Try our new research platform with insights from 80,000+ expert users

Acunetix vs Rapid7 Metasploit comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 12, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Ranking in Vulnerability Management
27th
Average Rating
9.6
Reviews Sentiment
8.1
Number of Reviews
2
Ranking in other categories
Continuous Threat Exposure Management (CTEM) (6th)
Acunetix
Ranking in Vulnerability Management
23rd
Average Rating
7.8
Reviews Sentiment
6.9
Number of Reviews
32
Ranking in other categories
Application Security Tools (17th), Static Application Security Testing (SAST) (14th), DevSecOps (6th)
Rapid7 Metasploit
Ranking in Vulnerability Management
20th
Average Rating
7.8
Reviews Sentiment
7.1
Number of Reviews
21
Ranking in other categories
No ranking in other categories
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
AnubhavGoswami - PeerSpot reviewer
Attractive automated reports with boost user productivity and an easy setup
The primary use is mainly related to vulnerability assessment, including both public and internal IP addresses By using this tool, we have reduced the workload and increased the productivity of users. It generates automated reports. This feature is beneficial when sharing reports with clients as…
Mani Bommisetty - PeerSpot reviewer
Comprehensive insights with robust vulnerability detection and streamlined alert management
Rapid7 has a significant advantage in providing a clear picture of my environment. It provides insight and incident detection response capabilities. When deployed with the same agent in servers or endpoints, it identifies vulnerabilities and monitors data transmission to external sources. Rapid7 offers comprehensive features within one platform, eliminating the need to integrate multiple tools to see all alerts in one place.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Zafran has become an indispensable tool in our cybersecurity arsenal."
"Zafran is an excellent tool."
"There is a lot of documentation on their website which makes setting it up and using it quite simple."
"Our developers can run the attacks directly from their environments, desktops."
"It generates automated reports."
"The vulnerability scanning option for analyzing the security loopholes on the websites is the most valuable feature of this solution."
"By integrating with CI/CD tools, it enables a shift-left approach in the development process."
"Acunetix has an awesome crawler. It gives a referral site map of near targets and also goes really deep to find all the inputs without issues. This was valuable because it helped me find some files or directories, like web admin panels without authentication, which were hidden."
"One of the features that I feel is groundbreaking, that I would like to see expanded on, is the IAS feature: The Interactive Application Security Testing module that gets loaded onto an application on a server, for more in-depth, granular findings. I think that is really neat. I haven't seen a lot of competitors doing that."
"We are able to create a report which shows the PCI DSS scoring and share it with the application teams. Then, they can correlate and see exactly what they need to fix, and why."
"The tool's most useful feature for penetration testing is its automation capabilities. With the professional edition, you can upload the results from Nessus in the Rapid7 Metasploit solution portal."
"It's not possible to do penetration testing without being very proficient in Metasploit."
"Stability-wise, I rate the solution a nine out of ten...Scalability-wise, I rate the solution a nine out of ten."
"It is scalable. It's in line with our needs."
"The most valuable features of the solution are the scripts, the modules, and the tools that the Rapid7 Metasploit framework has."
"All of the features are great."
"It contains almost all the available exploits and payloads."
"When I compare Metasploit with Nessus, I find that Metasploit is faster and it does not burden the system as much."
 

Cons

"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"The solution's pricing could be better."
"While we do have it integrated with other solutions, it could still offer more integrations."
"There is room for improvement in website authentication because I've seen other products that can do it much better."
"In terms of what needs improvement, the way the licensing model is currently is not very convenient for us because initially, when we bought it, the licensing model was very flexible, but now it restricts us."
"Acunetix needs to include agent analysis."
"There was an issue related to updates from the internet."
"It would be nice to have a feature to "retest" only a single vulnerability that the customer reports as patched, and delete it from the next scans since it has already been patched."
"It should be easier to recreate something manually, with the manual tool, because Acunetix is an automatic tool. If it finds something, it should be easier to manually replicate it. Sometimes you don't get the raw data from the input and output, so that could be improved."
"The database is not always updated with the latest vulnerabilities or zero-day exploits. If a vulnerability arises a month or two ago, it might not be included in the database, which is something I would like to see improved."
"The reporting feature needs improvement."
"Support is another area where improvement is needed, particularly for assisting non-security users."
"There are numerous outdated exploits in their database that should be updated."
"The solution is not user-friendly and has room for improvement."
"We'd like them to offer better coverage of malware."
"The database is not always updated with the latest vulnerabilities or zero-day exploits."
"I would like to see more capabilities, more functions, and more features. More types of attack vectors."
 

