Rapid7 Metasploit Reviews

Name: Rapid7 Metasploit
Brand: Rapid7
Rating: 3.9 (20 reviews)

3.9 out of 5

20 reviews
95% willing to recommend

1,589 followers

What is Rapid7 Metasploit?

Attackers are always developing new exploits and attack methods—Metasploit penetration testing software helps you use their own weapons against them. Utilizing an ever-growing database of exploits, you can safely simulate real-world attacks on your network to train your security team to spot and stop the real thing.

Get the Rapid7 Metasploit Buyer's Guide and find out what your peers are saying about Rapid7 Metasploit, Qualys VMDR, Tenable Nessus and more!

Rapid7 Metasploit is the #19 ranked solution in top Vulnerability Management solutions. PeerSpot users give Rapid7 Metasploit an average rating of 7.8 out of 10. Rapid7 Metasploit is most commonly compared to Qualys VMDR: Rapid7 Metasploit vs Qualys VMDR. Rapid7 Metasploit is popular among the large enterprise segment, accounting for 57% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 19% of all views.

Helped 831,020 peers since 2012

Featured reviews

Mani Bommisetty

Infrastructure patching Manager at a manufacturing company with 1,001-5,000 employees

Rapid7 has a significant advantage in providing a clear picture of my environment. It provides insight and incident detection response capabilities. When deployed with the same agent in servers or endpoints, it identifies vulnerabilities and monitors data transmission to external sources. Rapid7 offers comprehensive features within one platform, eliminating the need to integrate multiple tools to see all alerts in one place.

Read full review

AdeelAgha

Team Lead - Cyber Security & Compliance at Al Tuwairqi Group

Rapid7 is able to identify vulnerabilities, but the only way to remediate them is to manually apply patches. This can be time-consuming, as evidenced by the six months it took our team to remediate vulnerabilities found in the Tenable ICS and OT security VT. To make this process easier, there should be an automated system or API to align with the PET solution, allowing systems to quickly align with it. The solution is not user-friendly and has room for improvement. I would like a feature for mobile tracking, allowing us to operate it from a mobile device or at least track it technologically, the basic functionality would be something I would like. For example, when I execute a vulnerability assessment activity, it takes around two to three days to complete all the plans. In order to track that, I would have to log into my system repeatedly. Therefore, I would like to have a feature that allows me to track it from my mobile device.

Read full review

Md. Shahriar Hussain

Information Security Analyst at Banglalink

Penetration testing can potentially expose weaknesses in your Endpoint Detection and Response system. The effectiveness depends on how your EDR system is configured. If the policy is strong and well-configured, tools like Rapid7 Metasploit may not be successful. However, if the policy is poorly configured or not implemented, vulnerabilities could be exploited, and attacks, including those using Rapid7 Metasploit, may occur. Using the manual Rapid7 Metasploit software framework in Kali Linux requires command-line inputs. In contrast, the professional edition simplifies the process by allowing users to select IPs and upload Nessus results in dot Nessus format. This eliminates the need to write complex commands. In countries facing economic challenges, there is limited funding for security teams and professionals due to the country's economic conditions. The tool has delayed my certification. I don't recommend it since we get many better solutions in the market. I rate it a five out of ten.

Read full review

Rapid7 Metasploit mindshare

As of January 2025, the mindshare of Rapid7 Metasploit in the Vulnerability Management category stands at 1.9%, up from 1.9% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Vulnerability Management

PeerAnalyst reports

Type	Title	Date
Category	Vulnerability Management	Jan 17, 2025	Download
Product	Reviews, tips, and advice from real users	Jan 17, 2025	Download
Comparison	Rapid7 Metasploit vs Tenable Nessus	Jan 17, 2025	Download
Comparison	Rapid7 Metasploit vs Qualys VMDR	Jan 17, 2025	Download
Comparison	Rapid7 Metasploit vs Wiz	Jan 17, 2025	Download

Title	Rating	Mindshare	Recommending
Qualys VMDR	4.1	11.1%	94%	92 interviews Add to research
Tenable Nessus	4.2	12.5%	98%	80 interviews Add to research

Valuable Features

Rapid7 Metasploit offers valuable features including powerful exploitation and scanning, automation capabilities for testing, a user-friendly graphical interface, integration with PostgreSQL, Nmap, and Backtrack OS, and HTML-based reports. Users appreciate its open-source nature and extensive library of payloads and modules. The platform excels in phishing campaigns and vulnerability exploitation with support for multiple operating systems. It streamlines vulnerability identification and provides incident detection, making penetration testing efficient and insightful for organizations.

