I use this solution to check if there are any vulnerabilities that I find during scanning.
Senior Manager of System Security at a tech services company with 1,001-5,000 employees
The integration between Nmap, the database and Metasploit saves a lot of time. The initial setup was a bit tricky.
Pros and Cons
- "It's not possible to do penetration testing without being very proficient in Metasploit."
- "The initial setup was a bit "tweaky" for the open-source version."
What is our primary use case?
How has it helped my organization?
The search engine is actually pretty cool. It actually allows you to search the vulnerability very fast, and the big difference is that the exploit you see on Metasploit has been tested and imported, it's going to work and it is not going to crash anything. That's a big thing. That's basically why I use it.
What is most valuable?
The most valuable one is the integration between Nmap, the database and Metasploit. That saves a lot of time.
For how long have I used the solution?
More than five years.
Buyer's Guide
Rapid7 Metasploit
November 2024
Learn what your peers think about Rapid7 Metasploit. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
What do I think about the stability of the solution?
I had some issues with stability in the past, but it appears that the latest upgraded version has sorted out those issues.
What do I think about the scalability of the solution?
I do not think it scales. But, I do not understand why someone would want to scale Metasploit, at it is very specific on what you are attacking. It attacks a particular server. You can only scale if you are using Nmap.
How was the initial setup?
The initial setup was a bit "tweaky" for the open-source version.
What's my experience with pricing, setup cost, and licensing?
I use the open-source version, not the paid version of this product.
Which other solutions did I evaluate?
We looked at Metasploit vs Tenable Nessus and Metasploit vs OpenVAS. These solutions were more general scanners, and not as precise as Metasploit.
What other advice do I have?
It's not possible to do penetration testing without being very proficient in Metasploit. It's impossible.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Manager of Data Center at a integrator with 51-200 employees
Metasploit is the top choice of the best information security professionals and penetration testers
Valuable Features:
Good features-
1) Availability of both graphical and command line interfaces.
2) HTML based report collection
3) Integration with PostgreSQL
4) Integration of NMAP for network scanning, brute force techniques
5) Around 800 active modules with exploits for linux, bsd , microsoft and MacOS
6) Collaboration with team feature also available
7) Open Source
8)Integration with Backtrack OS
Room for Improvement:
Few cons of metasploit are
1) Exploit updates are slow after security patches to a certain OS
2) High resource utilization when run under Window7 and Windows Server 2008 R2
3) Fewer browser exploits
4) Payloads not extremely effective against updated anti viruses.
Other Advice:
Metasploit is the most favored toolkit for network security professionals and penetration testers. It is one of the best tools for zero day exploits and payloads for operating systems such as, Microsoft Windows, Linux, and Sun Solaris. Metasploit, which has been written in Ruby, provides the ability to seamlessly create and simulate attacks on networks and provide protection. It deals with the largest database of exploits, till date available, in a single tool for both active and passive attacks on networks and applications.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Rapid7 Metasploit Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Vulnerability ManagementPopular Comparisons
Qualys VMDR
Tenable Nessus
Tenable Security Center
Tenable Vulnerability Management
Orca Security
Pentera
Acunetix
Skybox Security Suite
Check Point CloudGuard CNAPP
Microsoft Defender Vulnerability Management
The NodeZero Platform
Amazon Inspector
PortSwigger Burp Suite Enterprise Edition
Nucleus
Arctic Wolf Managed Risk
Buyer's Guide
Download our free Rapid7 Metasploit Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How inadvisable is it to use a single vulnerability analysis tool?
- What are the benefits of continuous scanning for vulnerability management?
- When evaluating Vulnerability Management, what aspect do you think is the most important to look for?
- What is a more effective approach to cyber defense: risk-based vulnerability management or vulnerability assessment?
- What are the main KPIs that need to be implemented to have better posture in vulnerability projects?
- Which is the best vulnerability scanner tool?
- What are your recommended automated penetration testing tools?
- How do you use the MITRE ATT&CK framework for improving enterprise security?
- Can you recommend API for Tenable Connector into ServiceNow
- What penetration testing tool (or tools) do you recommend for SMB/SME?