Rapid7 Metasploit Reviews

Name: Rapid7 Metasploit
Brand: Rapid7
Rating: 3.9 (19 reviews)

3.9 out of 5

19 reviews
94% willing to recommend

1,588 followers

What is Rapid7 Metasploit?

Attackers are always developing new exploits and attack methods—Metasploit penetration testing software helps you use their own weapons against them. Utilizing an ever-growing database of exploits, you can safely simulate real-world attacks on your network to train your security team to spot and stop the real thing.

Get the Rapid7 Metasploit Buyer's Guide and find out what your peers are saying about Rapid7 Metasploit, Qualys VMDR, Tenable Nessus and more!

Rapid7 Metasploit is the #21 ranked solution in top Vulnerability Management solutions. PeerSpot users give Rapid7 Metasploit an average rating of 7.8 out of 10. Based on the analysis of the 19 most recent Rapid7 Metasploit reviews, the overall sentiment is positive, with a sentiment score of 7.2. Rapid7 Metasploit is most commonly compared to Qualys VMDR: Rapid7 Metasploit vs Qualys VMDR. Rapid7 Metasploit is popular among the large enterprise segment, accounting for 56% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 18% of all views.

Helped 823,875 peers since 2012

Featured reviews

Aqeel Junaid

Junior Executive - Information Security at sunshine holdings

The solution's exploit development functionality was easy to use and had all the scenarios I could use to run my security assessment. Since the solution has been updated regarding new malware, it gives data protection for security professionals. Rapid7 Metasploit is a good exploit tool, and users need to know what they're doing while using the solution. The solution provides perfect effectiveness in simulating real-world attacks for training purposes. Overall, I rate the solution a nine out of ten.

Read full review

Md. Shahriar Hussain

Cyber Security Chartered Engineer at Banglalink

Penetration testing can potentially expose weaknesses in your Endpoint Detection and Response system. The effectiveness depends on how your EDR system is configured. If the policy is strong and well-configured, tools like Rapid7 Metasploit may not be successful. However, if the policy is poorly configured or not implemented, vulnerabilities could be exploited, and attacks, including those using Rapid7 Metasploit, may occur. Using the manual Rapid7 Metasploit software framework in Kali Linux requires command-line inputs. In contrast, the professional edition simplifies the process by allowing users to select IPs and upload Nessus results in dot Nessus format. This eliminates the need to write complex commands. In countries facing economic challenges, there is limited funding for security teams and professionals due to the country's economic conditions. The tool has delayed my certification. I don't recommend it since we get many better solutions in the market. I rate it a five out of ten.

Read full review

AdeelAgha

Team Lead - Cyber Security & Compliance at Al Tuwairqi Group

Rapid7 is able to identify vulnerabilities, but the only way to remediate them is to manually apply patches. This can be time-consuming, as evidenced by the six months it took our team to remediate vulnerabilities found in the Tenable ICS and OT security VT. To make this process easier, there should be an automated system or API to align with the PET solution, allowing systems to quickly align with it. The solution is not user-friendly and has room for improvement. I would like a feature for mobile tracking, allowing us to operate it from a mobile device or at least track it technologically, the basic functionality would be something I would like. For example, when I execute a vulnerability assessment activity, it takes around two to three days to complete all the plans. In order to track that, I would have to log into my system repeatedly. Therefore, I would like to have a feature that allows me to track it from my mobile device.

Read full review

Rapid7 Metasploit mindshare

As of December 2024, the mindshare of Rapid7 Metasploit in the Vulnerability Management category stands at 1.9%, down from 1.9% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Vulnerability Management

PeerAnalyst reports

Type	Title	Date
Category	Vulnerability Management	Dec 18, 2024	Download
Product	Reviews, tips, and advice from real users	Dec 18, 2024	Download
Comparison	Rapid7 Metasploit vs Tenable Nessus	Dec 18, 2024	Download
Comparison	Rapid7 Metasploit vs Qualys VMDR	Dec 18, 2024	Download
Comparison	Rapid7 Metasploit vs Wiz	Dec 18, 2024	Download

Title	Rating	Mindshare	Recommending
Qualys VMDR	4.1	11.4%	94%	92 interviews Add to research
Tenable Nessus	4.2	12.6%	98%	80 interviews Add to research

Valuable Features

Rapid7 Metasploit features both graphical and command-line interfaces, integration with PostgreSQL, automatic vulnerability discovery, over 800 active modules, support for Linux-based web server testing, and phishing campaign detection. Users benefit from Metasploit's open-source nature, collaboration features, payload generation, built-in Wireshark, user-friendly interface, automation for penetration testing, and seamless integration with tools like Nmap and Nessus. Reliable, scalable, and stable for various targeted penetration tests.

