This is not hacking in any of its hype-laden guises. This is production penetration testing with the purpose of performing in situ quality testing on the enterprise or its parts. Period. And that is a lot harder than it sounds. Impact has a set of scripted wizards that make preliminary testing easy. Of course, the scripted stuff is pretty loud and the skilled pen tester will be a whole lot more subtle. Impact allows that.
Production pen testing needs to be scriptable. That means I should be able write a macro that will run a set of tests every time I want to run it and know that the same procedures are being followed. That gives consistency and repeatability. This is just the ticket for production testing.
We have seen many of the other commercial and open source pen test tools and there are some very good ones. But when it comes to needing a consistent, configurable, customizable, easy-to-run pen testing tool, Core Impact from Core Security is a favorite hands-down. And it's because of its strength and consistency that it makes our anniversary list.