Try our new research platform with insights from 80,000+ expert users
Rostum Tampor - PeerSpot reviewer
Solutions Engineer at Gefura Inc.
Reseller
Top 10
With a good user interface, the solution is also stable and scalable
Pros and Cons
  • "Stability-wise, I rate the solution a nine out of ten...Scalability-wise, I rate the solution a nine out of ten."
  • "I think areas with shortcomings that need improvement are more integration and automation."

What is our primary use case?

I use the solution for the validation of vulnerability.

What is most valuable?

For the solution, I think it's the user interface and usability that are the main features of the solution. Also, you can do more with the interface.

Some features that are not available on the console are available in the user interface, like, for example, the creation of payload. The creation of a payload is a tough part in the terminal. So, it is kind of handy when we use Rapid7 Metasploit.

What needs improvement?

I think areas with shortcomings that need improvement are more integration and automation.

For how long have I used the solution?

I have been using Rapid7 Metasploit for two years. Also, I am using the solution's latest version. I'm a customer and a reseller of the solution.

Buyer's Guide
Rapid7 Metasploit
December 2024
Learn what your peers think about Rapid7 Metasploit. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.

What do I think about the stability of the solution?

Stability-wise, I rate the solution a nine out of ten.

What do I think about the scalability of the solution?

Scalability-wise, I rate the solution a nine out of ten.

Which solution did I use previously and why did I switch?

Previously, we were using BurpSuite. We switched to Rapid7 Metasploit because of its features.

How was the initial setup?

On a scale from one to ten, one being difficult and ten being easy, I rate the setup a ten.

The deployment takes around twenty to thirty minutes maximum.

The setup process can be carried out by a single person.

What's my experience with pricing, setup cost, and licensing?

On a scale of one to ten, where one is cheap and ten is expensive, I rate the product's pricing a six. So it's fairly priced.

What other advice do I have?

I would definitely recommend the solution to those planning to use it on a long-term basis. For new users planning to use it for testing, I recommend they do a PoC before starting.

Overall, I rate the solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer2295975 - PeerSpot reviewer
Senior cybersecurity engineer at a aerospace/defense firm with 5,001-10,000 employees
Real User
Top 5
Easy to setup and good for penetration testing
Pros and Cons
  • "It is scalable. It's in line with our needs."
  • "I would like to see more capabilities, more functions, and more features. More types of attack vectors."

What is our primary use case?

Our use case is for penetration testing. 

What is most valuable?

My organization has been happy with it.

What needs improvement?

I would like to see more capabilities, more functions, and more features. More types of attack vectors.

For how long have I used the solution?

I have experience with this solution. Like, I have been aware of this product for a few years. 

What do I think about the stability of the solution?

I would rate the stability a seven out of ten. It's not a ten. There is room for improvement.

What do I think about the scalability of the solution?

It is scalable. It's in line with our needs. There are around five end users. We have possible plans to increase the further usage.

How was the initial setup?

The initial setup is fairly easy.

What about the implementation team?

We deployed it ourselves.

What was our ROI?

It is worth it.

What's my experience with pricing, setup cost, and licensing?

We pay monthly. The pricing is reasonable. There are additional costs. 

Which other solutions did I evaluate?

I may have considered others, but Rapid7 was the one that stood out to me.

What other advice do I have?

It's definitely one of the best penetration testing tools available. Overall, I would rate the solution an eight out of ten. 

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Rapid7 Metasploit
December 2024
Learn what your peers think about Rapid7 Metasploit. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
reviewer1432815 - PeerSpot reviewer
Project Director at a tech services company with 1,001-5,000 employees
Real User
A free and impactful penetration testing solution
Pros and Cons
  • "All of the features are great."
  • "At the time I was using it, the graphical user interface needed some improvements."

What is our primary use case?

I used the community edition. It's a very handy and powerful product. For a free product, the capabilities are absolutely astonishing.

