During mass scale exploitation, the penetration tester usually accepts a drop in the level of covertness to achieve greater results. Attacking several hosts at the same time creates a risk of being discovered by network administrators because the highly noticeable traffic and suspicious activity will trigger IDS or other network security software. An attacker using mass scale exploitation usually does not expect or need to stay hidden forever. Since the constraint of covertness is removed, you can work with Core Impact in a different mindset.
A network-wide exploitation can be completed in two different ways in Core Impact: by using the Rapid Penetration Testing (RPT) module presented earlier or by using network nodes.
In Core Impact, it is possible to aggregate multiple host nodes from the same network as a network node. Once aggregated, all modules applied to the network node are applied to each host in that subnetwork. For example, testing a whole Windows network for the survivability of Code Red could be as simple as:
Discovering the host for the subnetwork with a discovery (ping, arp)
Finding the ports by scanning the network node with a port scanner (connect, syn)
Performing OS detection on the network node with an fingerprint (nmap, banner)
Running a Microsoft Internet Information Server (IIS) IDA-IDQ exploit on the subnetwork
By applying these four modules to the network node, the user can easily test a network's resistance to a new worm or even exploit all these systems to patch them with a newly installed agent. The whole process can be integrated in a macro, so that testing the network for worm invasions can be accomplished from different entry points in a very short time.