"I would definitely recommend Metasploit to others."
"The most valuable features of Metasploit include its powerful capabilities for exploitation and scanning."
"I use Rapid7 Metasploit for payload generation and Post-Exploitation."

Room for Improvement

Rapid7 Metasploit requires updates to its exploit database and resource efficiency. Its interface could be more user-friendly, with better integration of features from the command line into the GUI. Improved automation and integration with other tools like vulnerability scanners would enhance functionality. Increased coverage of vulnerabilities and more effective payloads are needed. Training materials for beginners and enhanced live technical support would benefit users. Enhanced mobile features for tracking activities remotely are also important.

"The database is not always updated with the latest vulnerabilities or zero-day exploits. If a vulnerability arises a month or two ago, it might not be included in the database, which is something I would like to see improved."
"The database is not always updated with the latest vulnerabilities or zero-day exploits."
"Rapid7 Metasploit could be made easier for new users to learn."

ROI

Pricing

Enterprise buyers evaluating Rapid7 Metasploit find the pricing to be accessible, with options for both free and Pro versions. Companies appreciate the reasonable cost compared to alternatives like Tenable.io. Licensing is per user, and while the initial setup cost is around $20,000, there's an annual 35% support fee. Some users express satisfaction, while others consider switching due to budget constraints. The monthly payment model is available, and the free open-source version is commonly utilized.

"I have used the free version of Rapid7 Metasploit."
"Rapid7 Metasploit is an open-source solution."
"It is a reasonably priced solution. I would rate it from five out of ten."

Popular Use Cases

Organizations primarily use Rapid7 Metasploit for penetration testing and vulnerability assessment. They use it to identify exploitable vulnerabilities, automate testing processes, and assess network security. They operate Metasploit on client sites or internally to manage and validate vulnerabilities. Users conduct scans on systems managed through Rapid7, align Metasploit with IP addresses to identify risks, and use it with governmental agencies. They also utilize it for phishing detection, exploits testing, and automation in website testing.

Service and Support

Customer service and support for Rapid7 Metasploit have mixed feedback. Some find technical support responsive and helpful, while others experience delays. The unpredictability of direct contact is noted. Several rely on online resources when using the free version since it lacks dedicated support. The active development team is praised for maintaining the software. Several have not needed support, encountering no issues. Waiting for assistance can require patience, and responses may not meet timelines.

Deployment

Rapid7 Metasploit's initial setup is generally straightforward, with many finding it easy and quick, often completed in minutes to hours. Some note possible challenges for those without technical backgrounds. Several users mention the need to adjust or uninstall security software during installation. While many find it simple, certain scenarios may require technical knowledge, possibly taking longer for complex environments. Installation is supported across Windows and Linux, with available documentation aiding the process.

Scalability

Many find Rapid7 Metasploit scalable, fitting varied needs from small teams to large projects. Some suggest improvements, particularly in automation. Its scalability meets the specific requirements of different cybersecurity teams without major issues. Though some express concerns over command-line limitations, others appreciate its adaptability in handling large tasks, with users rating it well on this aspect. Despite mixed reactions, it continues to be a valuable tool for many organizations.

Stability

Many users mention improvements with the latest versions, indicating that past issues have been resolved. They describe Rapid7 Metasploit as robust, stable, and reliable, free from crashes and bugs. Ratings for stability range mostly from seven to nine out of ten, with a majority expressing satisfaction. Some still feel there is room for improvement. Most users report no technical issues or downtimes, reinforcing strong stability.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Rapid7 Metasploit Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

18%

Financial Services Firm

10%

Manufacturing Company

Educational Organization

University

Government

Comms Service Provider

Retailer

Non Profit

Hospitality Company

Insurance Company

Healthcare Company

Real Estate/Law Firm

Energy/Utilities Company

Media Company

Pharma/Biotech Company

Performing Arts

Legal Firm

Transportation Company

Recreational Facilities/Services Company

Construction Company

Aerospace/Defense Firm

Logistics Company

Wholesaler/Distributor

Compare Rapid7 Metasploit with alternative products

Learn more about Rapid7 Metasploit

Rapid7 Metasploit was previously known as Metasploit.

Product Video

Rapid7 Metasploit customers

City of Corpus Christi, Diebold, Lumenate, Nebraska Public Power District, Prairie North Regional Health, Apptio, Automation Direct, Bob's Stores, Cardinal Innovations Healthcare Solutions, Carnegie Mellon University