If we had to describe Core Impact in just a few words we would have to say: serious vulnerability and penetration testing. This product is the ultimate tool for finding and exploiting possible holes in a network. Features include the ability to gather information about network assets, attack those assets and try to penetrate possible holes, gather local information through penetration, and finally, attempt to use the information to gain access to resources.
This product has come a long way in ease of use since we first reviewed it a few years ago. The installation is still basically the same, guided by a short wizard, which installs not only the product itself, but also WinPcap. After installation is complete, the product can be easily updated with all the new exploits in just a few minutes, and it is ready to go. The biggest change is in the user interface. This completely redesigned interface is much less crowded and more intuitive to use, and it's much easier than before to setup advance features of the product.
Core Impact provides some serious testing capabilities. Unlike many other products, which just give long lists of possible vulnerabilities, this product finds vulnerabilities, but then tries to exploit them and gain access to resources. This provides the ability to prioritize real holes above ones that really do not pose a significant threat. Core also releases new exploits very often, so the product is always kept at the forefront of new and emerging threats and vulnerabilities.
Included with this product is a full user guide. This guide contains all product information - from initial setup through using the product and product features. We found this documentation to be well organized and easy to follow.
Customers who purchase this tool, get product support, training and exploit updates included with their license.
At a price of $30,000, this product may seem like a big bite to take, but we have found it to be one of the most comprehensive tools we have used here at the SC Lab. Core Impact provides a full picture of all possible holes in not only network assets, but also web applications and other remote exploits. We find this product to be an excellent investment for almost any enterprise.
