The folks at Core Security are at it again. We found this version of the product to contain more automation, more wizards and more options than previous versions we have tested. For those that are unfamiliar with this tool, Core Impact is quickly becoming the standard in penetration testing and vulnerability scanning. This product features many types of penetration tests, including network-based and remote host-based, as well as many other tools, including Wi-Fi network and web-based penetration tests.
When we first saw this tool a few years ago, it was small and simple to install. Installation took just a few minutes and was run from an executable installer. As the solution has grown over the years, it has gained a lot of functionality, but it is still just as simple to install and use. The installation package, as well as the decryption key needed to open it, were delivered as a download via our email. Once we downloaded the installer and decrypted it using the decryption key, we were taken through a short installation wizard to configure some basic settings for installation - and that was it. The installer took care of implementing all the necessary components, including Microsoft SQL Server Express and the Crystal Reports engine. Once installation was complete, we launched into the application and found that the interface still has pretty much the same modular layout, but with one big difference: Right out of the box were quite a few wizard-based options for many types of penetration tests. Along with the many wizards and features, this solution has come a long way over the years in vulnerability scanning. When Impact was in its early stages, it was basically a penetration tool and not much more. That has changed significantly. This product can now run vulnerability- and risk-based assessment scans, as well as validate results from many other scanners by taking the logs and outputs of those scanners and comparing them with its results. This offers - from one application - a full overview of the entire network security posture.
Documentation included a full PDF user guide, as well as a couple of supplemental reference guides. The user guide covers the product from installation through advanced use. We found this to include many screen shots along with easy-to-follow instructions on how to use the product features. The other notable piece is the module reference guide. This features in-depth descriptions of exploit modules, as well as many integration options and operations.
Core Security offers both standard and premium support to customers with Impact. Standard support is available at no additional cost and includes 12/5 phone- and email-based technical support, along with access to a customer portal that includes resources, such as a knowledge base, user forums and user-training materials. Premium assistance offers all this, but phone- and email-based support is available 24/7/365. This aid level requires the purchase of a plan with an annual cost of $3,600.
With a price tag of $40,000 for the software, this offering may seem quite pricey. However, we find it to be an excellent value for the money based on its solid ease of use, powerful penetration and vulnerability assessment tools, and overall automation.