TrustRadius

Cofense PhishMe vs. Metasploit

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Cofense PhishMe
Score 7.4 out of 10
Enterprise companies (1,001+ employees)
Cofense PhishMe is a cyber threat and phishing simulator meant to be of use in training employees to be wary against threats and also to gain information about general employee threat knowledge and preparedness. A free trial is available for small business.N/A
Metasploit
Score 9.9 out of 10
N/A
Metasploit is open source network security software described by Rapid7 as the world’s most used penetration testing framework, designed to help security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness.N/A
Pricing
Cofense PhishMeMetasploit
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Cofense PhishMeMetasploit
Free Trial
YesNo
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
YesNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
Cofense PhishMeMetasploit
Considered Both Products
Cofense PhishMe

No answer on this topic

Metasploit
Verified User
Engineer
Chose Metasploit
Metasploit is the most well-known tool in the average pen tester's toolkit. It's hard to compare to its neighbor's due to its size and following.
Top Pros
Top Cons
Features
Cofense PhishMeMetasploit
Security
Comparison of Security features of Product A and Product B
Cofense PhishMe
7.7
4 Ratings
8% below category average
Metasploit
-
Ratings
Single sign-on capability7.34 Ratings00 Ratings
Role-based user permissions8.14 Ratings00 Ratings
Security Awareness Training
Comparison of Security Awareness Training features of Product A and Product B
Cofense PhishMe
7.1
4 Ratings
16% below category average
Metasploit
-
Ratings
Training Content Library6.94 Ratings00 Ratings
Multilingual Training Content6.74 Ratings00 Ratings
Training Gamification7.03 Ratings00 Ratings
Industry-Specific Security Training7.43 Ratings00 Ratings
Individualized Security Training Plans6.63 Ratings00 Ratings
Phishing Simulations7.23 Ratings00 Ratings
Security Reporting7.93 Ratings00 Ratings
Integration with Security Tech Stack7.33 Ratings00 Ratings
Best Alternatives
Cofense PhishMeMetasploit
Small Businesses
Barracuda Security Awareness Training
Barracuda Security Awareness Training
Score 6.9 out of 10

