Penetration testing can potentially expose weaknesses in your Endpoint Detection and Response system. The effectiveness depends on how your EDR system is configured. If the policy is strong and well-configured, tools like Rapid7 Metasploit may not be successful. However, if the policy is poorly configured or not implemented, vulnerabilities could be exploited, and attacks, including those using Rapid7 Metasploit, may occur. Using the manual Rapid7 Metasploit software framework in Kali Linux requires command-line inputs. In contrast, the professional edition simplifies the process by allowing users to select IPs and upload Nessus results in dot Nessus format. This eliminates the need to write complex commands. In countries facing economic challenges, there is limited funding for security teams and professionals due to the country's economic conditions. The tool has delayed my certification. I don't recommend it since we get many better solutions in the market. I rate it a five out of ten.
Cyber Security Director at a manufacturing company with 5,001-10,000 employees
Real User
Top 5
2023-06-09T14:18:13Z
Jun 9, 2023
I rate Rapid7 Metasploit eight out of 10. I would recommend it. I don't have any other tools like it, and I always use it when I'm doing a pen test. Metasploit is a great solution for penetration testing, but end-to-end testing can be hard to manage if you don't have deep expertise. From the perspective of comprehensively addressing vulnerabilities, it may be hard for the average user in the community.
I would definitely recommend the solution to those planning to use it on a long-term basis. For new users planning to use it for testing, I recommend they do a PoC before starting. Overall, I rate the solution a nine out of ten.
I give the solution an eight out of ten. We should consider retiring Rapid7 Metasploit in case we find a better solution for exploitation. For example, if I compare Tenable.io Vulnerability Management and Rapid7 Metasploit, I prefer Tenable.io Vulnerability Management for vulnerability assessment. However, when it comes to penetration and exploitation, I have to go with Rapid7 Metasploit as Tenable.io Vulnerability Management does not have any tool or system to automatically inject vulnerabilities and exploit them for automated penetration testing. Therefore, if I find a similar system in the future, we should retire Rapid7 Metasploit and switch to the new architecture. Whether we are a novice or experienced IT support persons, it will be difficult to use the system, as it is difficult to use any vulnerability assessment system. In order to use these systems, we must understand what a vulnerability is and what our purpose is for using it. Rapid7 Metasploit is difficult to use, as it is not very user-friendly.
Network & Security Engineer at PT. Centrin Online Prima
Reseller
Top 5
2022-05-12T06:51:41Z
May 12, 2022
We're a Rapid7 distributer. I'm not sure which version of the solution we're using. It's likely the latest one. Any organization or enterprise should want to check for vulnerabilities in any kind of asset that they have. Using tools like Metasploit can help companies check internally. I'd rate the solution eight out of ten.
Project Director at a tech services company with 1,001-5,000 employees
Real User
2020-10-20T04:19:00Z
Oct 20, 2020
The great advantage with Rapid7 Metasploit, of course, is that it's free. You can download it and start using it for free, right away. The features are satisfactory, and you can do your job strictly with the free edition. Of course, you could do your job even better with the commercial edition. There are better products available, like Core Impact, but they are much more expensive. On a scale from one to ten, I would give Rapid7 Metasploit a rating of eight.
Senior Information Technology Security Officer at a financial services firm with 501-1,000 employees
Real User
2020-06-25T10:49:27Z
Jun 25, 2020
I used the product previously. Now, I am more of a consultant. I'm not sure what version of the solution I'm currently using is. This product is fantastic. I prefer using it. I'd rate it seven out of ten. If it wasn't for the unpredictable support, I would rate it a bit higher. If it added just a few more advancements, it would be even better still.
Principal security consultant at a computer software company with 201-500 employees
Real User
2020-06-04T09:41:24Z
Jun 4, 2020
For our needs, which is usually a dedicated environment for our customers, I cannot envision any significant improvements that need to be made. My advice for anybody who is considering this solution is that it works well as a component in a vulnerability testing platform. We use a combination of tools with a certain level of automation and integration, which gives us the flexibility that we need to accommodate customers with differing needs. There is no one tool in the market that covers everything and ultimately, Metasploit helps to produce the reports that we need. The biggest lesson that I have learned from using this product is that if proper security checks are not done during the development process then very likely, you will face major vulnerabilities or risks in the production environment. Overall, it is a very good product for penetration testing. I would rate this solution an eight out of ten.
