# Core Impact Reviews **Vendor:** Fortra **Category:** [Penetration Testing Tools](https://www.g2.com/categories/penetration-testing-tools) **Average Rating:** 4.2/5.0 **Total Reviews:** 25 ## About Core Impact Core Impact is an easy-to-use penetration testing tool with commercially developed and tested exploits that enables security teams to exploit security weaknesses, increase productivity, and improve efficiencies. With guided automation and certified exploits , this powerful penetration testing software enables you to safely test your environment using the same techniques as today's attackers. Core Impact gives you visibility into the effectiveness of your defenses and reveals where your most pressing risks exist in your environment. This enables you to assess your organization’s ability to detect, prevent, and respond to real-world, multi-staged threats against your infrastructure, applications, and people. Organizations can rely on Core Impact to measure their ability to identify attacks, track, and validate their effectiveness through a variety of approaches, including: - Demonstrating what vulnerabilities surfaced from scanners are truly exploitable, revealing how chains of exploitable vulnerabilities open paths to your organization’s mission-critical systems and assets. - Re-testing exploited systems to verify that remediation measures or compensating controls are effective and working. - Simplifying testing for new users by providing intuitive, step-by-step wizards and rapid penetration tests so they can automatically gather the information they need. - Deploying phishing campaigns for social engineering tests to discover which users are susceptible and what credentials can be harvested. Core Impact’s Key Features Include: · Guide Automation and Patented Agents · Certified Exploits · Reporting and Visibility · Programmable Self-Destruct & Error Prevention · Teaming, Automated Retesting, and Validation Core Impact is also interoperable with Vuln Scanners, like Fortra VM, and Red Team Tools such as Cobalt Strike and Outflank OST. View our product bundles https://www.coresecurity.com/products/bundles. Learn more at https://www.coresecurity.com/products/core-impact ## Core Impact Reviews ### 1. Good tool for technical folks who are not exerienced in pentesting **Rating:** 2.0/5.0 stars **Reviewed by:** Verified User in Computer & Network Security | Small-Business (50 or fewer emp.) **Reviewed Date:** January 19, 2021 **What do you like best about Core Impact?** The GUI interface and being able to drag attacks to run against hosts and groups. I also like the ability to search modules by CVE and name. **What do you dislike about Core Impact?** For a pentesting suite to be useful, it must have the ability to create a command-and-control session that can be customized to get through/past modern controls. The Core agent and it's command-and-control sessions are easily detected and blocked. With enough customization, we have success with Cobalt Strike HTTPS and DNS beacons. If Core Impact could automate the creation and customization of malleable and signed agents that bypass controls, it would get a 10/10. Licensing has become difficult do to the many acquisitions of Core Security and Core Impact. I have not been able to access my software in several months! **What problems is Core Impact solving and how is that benefiting you?** Core Impact no longer solves problems for our pentesting team, but we continue to keep a copy as "tool in the arsenal". ### 2. Great tool for security audits. **Rating:** 5.0/5.0 stars **Reviewed by:** mark l. | CISO, Small-Business (50 or fewer emp.) **Reviewed Date:** April 21, 2021 **What do you like best about Core Impact?** The functionality with this tool is among the best in the industry. The sales team is very knowledgeable and the documentation is easy to understand. Exceptional enterprise security tool! **What do you dislike about Core Impact?** No dislikes to date! I have had alot of issues with standing up software from other vendors in our environment. Never had any issues standing up Core Impact! **Recommendations to others considering Core Impact:** None. Great product **What problems is Core Impact solving and how is that benefiting you?** We use Core Impact to perform security audits against our customer environment. We can perform a number of exploits that are out of the box or that we customize. This is very useful for compliance for the customers we serve. ### 3. Overpriced, average, and riddled with issues **Rating:** 2.5/5.0 stars **Reviewed by:** Verified User in Computer & Network Security | Small-Business (50 or fewer emp.) **Reviewed Date:** September 15, 2021 **What do you like best about Core Impact?** Core impact succeeds when it comes to its interface. Navigation and finding specific exploits to use are as easy as it gets. **What do you dislike about Core Impact?