Core Impact + Metasploit highlights pen-test market maturation

Boston-based penetration testing specialists Core Security Technologies has completed a technical integration of its flagship CORE IMPACT Pro tool with the Metasploit point-and-click attack tool.

The move allows users of Core's enterprise-facing vulnerability analysis tool to tap directly into the open-source functionality of Metasploit to carry out simulated hacking attacks.

[ Nick Selby: Metasploit + Rapid7 shakes up pen-test landscape ]

The integration follows Rapid7's acquisition of Metasploit and highlights the continued maturation of the niche penetration testing market.   It allows multiple vulnerability assessment tools to be used in a business pen-test, all playing nicely with each other.

For example, according to Core, penetration testers will now be able to bring a system compromised during testing with Metasploit into the IMPACT environment and deploy an IMPACT Pro Agent. With this agent, a user can then launch IMPACT Pro's automated penetration testing capabilities from the compromised system.

In a simulated hacking attack, a pen-tester can also use IMPACT Pro's automated Rapid Penetration Test (RPT) to exploit vulnerabilities, then launch Metasploit’s db-autopwn feature and subsequently upload the results back into IMPACT Pro. This allows users with less training and expertise to view Metasploit testing information within the IMPACT environment, Core explained.

The integration will be available in April 2010.