Attackers are always developing new exploits and attack methods—Metasploit penetration testing software helps you use their own weapons against them. Utilizing an ever-growing database of exploits, you can safely simulate real-world attacks on your network to train your security team to spot and stop the real thing.
I would definitely recommend Metasploit to others. I have already recommended it to my friends. I'd rate the solution nine out of ten.
I would recommend the solution to other users. Overall, I rate the solution an eight out of ten.
Penetration testing can potentially expose weaknesses in your Endpoint Detection and Response system. The effectiveness depends on how your EDR system is configured. If the policy is strong and well-configured, tools like Rapid7 Metasploit may not be successful. However, if the policy is poorly configured or not implemented, vulnerabilities could be exploited, and attacks, including those using Rapid7 Metasploit, may occur. Using the manual Rapid7 Metasploit software framework in Kali Linux requires command-line inputs. In contrast, the professional edition simplifies the process by allowing users to select IPs and upload Nessus results in dot Nessus format. This eliminates the need to write complex commands. In countries facing economic challenges, there is limited funding for security teams and professionals due to the country's economic conditions. The tool has delayed my certification. I don't recommend it since we get many better solutions in the market. I rate it a five out of ten.
It's definitely one of the best penetration testing tools available. Overall, I would rate the solution an eight out of ten.
Overall, I would rate it nine out of ten.
I would recommend Rapid7. I rate the overall solution a nine out of ten.
I rate Rapid7 Metasploit eight out of 10. I would recommend it. I don't have any other tools like it, and I always use it when I'm doing a pen test. Metasploit is a great solution for penetration testing, but end-to-end testing can be hard to manage if you don't have deep expertise. From the perspective of comprehensively addressing vulnerabilities, it may be hard for the average user in the community.
I would definitely recommend the solution to those planning to use it on a long-term basis. For new users planning to use it for testing, I recommend they do a PoC before starting. Overall, I rate the solution a nine out of ten.
I give the solution an eight out of ten. We should consider retiring Rapid7 Metasploit in case we find a better solution for exploitation. For example, if I compare Tenable.io Vulnerability Management and Rapid7 Metasploit, I prefer Tenable.io Vulnerability Management for vulnerability assessment. However, when it comes to penetration and exploitation, I have to go with Rapid7 Metasploit as Tenable.io Vulnerability Management does not have any tool or system to automatically inject vulnerabilities and exploit them for automated penetration testing. Therefore, if I find a similar system in the future, we should retire Rapid7 Metasploit and switch to the new architecture. Whether we are a novice or experienced IT support persons, it will be difficult to use the system, as it is difficult to use any vulnerability assessment system. In order to use these systems, we must understand what a vulnerability is and what our purpose is for using it. Rapid7 Metasploit is difficult to use, as it is not very user-friendly.
We're a Rapid7 distributer. I'm not sure which version of the solution we're using. It's likely the latest one. Any organization or enterprise should want to check for vulnerabilities in any kind of asset that they have. Using tools like Metasploit can help companies check internally. I'd rate the solution eight out of ten.
I would recommend this solution to others who are interested in using it. I would rate Rapid7 Metasploit an eight out of ten.
I rate Rapid7 Metasploit a seven out of ten.
The great advantage with Rapid7 Metasploit, of course, is that it's free. You can download it and start using it for free, right away. The features are satisfactory, and you can do your job strictly with the free edition. Of course, you could do your job even better with the commercial edition. There are better products available, like Core Impact, but they are much more expensive. On a scale from one to ten, I would give Rapid7 Metasploit a rating of eight.
I used the product previously. Now, I am more of a consultant. I'm not sure what version of the solution I'm currently using is. This product is fantastic. I prefer using it. I'd rate it seven out of ten. If it wasn't for the unpredictable support, I would rate it a bit higher. If it added just a few more advancements, it would be even better still.
For our needs, which is usually a dedicated environment for our customers, I cannot envision any significant improvements that need to be made. My advice for anybody who is considering this solution is that it works well as a component in a vulnerability testing platform. We use a combination of tools with a certain level of automation and integration, which gives us the flexibility that we need to accommodate customers with differing needs. There is no one tool in the market that covers everything and ultimately, Metasploit helps to produce the reports that we need. The biggest lesson that I have learned from using this product is that if proper security checks are not done during the development process then very likely, you will face major vulnerabilities or risks in the production environment. Overall, it is a very good product for penetration testing. I would rate this solution an eight out of ten.
It's not possible to do penetration testing without being very proficient in Metasploit. It's impossible.