Core Impact Professional
Strengths: Powerful penetration testing and vulnerability scanning with a lot of automation options
Weaknesses: Nothing that we found
Verdict: Typical Core Security quality. We’ve used this product extensively and never been disappointed. Best Buy
The people at Core Security are at it again. We found this version of the product to contain more automation, more wizards and more options than previous versions we have tested. For those that are unfamiliar with this tool, Core Impact is quickly becoming the standard in penetration testing and vulnerability scanning. It features many types of penetration tests, including network-based and remote host-based, as well as many other tools, including Wi-Fi network and web-based penetration tests.
When we first saw this solution a few years ago, it was small and simple to install. Installation took just a few minutes and was run from an executable installer. As the solution has grown over the years, it has gained a lot of functionality, but it is still just as simple to install and use. The installation package, as well as the decryption key needed to open it, was delivered as a download via our email. Once we downloaded the installer and decrypted it using the decryption key, we were taken through a short installation wizard to configure some basic settings for installation - and that was it. The installer took care of implementing all of the necessary components, including Microsoft SQL Server Express and the Crystal Reports engine.
Once installation was complete, we launched into the application and found that the interface still has pretty much the same modular layout, but with one big difference. Ready to use straightaway were quite a few wizard-based options for many types of penetration test.
Along with the many wizards and automation features, this solution has come a long way over the years in vulnerability scanning. When Core Impact was in its early stages, it was basically a penetration tool and not much more. That has changed significantly. It can now run vulnerability- and risk-based assessment scans, as well as validate results from many other scanners by taking the logs and outputs of those scanners and comparing them with its results. This offers - from one application - a full overview of the entire network security posture.
Documentation included a full PDF user guide, as well as a couple of supplemental reference guides. The user guide covers the product from installation through advanced use. We found this to include many screenshots along with easy-to-follow instructions and descriptions on how to use the various product features. A module reference guide features in-depth descriptions of exploit modules, as well as many integration options and operations.
Core Security offers both standard and premium support to customers with Core Impact Professional. Standard support is available at no additional cost and includes 12/5 phone- and email-based technical assistance, along with access to a customer portal that includes resources, such as a knowledgebase, user forums and user-training materials. Premium assistance offers all of this, but phone- and email-based help is available 24/7/365. This aid level requires the purchase of a plan with an annual cost of £2,250.
With a price tag of £25,000 for the software, this offering may seem quite pricey. However, we find it to be excellent value for the money based on its solid ease of use, powerful penetration and vulnerability assessment tools, and overall automation.