CORE IMPACT Pro integrates with Metasploit Project

Core Security Technologies has created a fully supported technical integration between CORE IMPACT Pro and the Metasploit open-source exploit framework.

Through the integration, testers will now be able to:

1. Bring a system compromised during testing with Metasploit into the IMPACT environment and deploy an IMPACT Pro Agent. The Agent is a patented, syscall proxy payload that allows users to:

• Launch IMPACT Pro’s full range of automated penetration testing capabilities from the compromised system.
• Leverage IMPACT’s broad selection of commercial-grade exploits, plus multiple pre- and post-exploitation capabilities for in-depth, comprehensive attack replication.
• Pivot penetration tests to other systems, mimicking an attacker’s attempts at identifying and exploiting paths of weakness to backend systems and data.

2. Use IMPACT Pro’s automated Rapid Penetration Test (RPT) to exploit vulnerabilities, then launch Metasploit’s db-autopwn feature and subsequently upload the results back into IMPACT Pro. This allows users with less training and expertise to view Metasploit testing information within the IMPACT environment.

“Professional penetration testers and enterprises alike will now benefit from the exploits of Metasploit while being able to leverage the powerful technology and reporting of IMPACT Pro. The most reliable commercial tool blended with the bleeding edge research of the open source community will surely be a hit for all.” said Chris Nickerson, CEO of Lares Consulting.