Core Impact

Core Impact

Using Impact has allowed our consultants to save both time and effort in carrying out testing, as it gives us the ability to handle more customers without adding new staff. It also provides us with increased capabilities for filtering our clients data to differentiate between simple patching issues and serious vulnerabilities that need special attention.

Core Impact simplifies testing for new users and allows advanced users to efficiently execute common tasks. This saves significant time versus manual testing, while providing a consistent, repeatable process for testing infrastructure.

Benefits of Web Application Testing with Core Impact

  • Exposed systems due to compromised perimeter defenses

  • What OS and services vulnerabilities pose actual threats to your network

  • How privileges can be escalated on compromised systems

  • What information could be accessed, altered or stolen

  • What systems are vulnerable to denial of service attacks

  • How trust relationships could expose additional systems to local attacks

Product Overview

    Multi-Threat Surface Investigation

  • Core Impact is the only solution that empowers you to replicate multi-staged attacks that pivot across systems, devices and applications, revealing how chains of exploitable vulnerabilities open paths to your organization's mission-critical systems and assets.

    Multi-Threat Surface Investigation

  • Core Impact offers a stable, up-to-date library of commercial-grade exploits and real-world testing capabilities. Core routinely delivers 30+ new exploits and other updates each month–all professionally built and tested by in-house researchers and developers.

    What-If attack Analysis

  • Demonstrate and document the severity of exposures by replicating how an attacker would compromise and interact with vulnerable systems and revealing at-risk data.


  • Multiple security testers now have the capability to interact in the same workplace against the same environment across multiple copies of Core Impact. This capability provides a common view of discovered and compromised network targets.


  • Confirm exploitable vulnerabilities to plan remediation efforts

  • View metrics that illustrate the efficacy of layered defenses

  • Validate compliance with government and industry regulations

  • Remediation validation reporting capabilities

    Network Penetration Testing

  • Gather network information and build system profiles

  • Identify and exploit critical OS, device, service and application vulnerabilities

  • Replicate attacker attempts to access and manipulate data

  • Leverage compromised systems as beachheads to attack other network resources through VPN and proxy pivots

    Client-Side Testing of End Users and Endpoints

  • Crawl sites, search engines etc. for potential target information

  • Leverage a variety of templates or create custom phishing emails

  • Use client-side exploits to test endpoint system security, assess defenses and pivot to network tests

  • Test security awareness with or without exploiting systems

    Identity Discovery and Password Cracking

  • Discover Windows NTLM hashes and attempt to determine plain text passwords for those hashes

  • Discover identities: usernames, passwords, Kerberos tickets/ e-keys and SSH keys

  • Utilize learned identities as part of multi-vector tests

  • Automatically take control of systems via weak authentication manually or with the rapid penetration test wizard (RPT)