Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Core Impact?

Core Impact? 11 years 4 months ago #8533

  • GPod
  • GPod's Avatar
  • Offline
  • New Member
  • Posts: 5
  • Karma: 0
Sorry if this is in the wrong forum, wasn't 100% sure where to post it.

Has anyone here had a go with www.coresecurity.com/products/coreimpact/index.php? Its an 'automated' pen test tool but there's no trial available.

I've read some reviews but was wondering whether anyone had any hands on experience with it?

Cheers
The administrator has disabled public write access.

Re: Core Impact? 11 years 4 months ago #8549

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
I disliked the tool completely. First and foremost, there is no way to 'automate' a penetration test. The exploit collection is sufficiently limited that you're about likely to use it maybe once in 50 assignments. Admitted they had exploits for new vulnerabilities fairly early, but not early enough to justify the cost of the tool.

I also found it rather unstable, it crashed often, and (as usual) most of the time, exploits did not pull through.


You'd be far far better off with the Metasploit Framework www.metasploit.org

Considering it is:
a) GNU GPL
b) It makes exploit creation very easy using PERL
c) Modifying exploits is trivial
d) New exploits are posted as Metasploit PERL modules (just the other day the Windows Message Queuing remote exploit was released as a metasploit module)
e) It's very easy to use
f) The exploits are *very* reliable
g) The exploits are not obscure


There you go.
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.

Re: Core Impact? 11 years 4 months ago #8628

Interesting... I just watched the webinar for Core Impact this morning and I was impressed with the ease of use.
The administrator has disabled public write access.

Re: Core Impact? 11 years 3 months ago #8712

  • 's Avatar
I agree there's no way a full pen test can be automated but was looking to core impact to provide a cheap alternative to getting third party pen testers in, I realise the testing is in no way as comprehensive but was hoping it'd give more of an insight than no testing.

Sahirh by unstable do you mean it crashed locally or the targets? I've had metasploit for a while but it seems more geared towards linux / unix etc whereas our PCs are 99.9% windows based (unfortunately).

The core impact sales people tell me it has the ability to install agents on remote PCs by sending crafted emails to users. Once they open the email, if they're vulnerable impact installs a level0 agent and contacts the main console which in my case will be outside the firewall... very handy indeed if it is actually that easy.

I'm in two minds as to what to do, I just wish they had a trial version!

Cheers for the replies btw
The administrator has disabled public write access.

Re: Core Impact? 11 years 3 months ago #8731

If your not looking for a full penetration suite, but an excellent vulnerability scanner for windows check out GFI languard. I use it at my internship and it seems to keep well updated as well as easy to use(with the ability of remote vulnerability scanner agents as well). The good thing is that it comes with a trial! :-P You can check it out here . Hope this helps.
"He who breaks something to find out what it is, has left the path of wisdom."

Gandalf the Grey
The administrator has disabled public write access.

Re: Core Impact? 11 years 3 months ago #8732

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
Hey Gpod2,

For the price you're gonna pay for Core Impact, you could get yourself a properly done security assessment by professional hackers.

Contact me if you want more info.


Cheers mate,
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.084 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup