Core Impact isn't cheap (be prepared to spend at least $30,000), but it is widely considered to be the most powerful exploitation tool available. It sports a large, regularly updated database of professional exploits, and can do neat tricks like exploiting one machine and then establishing an encrypted tunnel through that machine to reach and exploit other boxes. Other good options include Metasploit and Canvas.
For downloads and more information,
visit the Core Impact homepage.
Hi Joseph, interesting feedback; I would encourage you to look again. The product has come a long way in 12 years. It is now much easier to use, and the agent is polymorphic so generally evades AV.
If you are interested in looking at a recorded demo to see how usable it is (no registration needed) have a look here: https://www.s4apps.com/core-impact-demo/ If you want to try it and see how it works with AV, just register on that page and we will get you a trial.
I got Core Impact 12 years ago, for 8 IP.
Great prog! Anywhay is to complicated, hard to use and understand. And the agent they give is to detected by AV.
I've used most pentesting applications and this is by far the best. Metasploit is also a good, i would recommend the framework (pro is good for ease of use). Foundstone is garbage i'd stay away from it.
Nessus is also a really good VA scanner, Nexpose is good as well but for the price it isn't worth the extra money.
Intel-----Foundstone, McAfee..... is much better and has many free tools. Intel is following the
fix it and help protect the Infrastructure model. Core is just expensive and works, but at everyone's expense.
We are at the forefront of sharing and collaboration for security of all Americans. We also are focusing on giving back to the community.
I do like that it has that unified approach and pivoting capabilities. However, blended attacks from WebbApp using SQLi to Network, or WebApp DB attack to Phishing is truely amazing. As for the cost, that's no longer an issue when you have the perpetual licensing option. If you're supporting a large enterprise networks, Insight is the way to go!
The tool does what it says but for 20k for a single user license it is greatly over priced. Also the web penetration testing was less that accurate. This is a good tool for a knowledgeable pen tester in a large enterprise environment with time constraints but doesnt really fit in the small to medium markets.
Excellent multivector capabilities that allows you to very easily and quickly pivot between Email, Network, WiFi and WebApplication attacks.
Your comment
Along with your rating, you can use the comment form to post a review,
tutorial, tips and tricks, or anything else others will find useful.
If you develop this software (or work for the company), please don't rate it. You may leave a clarifying comment as long as you state your affiliation and don't specify a star rating (just leave it as “No rating”).
15
Hi Joseph, interesting feedback; I would encourage you to look again. The product has come a long way in 12 years. It is now much easier to use, and the agent is polymorphic so generally evades AV.
If you are interested in looking at a recorded demo to see how usable it is (no registration needed) have a look here: https://www.s4apps.com/core-impact-demo/ If you want to try it and see how it works with AV, just register on that page and we will get you a trial.
Not rated as we sell it.
I got Core Impact 12 years ago, for 8 IP. Great prog! Anywhay is to complicated, hard to use and understand. And the agent they give is to detected by AV.
Hi, prices for Impact start in the very low 5 digits in USD/EUR/GBP.
We are a European re-seller and would love to quote. Give us a try: www.s4apps.com
PS - I would rate this 5*, but as a re-seller that would be against the rules!!
Hi i have the core Impact Software with all options for 1 user going for 25k( neg) email: dcandeinc@gmail.com
Hi i have the core Impact Software with all options for 1 user going for 25k( neg)
I want to buy core Impact Software withh all options please quote us ASAP
I've used most pentesting applications and this is by far the best. Metasploit is also a good, i would recommend the framework (pro is good for ease of use). Foundstone is garbage i'd stay away from it. Nessus is also a really good VA scanner, Nexpose is good as well but for the price it isn't worth the extra money.
The pricing model has changed a lot over the years and lower cost options are available these days.
There are also special pricing options for pen-test consultants.
Despite the date listed, the product is updated regularly and the exploit database updates almost daily.
This is a great tool. We use it with Nessus :) http://www.gb-advisors.com/digital-security/nessus-vulnerability-scanner/
Intel-----Foundstone, McAfee..... is much better and has many free tools. Intel is following the fix it and help protect the Infrastructure model. Core is just expensive and works, but at everyone's expense.
We are at the forefront of sharing and collaboration for security of all Americans. We also are focusing on giving back to the community.
Gregg Dotoli
Definitely the best on the market, there are a lot of other security companies that offer similar testing but no way as accurate as Core Impact!
Core Impact is amazing. Absolutely the best software in the field of security but it's too expensive.
I do like that it has that unified approach and pivoting capabilities. However, blended attacks from WebbApp using SQLi to Network, or WebApp DB attack to Phishing is truely amazing. As for the cost, that's no longer an issue when you have the perpetual licensing option. If you're supporting a large enterprise networks, Insight is the way to go!
The tool does what it says but for 20k for a single user license it is greatly over priced. Also the web penetration testing was less that accurate. This is a good tool for a knowledgeable pen tester in a large enterprise environment with time constraints but doesnt really fit in the small to medium markets.
Excellent multivector capabilities that allows you to very easily and quickly pivot between Email, Network, WiFi and WebApplication attacks.