** The price is absurd; 12 grand is way too much, and at that point, stick with a better tool like Metasploit pro. The agents deployed onto devices never stay connected more than a day, and the persistent agents are actually persistent about half the time. I found many modules to be very specific to work, and most have no documentation on how to use them, forcing me to create numerous support tickets. If the application is open for more than a few days, it has to be rebooted else its impossible to use with the slowness. (Yes, it is installed correctly). It was given, 6 vCPUs ,16GB RAM ,1TB SSD, and it somehow finds a way to hang and freeze. The third-party Metasploit modules work better than all the built-in core impact modules. The core impact vulnerability scanner finds nearly nothing while using a free open source scanner such as openvas gives better results. We actually drop the openvas results xml to use into core impact instead of the built-in one or the built-in nmap they use as well. The web application portion is very very bad. It is probably the worst part of Core impact. Any web penetration tests we need we stick with ZAP because it is way better, and its free. Overall the Core Impact application is over priced, lacks documentation, functions when it wants to , is only useful due to third party portions it has, and lacks a functioning web application penetration test portion. This tool is worth at most 2-3 grand. **What problems is Core Impact solving and how is that benefiting you?** Most problems were not solved by Core Impact and were solved by exploiting by hand using Metasploit. **Official Response from Kelsey Arhart:** > Thanks for sharing your feedback. We’re sorry your experience hasn’t quite matched your expectations of the product and we appreciate you bringing it to our attention. If there are additional Core Impact modules and topics you’d like to see added to the video training library, please submit your ideas using the form at the bottom of the training page here: https://www.coresecurity.com/support/training/core-impact. We are continually using customer feedback to help make Core Impact better and would like the opportunity to talk with you to get some more insight into your experience. Since this review was anonymous, please feel free to reach out to your account representative or email info@helpsystems.com to set up a time for us to connect. ### 4. I like it **Rating:** 4.5/5.0 stars **Reviewed by:** Nguyen H. | Security Researcher, Small-Business (50 or fewer emp.) **Reviewed Date:** March 26, 2021 **What do you like best about Core Impact?** On the plus side, Core Impact has a friendly interface and very easy to use for newbies. It alone can do many different tasks in pentesting from scanning to attack, ... and packaging everything in one RPT process. Core Impact has a lot of attack modules on many different platforms, it gets updated quite frequently and quickly. I like the feature of installing agent on the server through services such as SSH, SMB, ... white box testing is much more effective. I have not had a chance to use the SCADA module to evaluate it, however I see the module updates exploiting the vulnerability so this platform is a lot, Recently there are additional modules for medical devices, but I think few people dare to pentest these systems, lmao^^! . Core Security has a very enthusiastic support team, very satisfied with them. **What do you dislike about Core Impact?** On the downside, the ability to exploit web vulnerabilities is really bad, I feel like Core Security doesn't focus too much on this vector. Sometimes, modules that exploit new CVE vulnerabilities are updated very slowly, normally you can see an update update for CVE vulnerabilities from 2017,2018. Wireless network testing can only perform MITM attack, I expect more with this feature. **Recommendations to others considering Core Impact:** This is a good tool, but you will have to consider its cost. The ability to work with the network is great, but the web is not **What problems is Core Impact solving and how is that benefiting you?** Core Impact makes my work more convenient, and my system more reliable. ### 5. Very good product and customer support **Rating:** 4.5/5.0 stars **Reviewed by:** Devam S. | Chief Information Security Officer, Enterprise (> 1000 emp.) **Reviewed Date:** March 19, 2021 **What do you like best about Core Impact?** Initially there were some problems with the installation of Core Impact but help from the support team was good and our account manager also gave waiver for those months. We are really satisfied with the services we received from the team. Core impact, product is one of the best product to conduct automated penetration testing. We saved a lot of time and able to automate many penetration testing use cases. In addition to automation of the use cases, we are now able to do infrastructure level penetration testing with the help of fresh graduates from the colleges. Basically, infrastructure penetration testing requires really in-depth knowledge of each of the area of information security and finding out such professionals are really difficult in the market. With the defined use cases in the core impact, anyone with the basic knowledge of information security can perform network and infrastructure level penetration testing. **What do you dislike about Core Impact?** As such every thing is good but if you ask to provide feedback or suggestion, then I recommend to update installation guide properly. We faced a lot of issues while installing the product on ourselves, although all the issues were resolved when we connected the support team. As we were not able to complete installation based on the steps written on the available guide, it delayed some of our projects. **Recommendations to others considering Core Impact:** Core impact is a really good tool to do automated penetration testing. It saves a lot of time of human resources. **What problems is Core Impact solving and how is that benefiting you?** 1. Automation - we save a lot of time and we are able to create our own playbooks to perform some of the repetitive penetration testing tasks. 