Try our new research platform with insights from 80,000+ expert users

Rapid7 Metasploit pros and cons

Vendor: Rapid7

4.0 out of 5

22 reviews
95% willing to recommend

Pros & Cons summary

Rapid7 Metasploit is crucial for penetration testing, offering a wide range of exploits and payloads. It supports effective testing of Linux-based web servers and enhances security assessments with automation and Nessus result uploads. The platform improves clarity and reduces tool dependency, performing faster than Nessus without system strain. Despite the complex setup, antivirus installation limitation, and need for frequent database updates, the tool requires more user training for scalability and automation.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.

Prominent pros & cons

PROS

Rapid7 Metasploit is essential for proficient penetration testing and offers comprehensive features for exploitation and scanning.

It provides valuable support for generating phishing emails and testing Linux-based web server components.

The platform includes almost all available exploits and payloads, making it a versatile tool for targeted penetration tests.

Rapid7 Metasploit is scalable and aligns well with user needs, offering automation capabilities with the professional edition.

The technical support for Rapid7 Metasploit is helpful and responsive, further enhancing its utility for penetration testing.

CONS

The initial setup for the open-source version was a bit "tweaky."

Metasploit cannot be installed on a machine with antivirus software.

The reporting feature needs improvement, with time-consuming report fetching.

The database is not always updated with the latest vulnerabilities or zero-day exploits.

Support needs improvement, especially for non-security users.

Rapid7 Metasploit Pros review quotes

Senior Manager of System Security at a tech services company with 1,001-5,000 employees

Oct 24, 2018

It's not possible to do penetration testing without being very proficient in Metasploit.

Read full review

Information Security and Governance Lead Engineer at a comms service provider with 1,001-5,000 employees

Dec 24, 2018

The option to generate phishing emails has proven to be very valuable in understanding the behavior of users.

Read full review

reviewer1088721

Principal security consultant at a computer software company with 201-500 employees

Jun 4, 2020

The most valuable feature for us is the support for testing Linux-based web server components.

Read full review

Rapid7 Metasploit

Free Report: Rapid7 Metasploit Reviews and More

Learn what your peers think about Rapid7 Metasploit. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.

879,711 professionals have used our research since 2012.

reviewer2284569

Manager at a financial services firm with 5,001-10,000 employees

Jun 25, 2020

The reporting on the solution is good.

Read full review

reviewer1432815

Project Director at a tech services company with 1,001-5,000 employees

Oct 20, 2020

All of the features are great.

Read full review

CEO at Virtual Security International

Aug 13, 2021

The solution is open source and has many small targetted penetration tests that have been written by many people that are useful. You can choose different subjects for the test, such as Oracle databases or Apache servers.

Read full review

Mahmoud Elhamaymy

Professional services team lead at a tech services company with 1,001-5,000 employees

Oct 5, 2021

Rapid7 Metasploit is a useful product.

Read full review

Agustinus DWIJOKO

Network & Security Engineer at PT. Centrin Online Prima

May 12, 2022

Technical support has been helpful and responsive.

Read full review

Team Lead - Cyber Security & Compliance at Al Tuwairqi Group

Mar 3, 2023

The greatest advantage of Rapid7 Metasploit is that it is the only system that can directly exploit vulnerabilities on the Metasploit platform.

Read full review

Solutions Engineer at Gefura Inc.

Jun 6, 2023

Stability-wise, I rate the solution a nine out of ten...Scalability-wise, I rate the solution a nine out of ten.

Read full review

Show 9 more reviews (out of 19)

Rapid7 Metasploit Cons review quotes

Senior Manager of System Security at a tech services company with 1,001-5,000 employees

Oct 24, 2018

The initial setup was a bit "tweaky" for the open-source version.

Read full review

Information Security and Governance Lead Engineer at a comms service provider with 1,001-5,000 employees

Dec 24, 2018

Metasploit cannot be installed on a machine with an antivirus.

Read full review

reviewer1088721

Principal security consultant at a computer software company with 201-500 employees

Jun 4, 2020

Better automation capabilities would be an improvement.

Read full review

Rapid7 Metasploit

Free Report: Rapid7 Metasploit Reviews and More

Learn what your peers think about Rapid7 Metasploit. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.

