Skip to main content

Core Impact?

More
19 years 6 months ago #8533 by GPod
Core Impact? was created by GPod
Sorry if this is in the wrong forum, wasn't 100% sure where to post it.

Has anyone here had a go with www.coresecurity.com/products/coreimpact/index.php ? Its an 'automated' pen test tool but there's no trial available.

I've read some reviews but was wondering whether anyone had any hands on experience with it?

Cheers
More
19 years 6 months ago #8549 by sahirh
Replied by sahirh on topic Re: Core Impact?
I disliked the tool completely. First and foremost, there is no way to 'automate' a penetration test. The exploit collection is sufficiently limited that you're about likely to use it maybe once in 50 assignments. Admitted they had exploits for new vulnerabilities fairly early, but not early enough to justify the cost of the tool.

I also found it rather unstable, it crashed often, and (as usual) most of the time, exploits did not pull through.


You'd be far far better off with the Metasploit Framework www.metasploit.org

Considering it is:
a) GNU GPL
b) It makes exploit creation very easy using PERL
c) Modifying exploits is trivial
d) New exploits are posted as Metasploit PERL modules (just the other day the Windows Message Queuing remote exploit was released as a metasploit module)
e) It's very easy to use
f) The exploits are *very* reliable
g) The exploits are not obscure


There you go.

Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
More
19 years 5 months ago #8628 by prestigecomputers
Replied by prestigecomputers on topic Re: Core Impact?
Interesting... I just watched the webinar for Core Impact this morning and I was impressed with the ease of use.
  • Visitor
  • Visitor
19 years 5 months ago #8712 by
Replied by on topic Re: Core Impact?
I agree there's no way a full pen test can be automated but was looking to core impact to provide a cheap alternative to getting third party pen testers in, I realise the testing is in no way as comprehensive but was hoping it'd give more of an insight than no testing.

Sahirh by unstable do you mean it crashed locally or the targets? I've had metasploit for a while but it seems more geared towards linux / unix etc whereas our PCs are 99.9% windows based (unfortunately).

The core impact sales people tell me it has the ability to install agents on remote PCs by sending crafted emails to users. Once they open the email, if they're vulnerable impact installs a level0 agent and contacts the main console which in my case will be outside the firewall... very handy indeed if it is actually that easy.

I'm in two minds as to what to do, I just wish they had a trial version!

Cheers for the replies btw
More
19 years 5 months ago #8731 by cybersorcerer
Replied by cybersorcerer on topic Re: Core Impact?
If your not looking for a full penetration suite, but an excellent vulnerability scanner for windows check out GFI languard. I use it at my internship and it seems to keep well updated as well as easy to use(with the ability of remote vulnerability scanner agents as well). The good thing is that it comes with a trial! :-P You can check it out here . Hope this helps.

"He who breaks something to find out what it is, has left the path of wisdom."

Gandalf the Grey
More
19 years 5 months ago #8732 by sahirh
Replied by sahirh on topic Re: Core Impact?
Hey Gpod2,

For the price you're gonna pay for Core Impact, you could get yourself a properly done security assessment by professional hackers.

Contact me if you want more info.


Cheers mate,

Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Time to create page: 0.132 seconds