2. In depth exploitation - There are a lot of chances to forget some of the things while exploiting with Metasploit and Kali but here all the use cases are there and you just need a click to perform all the use cases. ### 6. Great for those quick engagements **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Telecommunications | Enterprise (> 1000 emp.) **Reviewed Date:** October 18, 2021 **What do you like best about Core Impact?** I use the "rapid penetration test" funcionality alot just to give servers a quick sanity check. Product's comprehensive exploit database and speedy updates are also appreciated. **What do you dislike about Core Impact?** The tool can be a little bit noisy. Now that Cobalt Strike is also under the same roof, I would love to see a new product that integrates the best of both worlds. **What problems is Core Impact solving and how is that benefiting you?** The tool is helping us exploit various vulnerbailities as well as give envrionments a quick sanity check using the RPT functionality. ### 7. Amazing Product from an Amazing Company **Rating:** 5.0/5.0 stars **Reviewed by:** Kaushal K. | President, Small-Business (50 or fewer emp.) **Reviewed Date:** April 23, 2021 **What do you like best about Core Impact?** The product is excellent, and the support we have received phenomenal. Questions are not only answered, but taken further to make our use of the product even better. This is a comprehensive product that really does absolutely everything! **What do you dislike about Core Impact?** Not a huge downside, but the reporting capabilities aren't as clean as I would like. We like to move things into our own format for reporting and we don't see a great way of doing that. Also, the reporting shows more than what the screens seem to show when running the product. **What problems is Core Impact solving and how is that benefiting you?** Penetration testing - both external and internal. We are planning on integrating it with the WiFi Pinneaple as well to see what its wireless penetration testing functionality is. ### 8. Core Impact Pro **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Higher Education | Mid-Market (51-1000 emp.) **Reviewed Date:** September 01, 2021 **What do you like best about Core Impact?** Ease of use, navigation and integration. **What do you dislike about Core Impact?** I hope they support installing it on Linux. **Recommendations to others considering Core Impact:** If you are looking for a point-and-click tool then Core Impact is one of the best tool around. **What problems is Core Impact solving and how is that benefiting you?** I am testing and looking for vulnerabilities and validating if our hosts/network are exploitable. ### 9. Core Impact Review **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Transportation/Trucking/Railroad | Mid-Market (51-1000 emp.) **Reviewed Date:** January 25, 2021 **What do you like best about Core Impact?** Easy to setup and use. Very simple to add a new device and scan it. The reports are great and help to provide us with greater insight into our systems. We also like the Network RPT section and how it basically walks you through the entire penetration testing process, from Information Gathering to Attack and Penetration, to Clean Up and Report Generation. **What do you dislike about Core Impact?** Could be a bit more intuitive. At first, it seems a bit intimidating with all of the menus and windows to view. After using it a few times and watching some of the training/instructional videos, it became clearer. We also found that by sitting with a partner and working through some of the training videos, we were able to bounce ideas off of each other, which helped us to better understand how to use the product. The training videos were very well done and helped us a lot. Thank you for that. **What problems is Core Impact solving and how is that benefiting you?** We are more knowledgable about our computers and servers than ever before. Core Impact helps us to maintain our PCI compliance. We also use Qualys for our vulnerability testing, and Core Impact integrates with it very nicely. We started off needing a penetration testing product in order to meet our PCI responsibilities, but we have been pleasantly surprised with how easy the product is to use. We all know that if a product isn't easy to use, it will not last too long. ### 10. CoreImpact - great positive impact on Pentesting **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Electrical/Electronic Manufacturing | Enterprise (> 1000 emp.) **Reviewed Date:** October 07, 2021 **What do you like best about Core Impact?** A variety of modules and I see it as the most complete solution for testing. It can function without any support from other assessment tools **What do you dislike about Core Impact?** NOTHING, everything is as expected. CAnnot think of something it's missing **What problems is Core Impact solving and how is that benefiting you?** a more complete assessment from both a web application as well as network and endpoint ### 11. Core Impact - Supporting our automated pen testing and social engineering campaigns **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Small-Business (50 or fewer emp.) **Reviewed Date:** February 16, 2021 **What do you like best about Core Impact?