Pricing and Cost Advice

Information not available
"It is a bit expensive. If you need to check five applications, you have to pay almost 14,000. It is an agreement for two years at 7,000 per year for only five applications. You cannot change the applications in the license. So, you are stuck with the same license for the five applications for one full year."
"I would say that Acunetix is expensive because there are products on the market with similar features that are equally or better-priced."
"All things considered, I think it has a good price/value ratio."
"The pricing and licensing are reasonable to a point. In order to run multiple scans at a time, we are going to have to purchase a 100 count license, which is an overkill. Though, compared to what we were paying for, the cost seems reasonable."
"When compared with other products, the pricing is a little bit high. But it gives value for the price. It serves the purpose and is worthwhile for the price we pay."
"Acunetix was around the same price as all the other vendors we looked at, nothing special."
"The price is exceptionally high."
"Implementing Acunetix needs a medium or larger business agency, because you need some money to get Acunetix. It is costly, but if you care about your agency's security, then maybe it's a cost that might help you in the future."
"Rapid7 Metasploit is cheaper than Tenable.io Vulnerability Management."
"I have used the free version of Rapid7 Metasploit."
"It is a reasonably priced solution. I would rate it from five out of ten."
"The pricing structure involves a one-time purchase cost of approximately twenty thousand dollars or euros for all customers."
"The cost is approximately $15 per device."
"The great advantage with Rapid7 Metasploit, of course, is that it's free."
"We pay monthly. The pricing is reasonable."
"There are two versions available, one of which is the Pro version, and the other is the free version."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
12%
Manufacturing Company
6%
Retailer
6%
Computer Software Company
18%
Financial Services Firm
14%
Government
9%
Manufacturing Company
8%
Computer Software Company
18%
Financial Services Firm
10%
Manufacturing Company
10%
Educational Organization
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
Pricing for Zafran Security is not expensive. We have a contract for five years, and the cost is lower than other too...
What needs improvement with Zafran Security?
I would like to see an integration with Check Point firewalls. It's essential for us and they are currently working o...
What is your primary use case for Zafran Security?
We use Zafran Security for threat prioritization. We establish priority to understand which risks should be patched o...
What do you like most about Acunetix Vulnerability Scanner?
The tool's most valuable feature is scan configurations. We use it for external physical applications. The scanning t...
What is your primary use case for Acunetix Vulnerability Scanner?
I typically use Acunetix ( /products/acunetix-reviews ) to identify vulnerabilities for clients.
What advice do you have for others considering Acunetix Vulnerability Scanner?
I would recommend Acunetix to others. Overall, I rate this solution seven out of ten.
What do you like most about Rapid7 Metasploit?
I use Rapid7 Metasploit for payload generation and Post-Exploitation.
What is your experience regarding pricing and costs for Rapid7 Metasploit?
Metasploit is cheaper than Nessus and offers a more robust community edition that provides a good experience for stud...
What needs improvement with Rapid7 Metasploit?
While Metasploit excels in vulnerability assessment, it could improve in vulnerability management. Nessus currently h...
 

Also Known As

No data available
AcuSensor
Metasploit
 

Overview

 

Sample Customers

Information Not Available
Joomla!, Digicure, Team Random, Credit Suisse, Samsung, Air New Zealand
City of Corpus Christi, Diebold, Lumenate, Nebraska Public Power District, Prairie North Regional Health, Apptio, Automation Direct, Bob's Stores, Cardinal Innovations Healthcare Solutions, Carnegie Mellon University
Find out what your peers are saying about Acunetix vs. Rapid7 Metasploit and other solutions. Updated: March 2025.
845,040 professionals have used our research since 2012.