I used Rapid7 Metasploit as a marketing solution. I was working as a security expert and whenever I would meet a client as a consultant or a freelancer, I would open my laptop and start using the software.

Rapid7 Metasploit is a standalone solution, intended to be used by one person, but it can be used by a few people in a team — maybe 10 people or less.

What is most valuable?

All of the features are great. I used it as a tool for penetration testing. The exploitation capabilities and the development in general, are all great. It's open-source and very handy. 

What needs improvement?

At the time I was using it, the graphical user interface needed some improvements. It might be better now because there was a very big community behind it, and of course, newer versions are always improved. The free, community edition I was using, lacked some very specific exploits but, as I remember, under the commercial version, you could find your exploits.

All the features that are available on the command line could be integrated with the graphical user interface.

For how long have I used the solution?

I used Rapid7 Metasploit for more than five years.

What do I think about the stability of the solution?

The earlier versions had some bugs, but the last version, Version Four, was much more stable compared to the previous versions — which we stopped using because of the bugs.

What do I think about the scalability of the solution?

The scalability is not that good.

When you use the command-line interface, not very much of the process is automated. There should always be an expert present to work with the software. Under the GUI, I believe there are some features that can be automated for testing.

The solution was not intended to be automated because penetration testing requires attention and caution because it's done on a live network with line services. Automation can damage the target network or the system on the network.

You can automate the input of data, but the results are not satisfactory.

The scalability should definitely be improved.

How are customer service and technical support?

As it's a free product, the community edition doesn't include any technical support. I haven't used the commercial edition so I can't comment on their support.

In terms of development, the team of developers that supports the software is very active and quick to help. In short, the software is being maintained very actively, and I do believe the customer support should be the same.

I would like to see some support available for the free version; however, there are a lot of open-source materials available to solve any issues, so for me personally, there wasn't any need for technical support.

How was the initial setup?

If you want to install it separately on a fresh new Linux, the solution is still effective. The installation is very, very straightforward.

What other advice do I have?

The great advantage with Rapid7 Metasploit, of course, is that it's free. You can download it and start using it for free, right away. The features are satisfactory, and you can do your job strictly with the free edition. Of course, you could do your job even better with the commercial edition. 

There are better products available, like Core Impact, but they are much more expensive.

On a scale from one to ten, I would give Rapid7 Metasploit a rating of eight.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1369920 - PeerSpot reviewer
Senior Information Technology Security Officer at a financial services firm with 501-1,000 employees
Real User
Good reporting; very good at detecting vulnerabilities, and quite stable
Pros and Cons
  • "The reporting on the solution is good."
  • "The solution should improve the responsiveness of its live technical support."

What is our primary use case?

We're using the solution in conjunction with some governmental agencies.

What is most valuable?

The solution automatically discovers vulnerabilities. We don't need to update or fine-tune the tool. It automatically handles that itself.

The reporting on the solution is good.

What needs improvement?

The solution should be more user friendly. Right now, a user needs a certain level of technicality.

The solution should improve the responsiveness of its live technical support.

What do I think about the stability of the solution?

The solution has been stable so far. I hope it stays that way. We haven't experienced bugs or glitches. There haven't been crashes.

What do I think about the scalability of the solution?

So far, for our purposes, we've never run into issues with scalability. It's been good. I'm not sure how it would be for other companies, however, I don't forsee there being any issues if they should require the solution to expand to meet their needs.

How are customer service and technical support?

Technical support is okay. If you access its resources online, it's quite helpful. However, if you need to contact them directly, they can be quite sluggish in their response. It's sort-of unpredictable.

Which solution did I use previously and why did I switch?

We did use different solutions previously. I know of a few other products the organization utilized before this product.

How was the initial setup?

The initial setup isn't too complex. If you have a bit of a technical background, you should be fine installing the solution without facing any issues. A person with no technical background, however, may find it challenging.

What's my experience with pricing, setup cost, and licensing?

The pricing of the solution is pretty good. That said, it would be good if there could be more of a discount. It would be better for us.

What other advice do I have?