** The ability to automate different attacks and scenarios vs having to do everything manually which takes time. I like that CI can run a rapid pen testing in a few minutes or hours vs over an extended period of time, and running social engineering campaigns with a few clicks and edits. **What do you dislike about Core Impact?** Some of the modules have some bugs, so they need to be worked out in the next release, but I am still happy over all. **Recommendations to others considering Core Impact:** Make sure it meets your requirements before procuring. Its better for internal testing vs external but the social engineering is very nice. **What problems is Core Impact solving and how is that benefiting you?** Problems solved include social engineering campaigns running and me not having to do much work other than report. ### 12. Segmentation/Pentest tool - Core Impact **Rating:** 4.5/5.0 stars **Reviewed by:** Mansoor I. | Manager, Enterprise (> 1000 emp.) **Reviewed Date:** April 23, 2021 **What do you like best about Core Impact?** Intuitive and easy to operate and gives a lot of on the fly options to pick from, the most important one is to choose the attach that suits the asset you are performing the test :) **What do you dislike about Core Impact?** Not that I could think! most of them are dat on **Recommendations to others considering Core Impact:** Pick the product that suits your requirement; I feel core impact covers all the need of the pen testing world that has to offer **What problems is Core Impact solving and how is that benefiting you?** Segmentation and penetration tests are performed using core impact ### 13. A great product backed by fantastic support. **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Transportation/Trucking/Railroad | Enterprise (> 1000 emp.) **Reviewed Date:** September 14, 2021 **What do you like best about Core Impact?** Automation of the process so that the testers can focus on the outcome not the process in the testing. **What do you dislike about Core Impact?** The interface can feel a little dated. However easy enough to use! **What problems is Core Impact solving and how is that benefiting you?** The need to automate penetration testing ### 14. Nice customer service and training of the software **Rating:** 4.5/5.0 stars **Reviewed by:** Wendy C. | security analyst, Small-Business (50 or fewer emp.) **Reviewed Date:** April 30, 2021 **What do you like best about Core Impact?** Trainings are available and easy to use. **What do you dislike about Core Impact?** still need to import the data from other sources to validate the vulnerabilities. **Recommendations to others considering Core Impact:** nice product if you are looking for penetration testing and validating vulnerabilities. **What problems is Core Impact solving and how is that benefiting you?** Validate the vulnerabilities so we can reduce the false positives. ### 15. Flexible single platform view **Rating:** 5.0/5.0 stars **Reviewed by:** Jesse R. | VP of IT security, Small-Business (50 or fewer emp.) **Reviewed Date:** January 19, 2021 **What do you like best about Core Impact?** Single Pane to conduct all tasks. Ability to easily access exploits. The command and control aspect and being able to pivot on exploits is amazing. **What do you dislike about Core Impact?** The Interface is a little dated looking forward to a modern interface. **What problems is Core Impact solving and how is that benefiting you?** A single tool to handle multiple engagements. ### 16. Core Impact Review **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Commercial Real Estate | Mid-Market (51-1000 emp.) **Reviewed Date:** January 21, 2021 **What do you like best about Core Impact?** The program seems pretty straight forwards one you get a chance to poke around. Core has created a logical flow that allows the user to understand what phase of the penetration test that they are in. **What do you dislike about Core Impact?** I have not run into a dislike yet. There was a slight learning curve with watching their training videos and actually using the product, but after I was in it took no time to get the hang of it. **What problems is Core Impact solving and how is that benefiting you?** We use Core Impact to test the vulnerabilities that it may find around our network. It gives a decent insight as to what someone with a malicious intent may do if they were to find the exploit before we do. ### 17. review of Core Impact **Rating:** 4.0/5.0 stars **Reviewed by:** Nitin K. | | AppSec Analyst | OSCP | eCPPT |, Mid-Market (51-1000 emp.) **Reviewed Date:** January 20, 2021 **What do you like best about Core Impact?** Up to Date repository with no malwares. Can use the repo without any risk. **What do you dislike about Core Impact?** Console is a bit difficult to operate . Had issues understanding the features initially. **What problems is Core Impact solving and how is that benefiting you?** It is helping us in doing the Vulnerability assessments and penetration testing. ### 18. Assistance with retrieving reports **Rating:** 5.0/5.0 stars **Reviewed by:** Brian M. | Cyber Security Engineer, Enterprise (> 1000 emp.) **Reviewed Date:** April 14, 2021 **What do you like best about Core Impact?** Users ability to access the tools and tabs **What do you dislike about Core Impact?** Nothing really appear to be a task that I would dislike **What problems is Core Impact solving and how is that benefiting you?** The install was not completed correctly, which prevented me from viewing the reports ### 19. Great tool for internal tests **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Mid-Market (51-1000 emp.) **Reviewed Date:** May 06, 2021 **What do you like best about Core Impact?