Core Impact Pricing, March 2021 on

Core Security have further simplified their pricing for Core Impact, out have gone abstract concepts like Workspaces and IP restrictions, in have come a simple 3 step model with “Basic”, “Pro” and “Enterprise”.

The new pricing takes effect from March 2021 on and is for new users. There is a process (not discussed here) for transitioning old users onto the new model at the appropriate time.

Each of the 3 levels of product come with unlimited IPs and unlimited Workspaces, but varying levels of functionality as defined in the table below.

All prices are per named user. There is a fair degree of flexibility with this, allowing for staff vacations and the like. But if you have a team of 4, then you really should have 4 copies. There are bulk discounts available (see below).

FeatureBasicProEnterprise
Network testing
The ability to look for and exploit CVEs
Client-Side Testing
Phishing attacks
Pivoting
The ability to install an agent somewhere else, then “Set Source” so that all activity comes from there.
CloudCypher Access
Submit password hashes to Core’s cloud and get clear text back
WiFi & Mobile Testing
Integration with Hak 5’s Pineapple
Web Application Testing
Test web applications using OWASP top 10 and other attacks
Exploit Packs
The ability to add additional exploit packs
Web UI
Optionally use the new Web user interface
REST API
Use of the API to further automate activity
Teaming
The ability for multiple users to work on the same test at the same time
SupportWeb & emailWeb & emailWeb, email & phone

Multi user discount

If you are purchasing multiple copies then a discount is available. For purchasing 2 or 3 copies, we can offer 5% off the total order. For 4 or 5 copies, we offer a 10% discount.

If you want 6 or more copies, please contact us for more details.

Exploit Packs

Core Impact comes with many thousands of exploits built in.  The current ones are listed on the Core Impact website here: https://www.coresecurity.com/core-labs/exploits so you can see what is available and subscribe to changes.

There are then packs of extra exploits, built by 3rd parties (a company called ExCraft) but supplied and verified by Core Impact.  These target specific testing areas, with the following packs available:

Pack NameDescription
SCADA StandardA set of exploits targeting SCADA equipment
SCADA ProfessionalThis Exploit Pack includes everything in the SCADA pack, plus provides a further set of exploits.
Medical DevicesExploits for Medical devices
IoTExploits for Internet of Things devices
Metasploit ExploitsIt it possible to load all of the community exploits available for Mestasploit into Core Impact and run them. They are not verified by Core in the same way as the items above, but it may give you early access to an exploit while the Core guys build and fully test one.

You can see what exploits are in what exploit pack by looking at the https://www.coresecurity.com/core-labs/exploits page. One of the filters at the top (product name) allows you to specify why exploit pack you are interested in.

Note that the filter “Impact” lists all of the exploits available in the current version.

Also note that you can only use the exploit packs with the Enterprise edition of Core Impact.

Perpetual & Subscription license models

Core Impact offers two license models, Perpetual and Subscription; the latter being the simplest to apply.

With a Subscription license you purchase the right to use the software for a 12-month period. At the end of that period the software stops working.  If you want to continue to use the software, then you spend about the same fee again for another 12-month period at the then market rate.

The Perpetual license has a higher up-front cost and a lower year 2+ cost.  In the first year you purchase the right to use the software indefinitely (perpetually) and in the year 2+ you just purchase the support and update package to ensure that you get all the new exploits and platform updates.

When comparing Perpetual to Subscription, the break-even point is about 2.5 years.  If you want the software for less than 2.5 years then Subscription is cheaper, if longer then consider Perpetual.

You can also start with a Subscription license, to prove the value of the software, then move to a Perpetual license when you are satisfied. This can be mid-year if you want, not just on the anniversary of the contract.

Perpetual is not available for all products

Be aware that some products are only available on a Subscription basis, this makes sense for things like the Burst license (which by definition is a Subscription license), but the exploit packs also have restrictions.

Here is the complete availability:

ProductSubscriptionPerpetual
Core Impact – Basic
Core Impact – Pro
Core Impact – Enterprise
Core Impact – Enterprise Burst (3 moths/1 project)
SCADA Standard Exploit Pack
SCADA Professional Exploit Pack
Medical Devices Exploit Pack
IoT Exploit Pack

How much does it cost?

S4 Applications are one of Core System’s main re-sellers for Core Impact so we can offer very competitive rates from Core Impact pricing.  We have pricing available in EUR, GBP and USD which hopefully fits with your organisation’s needs.

Core Impact pricing starts at under $10,000 for a 12-month subscription of the “Basic” tool, and the prices goes up depending on your needs.

Next steps

If you want to learn more about Core Impact, read more on our vendor page.

S4 Applications helps organisations protect their assets with vulnerability assessment and remediation solutions whether you are an Enterprise, SME or Security consultant.