Rapid7 Metasploit Reviews

Name: Rapid7 Metasploit
Brand: Rapid7
Rating: 3.8 (18 reviews)

3.8 out of 5

18 reviews
94% willing to recommend

1,588 followers

What is Rapid7 Metasploit?

Attackers are always developing new exploits and attack methods—Metasploit penetration testing software helps you use their own weapons against them. Utilizing an ever-growing database of exploits, you can safely simulate real-world attacks on your network to train your security team to spot and stop the real thing.

Get the Rapid7 Metasploit Buyer's Guide and find out what your peers are saying about Rapid7 Metasploit, Qualys VMDR, Tenable Nessus and more!

Rapid7 Metasploit is the #19 ranked solution in top Vulnerability Management solutions. PeerSpot users give Rapid7 Metasploit an average rating of 7.6 out of 10. Based on the analysis of the 18 most recent Rapid7 Metasploit reviews, the overall sentiment is positive, with a sentiment score of 7.6. Rapid7 Metasploit is most commonly compared to Qualys VMDR: Rapid7 Metasploit vs Qualys VMDR. Rapid7 Metasploit is popular among the large enterprise segment, accounting for 57% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 18% of all views.

Helped 816,406 peers since 2012

Featured reviews

Aqeel Junaid

Junior Executive - Information Security at sunshine holdings

The solution's exploit development functionality was easy to use and had all the scenarios I could use to run my security assessment. Since the solution has been updated regarding new malware, it gives data protection for security professionals. Rapid7 Metasploit is a good exploit tool, and users need to know what they're doing while using the solution. The solution provides perfect effectiveness in simulating real-world attacks for training purposes. Overall, I rate the solution a nine out of ten.

Read full review

Md. Shahriar Hussain

Cyber Security Chartered Engineer at Banglalink

Penetration testing can potentially expose weaknesses in your Endpoint Detection and Response system. The effectiveness depends on how your EDR system is configured. If the policy is strong and well-configured, tools like Rapid7 Metasploit may not be successful. However, if the policy is poorly configured or not implemented, vulnerabilities could be exploited, and attacks, including those using Rapid7 Metasploit, may occur. Using the manual Rapid7 Metasploit software framework in Kali Linux requires command-line inputs. In contrast, the professional edition simplifies the process by allowing users to select IPs and upload Nessus results in dot Nessus format. This eliminates the need to write complex commands. In countries facing economic challenges, there is limited funding for security teams and professionals due to the country's economic conditions. The tool has delayed my certification. I don't recommend it since we get many better solutions in the market. I rate it a five out of ten.

Read full review

Andrei Bigdan

Executive Manager at B2B-Solutions LLC

The base has already been established. While there is a free community version commonly used, it requires manual installation of exploits. It allows us to concentrate solely on identified vulnerabilities without the hassle of additional setup. It has the capability to execute session attacks, generating deceptive pages from the target page. This mimics a fake page, enticing individuals to interact after receiving email session letters. This feature allows the creation of campaigns with efficient letters deployed within unique pages—a utility that sets it apart from other products solely focused on exploit databases.

Read full review

Rapid7 Metasploit mindshare

As of November 2024, the mindshare of Rapid7 Metasploit in the Vulnerability Management category stands at 1.9%, down from 1.9% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Vulnerability Management

Key learnings from peers

Last updated Nov 21, 2024

Valuable Features

Rapid7 Metasploit's valuable features include graphical and command-line interfaces, HTML-based report collection, and integration with PostgreSQL and Nmap for scanning and exploiting. Offers over 800 active modules and open-source access. Supports phishing campaigns and payload creation. Provides automation by integrating results from tools like Nessus. Integration with Backtrack OS and the creation of scripts and modules enhance usability. It efficiently discovers and exploits vulnerabilities with stable performance and helpful technical support.

"I use Rapid7 Metasploit for payload generation and Post-Exploitation."
"The most valuable features of the solution are the scripts, the modules, and the tools that the Rapid7 Metasploit framework has."
"The tool's most useful feature for penetration testing is its automation capabilities. With the professional edition, you can upload the results from Nessus in the Rapid7 Metasploit solution portal."

