We use it for penetration testing of our internal systems.
Information Security and Governance Lead Engineer at a comms service provider with 1,001-5,000 employees
It helps us understand the behaviors of our users. However, the GUI needs improvement.
Pros and Cons
- "The option to generate phishing emails has proven to be very valuable in understanding the behavior of users."
- "It contains almost all the available exploits and payloads."
- "Metasploit cannot be installed on a machine with an antivirus."
- "It is necessary to add some training materials and a tutorial for beginners."
What is our primary use case?
What is most valuable?
- The option to generate phishing emails has proven to be very valuable in understanding the behavior of users.
- It contains almost all the available exploits and payloads.
- The in-built Wireshark is valuable in performing packet analysis.
- It has different installation files for different OSs.
What needs improvement?
- The GUI version is not as effective as a command prompt. For general users, the PT using GUI could be improved. At the same, the track of a phishing emails were not accurate sometimes. Rapid7 could work on this further.
- Metasploit cannot be installed on a machine with an antivirus. This could be improved.
- There were times when it hung, then I had to restart the DB service. This leaves an area of improvement for them.
- It is necessary to add some training materials and a tutorial for beginners.
For how long have I used the solution?
One to three years.
Buyer's Guide
Rapid7 Metasploit
October 2024
Learn what your peers think about Rapid7 Metasploit. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
What do I think about the stability of the solution?
It is a very robust and stable product.
What do I think about the scalability of the solution?
Its scalability can be improved.
How are customer service and support?
The tech support was not as robust as our prior experience with Cisco. With Cisco, we had immediate response.
How was the initial setup?
The initial setup was easy and straightforward.
There is also a manual setup available for installation, both for Windows and Linux. We just had to uninstall the antivirus and disable the firewall. This is not recommended.
What's my experience with pricing, setup cost, and licensing?
It is expensive. Our license expired, and our company is not thinking to renew because of our budget.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Manager of Data Center at a integrator with 51-200 employees
Metasploit is the top choice of the best information security professionals and penetration testers
Valuable Features:
Good features-
1) Availability of both graphical and command line interfaces.
2) HTML based report collection
3) Integration with PostgreSQL
4) Integration of NMAP for network scanning, brute force techniques
5) Around 800 active modules with exploits for linux, bsd , microsoft and MacOS
6) Collaboration with team feature also available
7) Open Source
8)Integration with Backtrack OS
Room for Improvement:
Few cons of metasploit are
1) Exploit updates are slow after security patches to a certain OS
2) High resource utilization when run under Window7 and Windows Server 2008 R2
3) Fewer browser exploits
4) Payloads not extremely effective against updated anti viruses.
Other Advice:
Metasploit is the most favored toolkit for network security professionals and penetration testers. It is one of the best tools for zero day exploits and payloads for operating systems such as, Microsoft Windows, Linux, and Sun Solaris. Metasploit, which has been written in Ruby, provides the ability to seamlessly create and simulate attacks on networks and provide protection. It deals with the largest database of exploits, till date available, in a single tool for both active and passive attacks on networks and applications.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Rapid7 Metasploit Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Vulnerability ManagementPopular Comparisons
Darktrace
Qualys VMDR
Tenable Nessus
Tenable Security Center
Rapid7 InsightVM
Tenable Vulnerability Management
Fortinet FortiWeb
Vectra AI
Orca Security
Cato SASE Cloud Platform
Pentera
Illumio
Akamai Guardicore Segmentation
Acunetix
Buyer's Guide
Download our free Rapid7 Metasploit Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How inadvisable is it to use a single vulnerability analysis tool?
- What are the benefits of continuous scanning for vulnerability management?
- When evaluating Vulnerability Management, what aspect do you think is the most important to look for?
- What is a more effective approach to cyber defense: risk-based vulnerability management or vulnerability assessment?
- What are the main KPIs that need to be implemented to have better posture in vulnerability projects?
- Which is the best vulnerability scanner tool?
- What are your recommended automated penetration testing tools?
- How do you use the MITRE ATT&CK framework for improving enterprise security?
- Can you recommend API for Tenable Connector into ServiceNow
- What penetration testing tool (or tools) do you recommend for SMB/SME?