I used the product previously. Now, I am more of a consultant.

I'm not sure what version of the solution I'm currently using is.

This product is fantastic. I prefer using it. I'd rate it seven out of ten. If it wasn't for the unpredictable support, I would rate it a bit higher. If it added just a few more advancements, it would be even better still.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1675638 - PeerSpot reviewer
Cyber Security Director at a manufacturing company with 5,001-10,000 employees
Real User
Top 5
It's a great open-source solution for penetration testing
Pros and Cons
  • "I don't have any other tools like it, and I always use it when I'm doing a pen test. Metasploit is a great solution for penetration testing,"
  • "The open-source version has reporting limitations. You need to develop these capabilities yourself. Built-in reporting is an excellent feature for penetration testing, but it isn't a must-have. The solution could also cover more vulnerabilities. Metasploit has around 10,000 exploits in its library, but more is always better."

What is our primary use case?

We use Metasploit for penetration testing. Three to five testers use it annually. 

What needs improvement?

The open-source version has reporting limitations. You need to develop these capabilities yourself. Built-in reporting is an excellent feature for penetration testing, but it isn't a must-have. The solution could also cover more vulnerabilities. Metasploit has around 10,000 exploits in its library, but more is always better. 

For how long have I used the solution?

I have used Metasploit for more than 10 years.

What do I think about the stability of the solution?

I rate Metasploit nine out of 10 for stability. 

How was the initial setup?

Deploying Metasploit is straightforward and only took a few minutes. I'm using a pre-installed package that updates itself in a couple of minutes, but I don't think it takes much time to install it from scratch. Metasploit doesn't require maintenance after deployment. 

What's my experience with pricing, setup cost, and licensing?

We use the free open-source edition. 

What other advice do I have?

I rate Rapid7 Metasploit eight out of 10. I would recommend it. I don't have any other tools like it, and I always use it when I'm doing a pen test. Metasploit is a great solution for penetration testing, but end-to-end testing can be hard to manage if you don't have deep expertise. From the perspective of comprehensively addressing vulnerabilities, it may be hard for the average user in the community. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1088721 - PeerSpot reviewer
Principal security consultant at a computer software company with 201-500 employees
Real User
Straightforward to set up, and helpful for moving from development to production
Pros and Cons
  • "The most valuable feature for us is the support for testing Linux-based web server components."
  • "Better automation capabilities would be an improvement."

What is our primary use case?

We are a solution provider and we offer a variety of services that include security and vulnerability management. Rapid7 Metasploit is one of the products that we use to identify vulnerabilities.

Specifically, Metasploit is for penetration testing. It uses models to check for exploitable vulnerabilities, and if one is detected then we would raise the importance of solving the problem. We normally operate Metasploit at the client site, which helps us to explore and assess the vulnerabilities directly in the environment.

How has it helped my organization?

This solution allows us to offer additional services to our clients. Projects can vary, where one will include vulnerability testing and another may include penetration testing.

One of the services that we provide is security during the development process. This means that beyond user acceptance and performance testing, we are doing all of the security tests. It helps customers ensure that the code they are developing and deploying has all of the necessary security controls.

What is most valuable?

The most valuable feature for us is the support for testing Linux-based web server components.

What needs improvement?

Integration with popular vulnerability scanners would be a useful feature.

Better automation capabilities would be an improvement. For example, if a project is moving from a development to a testing environment, then automation is crucial. We are using Jenkins, JIRA, and other tools for SecOps and DevOps. If somebody is storing code or a project in SVN then it needs to be fully automated. We need the ability for the scanner to run, then have Checkmarx scan them, then exploit the vulnerabilities if any are found. 

For how long have I used the solution?

We began working with Metasploit about 15 years ago.

What do I think about the stability of the solution?

I do not have any complaints about stability, as it has been fine.

What do I think about the scalability of the solution?

For the projects that we have worked on, the scalability has been fine. I'm not sure how it would perform in a hybrid environment, but for our on-premises deployment, it is quite a nice product.