Room for Improvement

Rapid7 Metasploit needs improvements in several areas including faster exploit updates, resource optimization, and user-friendly features. Issues include a less effective GUI, challenges with antivirus compatibility, limited browser exploits, and slow database updates. Users desire better integration with other tools, enhanced automation, mobile tracking, and advanced infrastructure. Built-in reporting, improved live support, and wider vulnerability coverage are also requested, along with more effective payloads and evasive capabilities against modern security systems.

"Rapid7 Metasploit could be made easier for new users to learn."
"If your company's patch is not up to date, but you have other detection or defense solutions such as endpoint detection and response and antivirus software, the product exploit may not work effectively. This is because its exploit database update process is slow and not real-time. For zero-day vulnerabilities or new security threats, relying on Rapid7 Metasploit alone may not be effective."
"Advanced Infrastructure should be implemented in the next release for better orchestration."

Pricing

Enterprise users express mixed views on Rapid7 Metasploit's pricing. Many appreciate the open-source version, finding it cost-effective for their needs. Those using the Pro version note its reasonable pricing, though some suggest additional discounts. Licensing is user-based, with Pro users paying a one-time fee of approximately $20,000 or €20,000, plus a 35% annual support cost. Some companies consider it cheaper than alternatives like Tenable.io but are exploring replacements due to budget constraints.

"I have used the free version of Rapid7 Metasploit."
"Rapid7 Metasploit is an open-source solution."
"It is a reasonably priced solution. I would rate it from five out of ten."

Popular Use Cases

Organizations primarily use Rapid7 Metasploit for penetration testing and vulnerability detection. They assess internal systems, networks, and information assets to identify exploitable weaknesses. Metasploit is deployed at client sites, integrated with governmental agencies, and used in phishing detection. It helps optimize vulnerability management by validating findings, automating processes, and enabling testing by teams. Some users employ it for scanning systems managed through Rapid7 InsightVM while detecting and preventing attacks. Rapid7 Metasploit is instrumental in exposing vulnerabilities.

Service and Support

Rapid7 Metasploit's customer support receives mixed feedback. Some find it sluggish and unpredictable, especially compared to Cisco. While assistance can be helpful, delays are common. Community edition users rely on open-source resources due to lack of support. Though some praise the support's responsiveness and helpfulness, others experience significant delays. Users suggest online resources are beneficial, but the commercial edition might offer better assistance.

Deployment

Rapid7 Metasploit's initial setup is generally described as straightforward. Many users find it easy, requiring minimal time and effort, often manageable by a single person within about 30 minutes. Some users note it can be slightly challenging for those without a technical background and may involve uninstalling antivirus or disabling firewalls. Users with technical expertise typically have no issues and appreciate the clear documentation available for guidance.

Scalability

Rapid7 Metasploit's scalability varies among users. While some find it sufficient for their needs, others suggest improvements in automation and hybrid environments. Organizations with small to medium teams manage scalability, though challenges arise with automation due to the nature of penetration testing. Many users report it scales adequately, although some rate its expansion capabilities lower, indicating room for enhancement.

Stability

Many users have noted that the stability of Rapid7 Metasploit has improved with the latest version, resolving past issues. They find it robust, reliable, and free from bugs, glitches, or crashes. Users generally rate its stability between seven to nine out of ten, indicating some room for improvement. While some experienced past instability, the consensus highlights stability satisfaction, with multiple users affirming their confidence in its current stable state.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Rapid7 Metasploit Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

18%

Financial Services Firm

10%

Manufacturing Company

10%

Educational Organization

University

Government

Retailer

Healthcare Company

Comms Service Provider

Insurance Company

Non Profit

Hospitality Company

Real Estate/Law Firm

Energy/Utilities Company

Media Company

Legal Firm

Pharma/Biotech Company

Recreational Facilities/Services Company

Performing Arts

Construction Company

Aerospace/Defense Firm

Logistics Company

Wholesaler/Distributor

Compare Rapid7 Metasploit with alternative products

Learn more about Rapid7 Metasploit

Rapid7 Metasploit was previously known as Metasploit.

Product Video

Rapid7 Metasploit customers

City of Corpus Christi, Diebold, Lumenate, Nebraska Public Power District, Prairie North Regional Health, Apptio, Automation Direct, Bob's Stores, Cardinal Innovations Healthcare Solutions, Carnegie Mellon University