Skip to content

Core Impact Pricing, January 2024 on

In January of 2024 the Fortra people further simplified the pricing model for Core Impact. The 3 step Edition model with “Basic”, “Pro” and “Enterprise” remained, but the perpetual options were removed as nobody was purchasing them..

Each of the 3 Editions come with unlimited IPs and unlimited Workspaces, but varying levels of functionality as defined in the table below.

All prices are per named user. There is a fair degree of flexibility with this, allowing for staff vacations and the like. But if you have a team of 4, then you really should have 4 copies. Bulk discounts are available (see below).

FeatureBasicProEnterprise
Network testing
The ability to look for and exploit CVEs
Client-Side Testing
Phishing attacks
Pivoting
The ability to install an agent somewhere else, then “Set Source” so that all activity comes from there.
CloudCypher Access (see below for description)
Submit password hashes to Core’s cloud and get clear text back
WiFi & Mobile Testing
Integration with Hak 5’s Pineapple
Web Application Testing
Test web applications using OWASP top 10 and other attacks
Exploit Packs
The ability to add additional exploit packs
REST API
Use of the API to further automate activity
Teaming
The ability for multiple users to work on the same test at the same time
SupportWeb & emailWeb & emailWeb, email & phone

CloudCypher Access is a service run by Core that will brute force NTLM hashes and provide you with clear-text passwords. This tool uses a combination of dictionary attacks, rainbow tables and various brute force strategies.

From within Core Impact, you can select to automatically have the hashes de-coded and the clear text results returned to the tool.

We have 3 videos showing the functionality in action:

Multi user discount

If you are purchasing multiple copies then a discount is available. For purchasing 2 or 3 copies, we can offer 5% off the total order. For 4 or 5 copies, we offer a 10% discount.

If you want 6 or more copies, please contact us for more details.

Exploit Packs

Core Impact comes with many thousands of exploits built in.  The current ones are listed on the Core Impact website here: https://www.coresecurity.com/core-labs/exploits so you can see what is available and subscribe to changes.

There are then packs of extra exploits, built by 3rd parties (a company called ExCraft) but supplied and verified by Fortra.  These target specific testing areas, with the following packs available:

Pack NameDescription
SCADA StandardA set of exploits targeting SCADA equipment
SCADA ProfessionalThis Exploit Pack includes everything in the SCADA pack, plus provides a further set of exploits.
Medical DevicesExploits for Medical devices
IoTExploits for Internet of Things devices
Metasploit ExploitsIt it possible to load all of the community exploits available for Mestasploit into Core Impact and run them. They are not verified by Core in the same way as the items above, but it may give you early access to an exploit while the Core guys build and fully test one.

You can see what exploits are in what exploit pack by looking at the https://www.coresecurity.com/core-labs/exploits page. One of the filters at the top (product name) allows you to specify the exploit pack you are interested in.

Note that the filter “Impact” lists all of the exploits available in the current version.

Also, note that you can only use the exploit packs with the Enterprise edition of Core Impact.

How much does it cost?

S4 Applications is one of Fortra’s main re-sellers for Core Impact, so we can offer very competitive rates. We have pricing available in EUR, GBP, and USD, which hopefully fits your organisation’s needs. If it is important to you, we can also transact in other currencies.

Core Impact pricing starts at under $10,000 for a 12-month subscription to the “Basic” tool, and it goes up depending on your needs.

Next steps

If you want to learn more about Core Impact, read more on our vendor page.

S4 Applications helps organisations protect their assets with vulnerability assessment and remediation solutions whether you are an Enterprise, SME or Security consultant.

.colored-point-black { position: absolute; width: 200px; height: 50px; border-radius: 50%;} .colored-point-blue { position: absolute; width: 200px; height: 50px; border-radius: 50%; } .colored-point-green { position: absolute; width: 200px; height: 50px; border-radius: 50%; }
World Map
.colored-point-black { position: absolute; width: 200px; height: 50px; border-radius: 50%;} .colored-point-blue { position: absolute; width: 200px; height: 50px; border-radius: 50%; } .colored-point-green { position: absolute; width: 200px; height: 50px; border-radius: 50%; }
World Map