We have a team of 12 people and it is used for perhaps 10 large companies.

How are customer service and technical support?

We have not been in contact with technical support.

Which solution did I use previously and why did I switch?

When we do application-level penetration testing, we employ some manual techniques. Metasploit is generally used at the infrastructure level. We did not use another solution prior to this one.

How was the initial setup?

The initial setup is pretty straightforward. We have been working with this product for several years and it isn't a problem for us to set it up. The deployment can be completed in a matter of hours, depending on the size of the environment.

What other advice do I have?

For our needs, which is usually a dedicated environment for our customers, I cannot envision any significant improvements that need to be made.

My advice for anybody who is considering this solution is that it works well as a component in a vulnerability testing platform. We use a combination of tools with a certain level of automation and integration, which gives us the flexibility that we need to accommodate customers with differing needs. There is no one tool in the market that covers everything and ultimately, Metasploit helps to produce the reports that we need.

The biggest lesson that I have learned from using this product is that if proper security checks are not done during the development process then very likely, you will face major vulnerabilities or risks in the production environment.

Overall, it is a very good product for penetration testing.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer2378706 - PeerSpot reviewer
Senior Cyber Security Analyst at a tech services company with 501-1,000 employees
Real User
Top 10
Used for payload generation and Post-Exploitation
Pros and Cons
  • "I use Rapid7 Metasploit for payload generation and Post-Exploitation."
  • "Rapid7 Metasploit could be made easier for new users to learn."

What is most valuable?

I use Rapid7 Metasploit for payload generation and Post-Exploitation.

What needs improvement?

Rapid7 Metasploit could be made easier for new users to learn.

For how long have I used the solution?

I have been using Rapid7 Metasploit for one to two years.

How was the initial setup?

The solution’s initial setup is easy.

What's my experience with pricing, setup cost, and licensing?

I have used the free version of Rapid7 Metasploit.

What other advice do I have?

I would recommend the solution to other users.

Overall, I rate the solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Informate5e5 - PeerSpot reviewer
Information Security and Governance Lead Engineer at a comms service provider with 1,001-5,000 employees
Real User
It helps us understand the behaviors of our users. However, the GUI needs improvement.
Pros and Cons
  • "The option to generate phishing emails has proven to be very valuable in understanding the behavior of users."
  • "It contains almost all the available exploits and payloads."
  • "Metasploit cannot be installed on a machine with an antivirus."
  • "It is necessary to add some training materials and a tutorial for beginners."

What is our primary use case?

We use it for penetration testing of our internal systems. 

What is most valuable?

  • The option to generate phishing emails has proven to be very valuable in understanding the behavior of users. 
  • It contains almost all the available exploits and payloads. 
  • The in-built Wireshark is valuable in performing packet analysis. 
  • It has different installation files for different OSs.

What needs improvement?

  • The GUI version is not as effective as a command prompt. For general users, the PT using GUI could be improved. At the same, the track of a phishing emails were not accurate sometimes. Rapid7 could work on this further. 
  • Metasploit cannot be installed on a machine with an antivirus. This could be improved. 
  • There were times when it hung, then I had to restart the DB service. This leaves an area of improvement for them.
  • It is necessary to add some training materials and a tutorial for beginners.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It is a very robust and stable product. 

What do I think about the scalability of the solution?

Its scalability can be improved.

How is customer service and technical support?

The tech support was not as robust as our prior experience with Cisco. With Cisco, we had immediate response. 

How was the initial setup?

The initial setup was easy and straightforward. 

There is also a manual setup available for installation, both for Windows and Linux. We just had to uninstall the antivirus and disable the firewall. This is not recommended. 

What's my experience with pricing, setup cost, and licensing?

It is expensive. Our license expired, and our company is not thinking to renew because of our budget. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Rapid7 Metasploit Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Product Categories
Vulnerability Management
Buyer's Guide
Download our free Rapid7 Metasploit Report and get advice and tips from experienced pros sharing their opinions.