One of our favorite tools is back this year and it's better than ever. Core Impact Pro 8 is the ultimate tool in vulnerability assessment and penetration testing. It provides a comprehensive suite of features gathered in one place. This product can be used to scan and exploit systems using multiple modules for information gathering, exploitation, local information gathering, privilege escalation, pivoting, and clean-up and reporting. This tool also deploys agents that run in the target's memory if a target can be exploited.
This product is still a simple install; however, because of added functionality, it has taken on a few new dependencies. The installations of the past only required that WinPcap needed to be installed. Now the installation prerequisites include installation of the .NET Framework and Microsoft SQL Server. After the prerequisites are installed, the installation of the product is simple and, guided by an installation wizard, takes only a few minutes.
This console has also been renewed and refreshed in v8. The look of the interface is much cleaner and more organized than in past versions. There is also a lot more automation included in this version, including a specialized vulnerability scanning test. However, the old feature of the wizard-based step-by-step scan is still there. This step-by-step process allows users to discover and scan the network quickly and to try and penetrate targets.
The documentation includes a PDF user guide that covers the tool from installation through using features and advance configuration. This guide is well organized, easy to follow and includes many screen shots, examples and step-by-step instructions.
Core provides technical support via phone and email. All customers also have access to an online support portal consisting of FAQs, forums, a searchable knowledge base, training videos, case management and various other resources.
At an annual cost of $30,000, this product may seem expensive, but we find it to be an excellent value for the money. Core Impact Pro 8 provides highly specialized and sophisticated end-to-end vulnerability and penetration testing across the enterprise.