Core Impact Reviews & Product Details

The GUI interface and being able to drag attacks to run against hosts and groups. I also like the ability to search modules by CVE and name. Review collected by and hosted on G2.com.

For a pentesting suite to be useful, it must have the ability to create a command-and-control session that can be customized to get through/past modern controls. The Core agent and it's command-and-control sessions are easily detected and blocked. With enough customization, we have success with Cobalt Strike HTTPS and DNS beacons. If Core Impact could automate the creation and customization of malleable and signed agents that bypass controls, it would get a 10/10.

Licensing has become difficult do to the many acquisitions of Core Security and Core Impact. I have not been able to access my software in several months! Review collected by and hosted on G2.com.

The functionality with this tool is among the best in the industry. The sales team is very knowledgeable and the documentation is easy to understand. Exceptional enterprise security tool! Review collected by and hosted on G2.com.

No dislikes to date! I have had alot of issues with standing up software from other vendors in our environment. Never had any issues standing up Core Impact! Review collected by and hosted on G2.com.

Core impact succeeds when it comes to its interface. Navigation and finding specific exploits to use are as easy as it gets. Review collected by and hosted on G2.com.

The price is absurd; 12 grand is way too much, and at that point, stick with a better tool like Metasploit pro. The agents deployed onto devices never stay connected more than a day, and the persistent agents are actually persistent about half the time. I found many modules to be very specific to work, and most have no documentation on how to use them, forcing me to create numerous support tickets. If the application is open for more than a few days, it has to be rebooted else its impossible to use with the slowness. (Yes, it is installed correctly). It was given, 6 vCPUs ,16GB RAM ,1TB SSD, and it somehow finds a way to hang and freeze. The third-party Metasploit modules work better than all the built-in core impact modules. The core impact vulnerability scanner finds nearly nothing while using a free open source scanner such as openvas gives better results. We actually drop the openvas results xml to use into core impact instead of the built-in one or the built-in nmap they use as well. The web application portion is very very bad. It is probably the worst part of Core impact. Any web penetration tests we need we stick with ZAP because it is way better, and its free. Overall the Core Impact application is over priced, lacks documentation, functions when it wants to , is only useful due to third party portions it has, and lacks a functioning web application penetration test portion. This tool is worth at most 2-3 grand. Review collected by and hosted on G2.com.

On the plus side, Core Impact has a friendly interface and very easy to use for newbies. It alone can do many different tasks in pentesting from scanning to attack, ... and packaging everything in one RPT process. Core Impact has a lot of attack modules on many different platforms, it gets updated quite frequently and quickly. I like the feature of installing agent on the server through services such as SSH, SMB, ... white box testing is much more effective. I have not had a chance to use the SCADA module to evaluate it, however I see the module updates exploiting the vulnerability so this platform is a lot, Recently there are additional modules for medical devices, but I think few people dare to pentest these systems, lmao^^! . Core Security has a very enthusiastic support team, very satisfied with them. Review collected by and hosted on G2.com.

On the downside, the ability to exploit web vulnerabilities is really bad, I feel like Core Security doesn't focus too much on this vector. Sometimes, modules that exploit new CVE vulnerabilities are updated very slowly, normally you can see an update update for CVE vulnerabilities from 2017,2018. Wireless network testing can only perform MITM attack, I expect more with this feature. Review collected by and hosted on G2.com.

Initially there were some problems with the installation of Core Impact but help from the support team was good and our account manager also gave waiver for those months. We are really satisfied with the services we received from the team.

Core impact, product is one of the best product to conduct automated penetration testing. We saved a lot of time and able to automate many penetration testing use cases. In addition to automation of the use cases, we are now able to do infrastructure level penetration testing with the help of fresh graduates from the colleges. Basically, infrastructure penetration testing requires really in-depth knowledge of each of the area of information security and finding out such professionals are really difficult in the market. With the defined use cases in the core impact, anyone with the basic knowledge of information security can perform network and infrastructure level penetration testing. Review collected by and hosted on G2.com.

As such every thing is good but if you ask to provide feedback or suggestion, then I recommend to update installation guide properly. We faced a lot of issues while installing the product on ourselves, although all the issues were resolved when we connected the support team. As we were not able to complete installation based on the steps written on the available guide, it delayed some of our projects. Review collected by and hosted on G2.com.

I use the "rapid penetration test" funcionality alot just to give servers a quick sanity check. Product's comprehensive exploit database and speedy updates are also appreciated. Review collected by and hosted on G2.com.

The tool can be a little bit noisy. Now that Cobalt Strike is also under the same roof, I would love to see a new product that integrates the best of both worlds. Review collected by and hosted on G2.com.

The product is excellent, and the support we have received phenomenal. Questions are not only answered, but taken further to make our use of the product even better. This is a comprehensive product that really does absolutely everything! Review collected by and hosted on G2.com.

Not a huge downside, but the reporting capabilities aren't as clean as I would like. We like to move things into our own format for reporting and we don't see a great way of doing that. Also, the reporting shows more than what the screens seem to show when running the product. Review collected by and hosted on G2.com.

Ease of use, navigation and integration. Review collected by and hosted on G2.com.

I hope they support installing it on Linux. Review collected by and hosted on G2.com.

Easy to setup and use. Very simple to add a new device and scan it. The reports are great and help to provide us with greater insight into our systems. We also like the Network RPT section and how it basically walks you through the entire penetration testing process, from Information Gathering to Attack and Penetration, to Clean Up and Report Generation. Review collected by and hosted on G2.com.

Could be a bit more intuitive. At first, it seems a bit intimidating with all of the menus and windows to view. After using it a few times and watching some of the training/instructional videos, it became clearer. We also found that by sitting with a partner and working through some of the training videos, we were able to bounce ideas off of each other, which helped us to better understand how to use the product. The training videos were very well done and helped us a lot. Thank you for that. Review collected by and hosted on G2.com.

A variety of modules and I see it as the most complete solution for testing. It can function without any support from other assessment tools Review collected by and hosted on G2.com.

NOTHING, everything is as expected. CAnnot think of something it's missing Review collected by and hosted on G2.com.