No answers on this topic

Medium-sized Companies
KnowBe4 Security Awareness Training
KnowBe4 Security Awareness Training
Score 9.0 out of 10
Veracode
Veracode
Score 8.5 out of 10
Enterprises
Hoxhunt
Hoxhunt
Score 9.3 out of 10
Veracode
Veracode
Score 8.5 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
Cofense PhishMeMetasploit
Likelihood to Recommend
8.5
(28 ratings)
10.0
(6 ratings)
Likelihood to Renew
9.1
(1 ratings)
-
(0 ratings)
Usability
7.3
(2 ratings)
-
(0 ratings)
Support Rating
9.1
(4 ratings)
7.0
(1 ratings)
Online Training
9.1
(1 ratings)
-
(0 ratings)
Implementation Rating
8.2
(1 ratings)
-
(0 ratings)
Vendor post-sale
9.1
(1 ratings)
-
(0 ratings)
Vendor pre-sale
9.1
(1 ratings)
-
(0 ratings)
User Testimonials
Cofense PhishMeMetasploit
Likelihood to Recommend
Cofense
Cofense PhishMe is an excellent solution for scenarios where it will be sold as a managed service. I believe that PhishMe is too expensive for many clients and instead would benefit from the economies of scale where an MSSP sells it as part of a whole service, which offers the analysts and reporting included. PhishMe is excellent for training and awareness of Phishing, but shouldn't replace mandatory training for new joiners or yearly refreshers, it should only be used as an additional training option.
Verified User
Anonymous
Read full review
Rapid7
It is easy to use with sufficient documentation on how to use the tools for end users or newbies. Experienced testers will find it easy to customise and configure the test cases. Just wished that I could have taken up a course on using this tool in my study days so that I could had explored more and improved my familiarity with the tool, unlike when working where access and time to explore the other features of the tool is limited
Verified User
Anonymous
Read full review
Pros
Cofense
  • It gives clear-cut segregation of different parts of an email, header, text and HTML body, URL, attachments, HTML preview and some analytical insight like "similar reports." This distinctive approach actually helps reduce data overload during an analysis.
  • The URLs captured here pass through an automatic reputation check [in our case VirusTotal] and add a tag of the reputation. If it is a well-known bad URL the tag helps us take the decision fast.
  • For creating automation rules on the reported emails the "Recipes" section is really helpful. We can create easy recipes [or rules ] to handle a huge flow of reports and also we can create more sophisticated rules depending on the Cyber intelligence feed to catch the really bad currently less known attack attempts by malicious emails.
  • The "Threat Indicators" section is also useful to use as a threat intelligence source to check the URLs for their maliciousness.
SC
Sarthak Chand
Information Security Manager
Read full review
Rapid7
  • Scanning our network for new or existing vulnerable systems.
  • Automation of manual tests and exploits to allow what used to be days of effort to be squeezed into hours.
  • Metasploit has become an integral part in our validation of new systems before their inclusion in our production network.
Verified User
Anonymous
Read full review
Cons
Cofense
  • Completely switching to the new UI - Most is redesigned, but some old elements remain
  • Ability to spoof known brands - limited in scope now and you are not allowed to use fully "convincing" campaigns that we are seeing in the wild
  • Ability to own and manage own domains - right now adding a new company domain requires a ticket, allow us to add/verify ourselves
Verified User
Anonymous
Read full review
Rapid7
  • Have encountered issues with updating especially after moving from BackTrack to Kali.
  • Sometimes it gets a little buggy, but that's a rare occurrence.
Verified User
Anonymous
Read full review
Usability
Cofense
Its built with UX in mind and is aimed at non-tech people, to ensure that almost everyone can run the campaign. But if we go deeper - sometimes you will need an HTML editor or support in order to figure out some advanced edits you might want to add in your scenarios.
Alexander Bagrov | TrustRadius Reviewer
Alexander Bagrov
Information Security Specialist
Read full review
Rapid7
No answers on this topic
Support Rating
Cofense
I have not had to use their support for pretty much anything. The software works well, and is very intuitive. I would imagine their support would be rather basic as there is not too much that can go wrong with a report phishing button, and if it were I would probably consider a different software.
Ryan Fultz | TrustRadius Reviewer
Ryan Fultz
On Site Technician
Read full review
Rapid7
We don't use it.
Omar Israel Sánchez Monroy | TrustRadius Reviewer
Omar Israel Sánchez Monroy
Auditor de Seguridad de la Información
Read full review
Online Training
Cofense
It's a must, even if you are never going to use the tool. Cofense aims to provide phishing training first and tool second.
Alexander Bagrov | TrustRadius Reviewer
Alexander Bagrov
Information Security Specialist
Read full review
Rapid7
No answers on this topic
Implementation Rating
Cofense
There are some hiccups, but there are meant to be, when you implement something in a large scale enterprise.
Alexander Bagrov | TrustRadius Reviewer
Alexander Bagrov
Information Security Specialist
Read full review
Rapid7
No answers on this topic
Alternatives Considered
Cofense
Cofense PhishMe was the first choice for us as the user interface as well as their bundle package with Cofense Triage and Vision has helped the organisation to alleviate the overall security awareness posture. The other vendors did not provide a vast range of phishing scenarios as compared to Cofense PhishMe platform.
Verified User
Anonymous
Read full review
Rapid7
Metasploit is an all around good suite of tools to test and validate potential vulnerabilites. Other tools have bits and pecies such as Nmap, Nessus, Burp Suite, etc. but Metasploit can function in the same way but more.
Alan Matson, CCNA:S, MCP | TrustRadius Reviewer
Alan Matson, CCNA:S, MCP
Senior Network Security Engineer
Read full review
Return on Investment
Cofense
  • Recipes in the system are capable of handling almost 2x what an analyst does, which cuts down the efforts [of] an analyst and provides more time for accurate strategies.
  • With roughly 90% false positives coming through, the remaining 10% of true positives need as much attention as they can get for the full investigation and analysis.
  • 1,500 or more phishing messages can come through in a given week and the amount of time/employees required to review this without a tool like Cofense is surely beyond [the] expected/anticipated budget.
Verified User
Anonymous
Read full review
Rapid7
  • If you prevent an attack you will save a lot of money.
  • There is a free version that has a lot of useful exploits.
  • You can run it in an open source OS.
Omar Israel Sánchez Monroy | TrustRadius Reviewer
Omar Israel Sánchez Monroy
Auditor de Seguridad de la Información
Read full review
ScreenShots

Cofense PhishMe Screenshots

Screenshot of Image 1 – Board of Directors (BOD) report showcasing results of your phishing defense programScreenshot of Image 2 – Create New Scenario PageScreenshot of Image 3 – Intelligent Program Automation using PlaybooksScreenshot of Image 4 – Organizational Suspicious Email Reporting StatisticsScreenshot of Image 5 – Phishing Scam Announcement Templates