Results 1 to 9 of 9

Thread: is it worth to buy core impact?

  1. #1
    Just burned his ISO
    Join Date
    Nov 2009
    Posts
    12

    Default is it worth to buy core impact?

    i m very interested in that project which is a fully automated penetration test software
    but is it enough ? or we should still have manual penetration test on our servers ?

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by SilverSpam View Post
    i m very interested in that project which is a fully automated pene test software
    but is it enough ? or we should stll hav manual pene test on our servers ?
    I am pretty confident that if you can't bother to at least use proper grammar and spell penetration test then you shouldn't be concerned with conducting them nor their associated costs.
    In addition Core Security has a website and trained professionals who not only can spell, but can advise you on this subject.

    Not only that but (even though it is Monday) you are up for post of the week.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  3. #3
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Yes hire/contract someone who is trained to perform your Vulnerability Assessments and Penetration Tests.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  4. #4
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    6

    Default

    I agree with thorin and archangel.amael. Get in a pro.

    We use Core impact. It is a great tool, but has some real limitations that mean you cannot do a complete pen test with it. Even if you know it well. For example you can't use it to jump a Vlan, so it's already not a complete test (assuming you have vlans) It does not do wireless, although the next version out in a few weeks time will have. There is a huge list of things it cannot do, so it is far from a complete solution.

    It's a great product but it is not a 'fully automate pene test'

  5. #5
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    In my opinion its a nice product (I like the way it neatly self documents stuff), but its far from complete enough for automated pen testing (even though Core claim otherwise), and its WAAAAAYYYY too expensive!

    Oh, and it also means you have to use Windows during a Pen Test, which I always prefer to avoid - basically everything I use (apart from Acunetix WVS) runs on Linux and I like to minimise dual booting or starting up a VM where possible.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  6. #6
    Just burned his ISO
    Join Date
    Nov 2009
    Posts
    12

    Default

    Yes , but is swiching between vlan dsiabled by core ? or its unable to do that ?

    and about ,
    have to use Windows during a Pen Test
    is that because of vulnerabilities of windows ?
    or you only comfortable with open source os ?

  7. #7
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by SilverSpam View Post
    is that because of vulnerabilities of windows ?
    or you only comfortable with open source os ?
    No I can use Windows perfectly well - Its because I'm more comfortable in Linux. The OS is more flexible and the tools are more powerful, especially the shell and command line tools for text manipulation, which I use a LOT during a test. Plus having to move between environments is an extra hassle I'd prefer to do without.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  8. #8
    Member
    Join Date
    Feb 2010
    Location
    Root
    Posts
    121

    Default

    I use Core Impact on a regular basis. Its a great tool. IMO its not enough to just buy an automated tool, that has limitations, without understanding the basics, or understanding what the tool is doing. It would be far from a complete pen-test if you are just using CI.

    I might just have summed up every one else's posts... too early

  9. #9
    Just burned his ISO
    Join Date
    May 2007
    Posts
    4

    Default

    CI is costly for sure, but does what it says. The latest Metasploit 3.3.1 excites me with its "-x"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •