CORE Security released the latest version of CORE Impact Professional vulnerability assessment and penetration testing software, that allows organizations to proactively test IT infrastructure.


New Identity Manager capabilities include automatic identity discovery as part of standard Rapid Penetration Test (RPT) operations, automatic agent deployment via supported protocols when an Identity is validated, and graphical interaction with Identities when needed. Impact 12.5 is supported by a library of more than 2,700 commercial-grade exploits and other attack techniques.

Identity Manager learns identities, usernames and passwords, SSH keys, cookies and other pieces of information that can be used to gain control of systems. Identity Manager capabilities are built directly into Core Impact Pro’s attack and penetration methods, making the use of Identity Manager simple and straight-forward.

In addition, Impact Pro will attempt to automatically take control of systems when a valid Identity is learned for that system. Users can also quickly and easily reuse that newly discovered valid identity against all other system in the environment to take control of them as well.

Anti-Virus Evasion capabilities continue to help test endpoint security software, Impact Pro 12.5 includes updated techniques to help test the ability of defensive technology to pick up on the attempt to exploit and run code on a system.

In addition, CORE has enhanced its patented, leading edge, Syscall Proxy Agent which allows interaction with compromised systems. With Impact Pro 12.5, the Syscall Proxy Agent has improved resiliency, increasing its effectiveness in evading controls that try to detect this type of activity.

Additionally, Impact Pro 12.5 includes performance upgrades focused on increased effectiveness while reducing the number of packets required for success.