Try our new research platform with insights from 80,000+ expert users

Pentera vs Rapid7 Metasploit comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Pentera
Average Rating
7.8
Reviews Sentiment
7.2
Number of Reviews
9
Ranking in other categories
Penetration Testing Services (2nd), Breach and Attack Simulation (BAS) (1st)
Rapid7 Metasploit
Average Rating
7.8
Reviews Sentiment
7.1
Number of Reviews
21
Ranking in other categories
Vulnerability Management (20th)
 

Mindshare comparison

Pentera and Rapid7 Metasploit aren’t in the same category and serve different purposes. Pentera is designed for Breach and Attack Simulation (BAS) and holds a mindshare of 30.4%, up 27.2% compared to last year.
Rapid7 Metasploit, on the other hand, focuses on Vulnerability Management, holds 1.6% mindshare, down 1.7% since last year.
Breach and Attack Simulation (BAS)
Vulnerability Management
 

Featured Reviews

Richard Marlow - PeerSpot reviewer
Provides good features and helps monitor the status of ransomware protection in an organization
The tool is quite scalable. There's a one-to-one relationship between the engine and how many scans we can do. We can only do one scan with one engine. We had some issues around the password assessments because we added a lot of users. It took a long time. I rate the scalability a seven out of ten. We have three users in our organization.
Mani Bommisetty - PeerSpot reviewer
Comprehensive insights with robust vulnerability detection and streamlined alert management
Rapid7 has a significant advantage in providing a clear picture of my environment. It provides insight and incident detection response capabilities. When deployed with the same agent in servers or endpoints, it identifies vulnerabilities and monitors data transmission to external sources. Rapid7 offers comprehensive features within one platform, eliminating the need to integrate multiple tools to see all alerts in one place.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The platform's most valuable features are credential management and vulnerability management."
"The vulnerability scanner, exploit achievements, and remediation actions are all great."
"Maybe there are some remediation steps on the website, we can mask sensitive information on the website better."
"The solution is SaaS-based. From a cloud perspective, it has Pentera Surface and Pentera Core. The Core is the on-prem deployed solution, while the Surface is the cloud-hosted solution that scans your public infrastructure. From the Surface perspective, the most valuable feature so far has been the attack surface mapping."
"The tool showed us that our ransomware protection wasn’t working on some machines."
"What I like the most about Pentera is its solution-oriented approach."
"The most valuable feature of Pentera is that you can do continuous vulnerability assessment, which is automated."
"Pentera has many authentic features."
"The solution is open source and has many small targetted penetration tests that have been written by many people that are useful. You can choose different subjects for the test, such as Oracle databases or Apache servers."
"Technical support has been helpful and responsive."
"The reporting on the solution is good."
"When I compare Metasploit with Nessus, I find that Metasploit is faster and it does not burden the system as much."
"The most valuable features of Metasploit include its powerful capabilities for exploitation and scanning."
"It contains almost all the available exploits and payloads."
"It allows us to concentrate solely on identified vulnerabilities without the hassle of additional setup."
"The greatest advantage of Rapid7 Metasploit is that it is the only system that can directly exploit vulnerabilities on the Metasploit platform."
 

Cons

"There is room for improvement in virtualization compatibility."
"One of the big issues we have is that the tool has an additional license for compromised credentials. Suppose compromised credentials for any of your domains appear in leaks, dumps, or are being sold. In that case, they try to aggregate that data and highlight that, for example, ten users appeared in recent dumps as compromised credentials. However, they don't provide much information about where those compromises came from or their source information, probably to protect their sources."
"Pentera's general dashboards could be improved and made more specific in terms of vulnerabilities that I'm discovering."
"The automated penetration testing features must be improved."
"The vulnerability scanner, exploit achievements, and remediation actions are all great."
"The licensing and IP management need improvement. When the IP is imported into a system, we cannot withdraw or revoke the license."
"One area for product improvement could be the inclusion of a dashboard to cover multiple branches and subsidiaries, allowing for centralized monitoring."
"The price could be improved."
"I think areas with shortcomings that need improvement are more integration and automation."
"The initial setup was a bit "tweaky" for the open-source version."
"Support is another area where improvement is needed, particularly for assisting non-security users."
"The reporting feature needs improvement."
"The database is not always updated with the latest vulnerabilities or zero-day exploits."
"Better automation capabilities would be an improvement."
"The solution is not very scalable, it does not provide any automation to be able to scale it."
"If your company's patch is not up to date, but you have other detection or defense solutions such as endpoint detection and response and antivirus software, the product exploit may not work effectively. This is because its exploit database update process is slow and not real-time. For zero-day vulnerabilities or new security threats, relying on Rapid7 Metasploit alone may not be effective."
 

Pricing and Cost Advice

"The tool is relatively cheap."
"The product's cost is reasonable. I rate the pricing a three out of ten."
"It's not that expensive, but it could be more cost-effective."
"We have to pay a yearly licensing cost for Pentera."
"It is a reasonably priced solution. I would rate it from five out of ten."
"It is expensive. Our license expired, and our company is not thinking to renew because of our budget."
"Rapid7 Metasploit is cheaper than Tenable.io Vulnerability Management."
"I use the open-source version of this product. Pricing is not relevant."
"There are two versions available, one of which is the Pro version, and the other is the free version."
"We pay monthly. The pricing is reasonable."
"Rapid7 Metasploit is an open-source solution."
"The great advantage with Rapid7 Metasploit, of course, is that it's free."
report
Use our free recommendation engine to learn which Breach and Attack Simulation (BAS) solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
14%
Computer Software Company
13%
Manufacturing Company
9%
Educational Organization
6%
Computer Software Company
18%
Financial Services Firm
10%
Manufacturing Company
10%
Educational Organization
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Pentera?
What I like the most about Pentera is its solution-oriented approach.
What needs improvement with Pentera?
The licensing and IP management need improvement. When the IP is imported into a system, we cannot withdraw or revoke the license.
What is your primary use case for Pentera?
I am using the OpenIntra solution for pentesting and managing candidates in my environment. I also use this solution for house customers.
What do you like most about Rapid7 Metasploit?
I use Rapid7 Metasploit for payload generation and Post-Exploitation.
What is your experience regarding pricing and costs for Rapid7 Metasploit?
Metasploit is cheaper than Nessus and offers a more robust community edition that provides a good experience for studying Metasploit. This makes it a more economical choice for projects compared to...
What needs improvement with Rapid7 Metasploit?
While Metasploit excels in vulnerability assessment, it could improve in vulnerability management. Nessus currently holds the advantage in management functions. Support is another area where improv...
 

Comparisons

 

Also Known As

No data available
Metasploit
 

Overview

 

Sample Customers

Blackstone Group Caterpillar Apria Healthcare Taylor Vinters Sandler Capital Management Drawbridge BNP Paribas British Red Cross
City of Corpus Christi, Diebold, Lumenate, Nebraska Public Power District, Prairie North Regional Health, Apptio, Automation Direct, Bob's Stores, Cardinal Innovations Healthcare Solutions, Carnegie Mellon University
Find out what your peers are saying about Pentera vs. Rapid7 Metasploit and other solutions. Updated: January 2025.
845,040 professionals have used our research since 2012.