** Very easy to use interface. It was easy to learn and teach the more junior folks on my team. **What do you dislike about Core Impact?** I find it's a litle slow compared to some tools and requires a bit more CPU and Memory dedicated to it **What problems is Core Impact solving and how is that benefiting you?** We are using it for more comprehensive internal testing ### 20. One Year Experience **Rating:** 3.5/5.0 stars **Reviewed by:** Verified User in Telecommunications | Enterprise (> 1000 emp.) **Reviewed Date:** May 06, 2021 **What do you like best about Core Impact?** It has enough modules to get the job done. **What do you dislike about Core Impact?** The best place to run it is from the server itself. The console has limitations. **What problems is Core Impact solving and how is that benefiting you?** To ensure the servers we support are secure enough. ### 21. Doesn't work three months after purchasing. Support gives a run around **Rating:** 0.0/5.0 stars **Reviewed by:** Verified User in Computer & Network Security | Mid-Market (51-1000 emp.) **Reviewed Date:** January 19, 2021 **What do you like best about Core Impact?** Nothing as the fact is the software never worked for us. Trying several ways to use it but simply cant make it work,. **What do you dislike about Core Impact?** Support and after sales supprt. Team seems like they don't care about their clients once they get the money. request for refund goes into limbo. **Recommendations to others considering Core Impact:** get a trial before you get the software. good luck making it work. if it works for you, please let me know if you can consult as their team is bad at helping new clients. **What problems is Core Impact solving and how is that benefiting you?** initial install. **Official Response from Kelsey Arhart:** > We’re so sorry to hear this and are committed to making it right. We take the success of our customers and their feedback very seriously, and want to do everything we can to address your concerns, from installation to support. Since this review is anonymous, we’re unable to reach out to you directly, but please reach out again and we will take immediate action to resolve this. ### 22. core **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Telecommunications | Enterprise (> 1000 emp.) **Reviewed Date:** February 15, 2021 **What do you like best about Core Impact?** easy of use and integration capabilities **What do you dislike about Core Impact?** reporting could be improved and integrated with GRC or Integrated Risk Management module **What problems is Core Impact solving and how is that benefiting you?** Testing the effectiveness of the current security controls - RPT standard way to perform pentest ### 23. Great software package **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Computer & Network Security | Enterprise (> 1000 emp.) **Reviewed Date:** January 22, 2021 **What do you like best about Core Impact?** Security software is packed with many useful features and tools. **What do you dislike about Core Impact?** A bit of a learning curve from what I am used to but worth it. **What problems is Core Impact solving and how is that benefiting you?** Providing an alternative to our run of the mill open source pentest solutions. We have been able to more accurately test our environment from a single console. ### 24. It is a professional tool for pen-test **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Financial Services | Mid-Market (51-1000 emp.) **Reviewed Date:** January 24, 2021 **What do you like best about Core Impact?** The tool keeps up-to-date. And the function and UI are quite user-friendly. **What do you dislike about Core Impact?** The installation is not that easy. It takes time for that. **What problems is Core Impact solving and how is that benefiting you?** I can do the pen-test on my own by using Core Impact. ### 25. Prioritize vulnerability management **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.) **Reviewed Date:** February 15, 2021 **What do you like best about Core Impact?** Frequent exploit update, possibility to integrate in Cobalt Strike, Metasploit, etc. **What do you dislike about Core Impact?** Use the search bar, some modules do not work properly **What problems is Core Impact solving and how is that benefiting you?** Effektiv sårbarhetsprioritering ## Core Impact Discussions - [What is Core Impact software?](https://www.g2.com/discussions/what-is-core-impact-software) - 1 comment - [View Core Impact pricing details and edition comparison](https://www.g2.com/products/core-impact/reviews?section=pricing&secure%5Bexpires_at%5D=2026-05-14+10%3A25%3A49+-0500&secure%5Bsession_id%5D=9c4e622a-9ba2-4ab4-82dc-21bd3d64448f&secure%5Btoken%5D=67a5c8f7c7b40a0f90fcb0ef876638a9bc1c08bfc92209d48b422b028cd49962&format=llm_user) ## Core Impact Features **Administration** - API / Integrations - Extensibility - Reporting and Analytics **Analysis** - Issue Tracking - Reconnaissance - Vulnerability Scan **Testing** - Command-Line Tools - Manual Testing - Test Automation - Performance and Reliability ## Top Core Impact Alternatives - [Metasploit](https://www.g2.com/products/metasploit/reviews) - 4.6/5.0 (53 reviews) - [Acunetix by Invicti](https://www.g2.com/products/acunetix-by-invicti/reviews) - 4.1/5.0 (100 reviews) - [Intruder](https://www.g2.com/products/intruder/reviews) - 4.8/5.0 (206 reviews)