879,711 professionals have used our research since 2012.

reviewer2284569

Manager at a financial services firm with 5,001-10,000 employees

Jun 25, 2020

The solution should improve the responsiveness of its live technical support.

Read full review

reviewer1432815

Project Director at a tech services company with 1,001-5,000 employees

Oct 20, 2020

At the time I was using it, the graphical user interface needed some improvements.

Read full review

CEO at Virtual Security International

Aug 13, 2021

The solution is not very scalable, it does not provide any automation to be able to scale it.

Read full review

Mahmoud Elhamaymy

Professional services team lead at a tech services company with 1,001-5,000 employees

Oct 5, 2021

Rapid7 Metasploit can add a GUI feature because it is only available online.

Read full review

Agustinus DWIJOKO

Network & Security Engineer at PT. Centrin Online Prima

May 12, 2022

We'd like them to offer better coverage of malware.

Read full review

Team Lead - Cyber Security & Compliance at Al Tuwairqi Group

Mar 3, 2023

The solution is not user-friendly and has room for improvement.

Read full review

Solutions Engineer at Gefura Inc.

Jun 6, 2023

I think areas with shortcomings that need improvement are more integration and automation.

Read full review

Show 9 more reviews (out of 19)

Product Categories

Product Categories

Vulnerability Management

Popular Comparisons

Popular Comparisons

SentinelOne Singularity Cloud Security vs Rapid7 Metasploit

Qualys VMDR vs Rapid7 Metasploit

Tenable Nessus vs Rapid7 Metasploit

Tenable Security Center vs Rapid7 Metasploit

Tenable Vulnerability Management vs Rapid7 Metasploit

Acunetix vs Rapid7 Metasploit

Check Point CloudGuard CNAPP vs Rapid7 Metasploit

Microsoft Defender Vulnerability Management vs Rapid7 Metasploit

The NodeZero Platform by Horizon3.ai vs Rapid7 Metasploit

Qualys CyberSecurity Asset Management vs Rapid7 Metasploit

Amazon Inspector vs Rapid7 Metasploit

PortSwigger Burp Suite Enterprise Edition vs Rapid7 Metasploit

Nucleus vs Rapid7 Metasploit

Arctic Wolf Managed Risk vs Rapid7 Metasploit

Cybersixgill vs Rapid7 Metasploit

See all alternatives

Product Categories

Product Categories

Vulnerability Management

Popular Comparisons

Popular Comparisons

SentinelOne Singularity Cloud Security vs Rapid7 Metasploit

Qualys VMDR vs Rapid7 Metasploit

Tenable Nessus vs Rapid7 Metasploit

Tenable Security Center vs Rapid7 Metasploit

Tenable Vulnerability Management vs Rapid7 Metasploit

Acunetix vs Rapid7 Metasploit

Check Point CloudGuard CNAPP vs Rapid7 Metasploit

Microsoft Defender Vulnerability Management vs Rapid7 Metasploit

The NodeZero Platform by Horizon3.ai vs Rapid7 Metasploit

Qualys CyberSecurity Asset Management vs Rapid7 Metasploit

Amazon Inspector vs Rapid7 Metasploit

PortSwigger Burp Suite Enterprise Edition vs Rapid7 Metasploit

Nucleus vs Rapid7 Metasploit

Arctic Wolf Managed Risk vs Rapid7 Metasploit

Cybersixgill vs Rapid7 Metasploit

See all alternatives

Related questions

54

How inadvisable is it to use a single vulnerability analysis tool?

29

What are the benefits of continuous scanning for vulnerability management?

30

When evaluating Vulnerability Management, what aspect do you think is the most important to look for?

22

What is a more effective approach to cyber defense: risk-based vulnerability management or vulnerability assessment?

224

What are the main KPIs that need to be implemented to have better posture in vulnerability projects?

100

Which is the best vulnerability scanner tool?

64

What are your recommended automated penetration testing tools?

67

How do you use the MITRE ATT&CK framework for improving enterprise security?

35

Can you recommend API for Tenable Connector into ServiceNow

21

What penetration testing tool (or tools) do you recommend for SMB/SME?