"Rapid7 offers comprehensive features within one platform, eliminating the need to integrate multiple tools to see all alerts in one place."
"Rapid7 has a significant advantage in providing a clear picture of my environment."
"I would definitely recommend Metasploit to others."

Room for Improvement

Rapid7 Metasploit needs improvements in exploit updates speed after patches, resource usage on older systems, and effectiveness against updated antivirus. The graphical interface lacks functionality compared to the command line. Integration with vulnerability scanners and better automation are crucial. Users find it less user-friendly and the reporting feature slow. There's a need for updated exploit databases, enhanced EDR evasion features, and a more extensive vulnerability library. GUI features and mobile tracking could enhance user experience.

"The reporting feature needs improvement. The time taken to fetch reports based on the number of events can be extensive, unlike Tenable, which is more user-friendly and faster."
"The reporting feature needs improvement."
"The database is not always updated with the latest vulnerabilities or zero-day exploits. If a vulnerability arises a month or two ago, it might not be included in the database, which is something I would like to see improved."

Pricing

Enterprise users find Rapid7 Metasploit offers a free open-source version and a Pro version. Many users opt for the free edition due to budget constraints, while some find the Pro version reasonably priced for its services. The licensing is typically per user, with costs described as affordable and intermediate. Initial setup fees can reach $20,000 with a 35% annual support fee. Some users report monthly payments or $15 per device charges, describing it as cheaper than competitors.

"The cost is approximately $15 per device."
"I have used the free version of Rapid7 Metasploit."
"Rapid7 Metasploit is an open-source solution."

Popular Use Cases

Organizations primarily use Rapid7 Metasploit for penetration testing to identify vulnerabilities within systems. They perform scanning, exploit testing, and vulnerability assessments. Metasploit assists in detecting exploitable issues, conducting phishing detection, and automation of network testing processes. It is used by security consultants for client engagements, integrated with tools like Kali Linux for network analysis, and assists in creating malicious documents for testing purposes, focusing on SMTP vulnerabilities and IP address assessments.

Service and Support

Customer service and support of Rapid7 Metasploit receive mixed feedback. Some users appreciate the helpful and responsive technical support, but others find response times slow and unpredictable compared to Cisco. Pro Version users have access to support, while free version users rely on an online community due to no formal support. Many emphasize the importance of online resources and community help, and some users have not needed technical assistance due to lack of issues.

Deployment

Users found Rapid7 Metasploit's initial setup generally straightforward and easy, especially for those with technical backgrounds. Installation times varied, taking from a few minutes up to several hours or days, depending on environment size and complexity. Some faced challenges if lacking technical knowledge. Installation was simple on both Windows and Linux, though some needed to disable antivirus and firewall temporarily. Rapid7 Metasploit deployment can often be managed by a single person with minimal ongoing maintenance.

Scalability

Opinions on Rapid7 Metasploit scalability vary. Some report it performs well for their needs, especially in cybersecurity teams or when used for larger projects. Others highlight limitations, particularly with automation and command-line interfaces. Some believe improvements in scalability are needed, while a few have found it meets their needs efficiently. Rapid7 Metasploit can scale in specific contexts, but perspectives differ, with some cautioning about the lack of automation and others praising its ability to handle extensive projects.

Stability

Many users report that Rapid7 Metasploit is stable, noting recent version improvements and no significant issues such as bugs, glitches, or crashes. Some users have experienced prior stability challenges, now alleviated by software updates. They frequently rate its stability between seven to nine out of ten. Many appreciate its robustness and reliability, while a few suggest there is still room for enhancement. Network issues, separate from the tool itself, can affect user experience.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Rapid7 Metasploit Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

19%

Financial Services Firm

10%

Manufacturing Company

Educational Organization

University

Government

Comms Service Provider

Non Profit

Hospitality Company

Retailer

Insurance Company

Real Estate/Law Firm

Energy/Utilities Company

Healthcare Company

Media Company

Transportation Company

Pharma/Biotech Company

Performing Arts

Recreational Facilities/Services Company

Legal Firm

Aerospace/Defense Firm

Construction Company

Logistics Company

Wholesaler/Distributor

Compare Rapid7 Metasploit with alternative products

Learn more about Rapid7 Metasploit

Rapid7 Metasploit was previously known as Metasploit.

Product Video

Rapid7 Metasploit customers

City of Corpus Christi, Diebold, Lumenate, Nebraska Public Power District, Prairie North Regional Health, Apptio, Automation Direct, Bob's Stores, Cardinal Innovations Healthcare Solutions, Carnegie Mellon University