerabilities.

  • Crawl websites, documents, search engines, and PGP and Whois databases for email addresses.
  • Leverage pre-built email templates for common types of phishing attacks, or create custom spear phishing emails.
  • Use client-side exploits to test endpoint applications, security solutions, operating systems and services.
  • Test security awareness without running exploits by tracing email clickthroughs & data leakage through web forms.
  • Replicate multistaged attacks by pivoting against backend networks after compromising endpoint systems.

Mobile Device Penetration Testing

IMPACT PRO enables you to assess the exploitability of smartphones and other mobile devices using real-world attack techniques including phishing, web form impersonation, fake wireless access points, and wireless man-in-the-middle attacks.

  • Identify and prove critical data breach exposures created by mobile devices in your environment
  • Evaluate the security of new mobile technologies prior to deployment
  • Get actionable data required to mitigate financial, operational and reputational risks
  • Access and manipulate call and text logs, GPS data, and contact entries
  • Protect end users from defamation, fraud and blackmail

Network Device Penetration Testing

Network routers present a key area of concern for today’s IT security organizations because of their highly strategic role in isolating sensitive systems from unauthorized access. IMPACT Pro’s network device penetration testing features enable you to identify, access and reconfigure routers, mimicking an attacker on one network trying to uncover and target other networks that are otherwise undetectable.

  • Scan IP ranges for network devices and gather identifying information, such as manufacturer, model and OS.
  • Exploit configuration vulnerabilities and verify access through configuration retrieval, password cracking, access list piercing, and interface monitoring capabilities.

Network Penetration Testing

CORE IMPACT Pro offers a full range of network penetration testing capabilities that make it easy to regularly conduct security assessments as network systems are added and modified, as vulnerabilities are discovered, and as new attack techniques emerge.

  • Gather system information via Network Discovery, Port Scanner, and OS and Service Identification modules.
  • Identify critical OS, service and application vulnerabilities with an updated library of Commercial-Grade Exploits.
  • Import and validate the exploitability of results from popular network vulnerability scanners - with no false positives.
  • Demonstrate the consequences of a breach by replicating an attacker’s actions after the initial compromise.
  • Emulate multistaged threats that leverage compromised systems to attack additional backend network resources.
  • Run tests without installing modules on compromised systems, or altering them in any way.
  • Generate reports for prioritizing remediation, demonstrating security improvements, and addressing regulations.

Web Application Penetration Testing

By revealing where and how a data breach could unfold and by exposing at-risk information assets, IMPACT enables you to work with developers to confidently plan remediation efforts and avoid unnecessary code changes for both new and existing applications.

CORE IMPACT Pro enables you to test web applications for the following vulnerabilities:

  • Persistent Cross-Site Scripting (XSS)
  • Reflective Cross-Site Scripting (both for static HTML and Adobe Flash® objects)
  • SQL Injection
  • Blind SQL Injection
  • Remote File Inclusion for PHP applications
  • Remote and Local File Inclusion for PHP applications
  • Cross-Site Request Forgery (CSRF)
  • OS Command Injection
  • Unvalidated redirects and forwards

Additional capabilities include evading web application firewalls, revealing weak levels of HTTPS encryption, identifying hidden web pages, and combing robots.txt files for sensitive URLs.

  • Identify weaknesses in web applications, web servers and associated databases – with no false positives.
  • Address all of the top ten web applications risks ranked by the Open Web Application Security Project (OWASP).
  • Dynamically generate exploits that can compromise security weaknesses in custom applications.
  • Import and validate the exploitability of results from popular web application vulnerability scanners.
  • Demonstrate the consequences of a successful attack by replicating local attacks against backend resources.
  • Get actionable data necessary for focusing development resources on remediating proven security issues.
  • Confirm the efficacy of application code fixes and ensure that they do not create additional exposures.

Wireless Network Penetration Testing

Fully integrated with the software’s established network, web application and client-side testing capabilities, IMPACT’s wireless penetration testing capabilities allow IT security managers to identify at-risk WiFi networks, crack encryption, and trace attack paths from initial points of wireless exposure to backend resources – gaining information at each step for efficient and effective risk mitigation.

  • Discover both known and unauthorized WiFi networks, and identify network strength and security protocols.
  • Replicate attacks against WEP, WPA and WPA2-encrypted networks.
  • Gather information about systems connected to networks, as well as those that are beaconing for default SSIDs.
  • Conduct Man-in-the-Middle attacks, intercept wireless transmissions, and insert exploits into relayed traffic.
  • Impersonate access points to connect with beaconing systems and test them against remote exploits.
  • Generate comprehensive reports of wireless testing activities and findings.
  • Seamlessly pivot from initial wireless exploitation to subsequent network, web application and client-side attacks.