John the Ripper vs. Metasploit vs. Nmap

Nmap

Overview
Product	Rating	Most Used By	Product Summary	Starting Price
John the Ripper	Score 8.0 out of 10	N/A	John the Ripper is a penetration testing tool used to find and crack weak passwords.	N/A
Metasploit	Score 9.0 out of 10	N/A	Metasploit is open source network security software described by Rapid7 as the world’s most used penetration testing framework, designed to help security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness.	N/A
Nmap	Score 8.4 out of 10	N/A	Nmap is a free, open source network discovery, mapper, and security auditing software. Its core features include port scanning identifying unknown devices, testing for security vulnerabilities, and identifying network issues.	$49,980 one-time fee

Pricing

John the Ripper

Metasploit

Nmap

Editions & Modules

No answers on this topic

Nmap OEM Small/Startup Company Redistribution License - Quarterly Term Maintenance Fee: $7,980
Every Three Months per license
Nmap OEM Mid-Sized Company Redistribution License - Quarterly Term Maintenance Fee: $11,980
Every Three Months per license
Nmap OEM Enterprise Redistribution License - Quarterly Term Maintenance Fee: $13,980
Every Three Months per license
Nmap OEM Small/Startup Company Redistribution License - Annual Maintenance Fee: $14,980
per year per license
Nmap OEM Mid-Sized Company Redistribution License - Annual Maintenance Fee: $19,980
per year per license
Nmap OEM Enterprise Redistribution License - Annual Maintenance Fee: $23,980
per year per license
Nmap OEM Small/Startup Company Redistribution License - Perpetual License: $49,980
one-time fee per license
Nmap OEM Small/Startup Company Redistribution License - 5 year prepay Maintenance Fee: $59,920
Every Five Years per license
Nmap OEM Mid-Sized Company Redistribution License - 5 year prepay Maintenance Fee: $79,920
Every Five Years per license
Nmap OEM Mid-Sized Company Redistribution License - Perpetual License: $79,980
one-time fee per license
Nmap OEM Enterprise Redistribution License - 5 year prepay Maintenance Fee: $95,920
Every Five Years per license
Nmap OEM Enterprise Redistribution License - Perpetual License: $98,980
one-time fee per license

Offerings

Pricing Offerings
John the Ripper	Metasploit	Nmap
Free Trial
No	No	No
Free/Freemium Version
No	No	No
Premium Consulting/Integration Services
No	No	No

Entry-level Setup Fee

No setup fee

Additional Details

—

All perpetual licenses include a six-month trial period during which you can cancel for any reason and receive a full refund of all money paid (including maintenance). The term license is only a 3-month commitment and cal also be terminated with full refund during the first 30 days of the initial quarter.

More Pricing Information

Community Pulse
	John the Ripper	Metasploit	Nmap
Considered Multiple Products	John the Ripper No answer on this topic	Metasploit Alan Matson, CCNA:S, MCP Senior Network Security Engineer Chose Metasploit Metasploit is an all around good suite of tools to test and validate potential vulnerabilites. Other tools have bits and pecies such as Nmap, Nessus, Burp Suite, etc. but Metasploit can function in the same way but more. Incentivized Helpful?	Nmap Alan Matson, CCNA:S, MCP Sr. Network Security Engineer Chose Nmap While mainly a CLI tool, there is an unofficial GUI. This can help the learning curve but unlike Nessus and Nexpose where there is a well-made user interface, with NMAP you need to really leverage the CLI for the power behind it. When it comes to modules being community-driven … Incentivized Helpful?

Features

John the Ripper

Metasploit

Nmap

Network Performance Monitoring

Comparison of Network Performance Monitoring features of Product A and Product B
	John the Ripper - Ratings	Metasploit - Ratings	Nmap 5.3 17 Ratings 41% below category average
Automated network device discovery	00 Ratings	00 Ratings	5.011 Ratings
Network monitoring	00 Ratings	00 Ratings	10.012 Ratings
Baseline threshold calculation	00 Ratings	00 Ratings	9.06 Ratings
Alerts	00 Ratings	00 Ratings	3.04 Ratings
Network capacity planning	00 Ratings	00 Ratings	6.07 Ratings
Packet capture analysis	00 Ratings	00 Ratings	2.07 Ratings
Network mapping	00 Ratings	00 Ratings	10.016 Ratings
Customizable reports	00 Ratings	00 Ratings	1.010 Ratings
Wireless infrastructure monitoring	00 Ratings	00 Ratings	2.08 Ratings
Hardware health monitoring	00 Ratings	00 Ratings	5.06 Ratings

Best Alternatives
	John the Ripper	Metasploit	Nmap
Small Businesses	No answers on this topic	No answers on this topic	NinjaOne Score 9.1 out of 10
Medium-sized Companies	Veracode Score 8.8 out of 10	Veracode Score 8.8 out of 10	SolarWinds NetFlow Traffic Analyzer (NTA) Score 9.4 out of 10
Enterprises	Veracode Score 8.8 out of 10	Veracode Score 8.8 out of 10	SolarWinds NetFlow Traffic Analyzer (NTA) Score 9.4 out of 10
All Alternatives	View all alternatives	View all alternatives	View all alternatives

User Ratings
	John the Ripper	Metasploit	Nmap
Likelihood to Recommend	9.0 (1 ratings)	10.0 (5 ratings)	10.0 (18 ratings)
Usability	- (0 ratings)	- (0 ratings)	10.0 (1 ratings)
Support Rating	- (0 ratings)	7.0 (1 ratings)	8.4 (7 ratings)

User Testimonials
	John the Ripper	Metasploit	Nmap
Likelihood to Recommend	Open Source It is best suited in those environments where complexity is not the key. We've used it fairly extensively in our UNIX to find weak UNIX passwords and in Windows environments too. It's very easy to get hold of as it is essentially Open Source, although a paid version is now available and we are thinking of looking at this proposition in-depth to see if it is viable. We found it easy to install and deploy across our systems. Patching was fairly regular, so we always had the latest version. It holds its own against DES and Blowfish encryption algorithms among many others. Incentivized Azhar Chaudri Security Team Lead Analyst Read full review	Rapid7 It is easy to use with sufficient documentation on how to use the tools for end users or newbies. Experienced testers will find it easy to customise and configure the test cases. Just wished that I could have taken up a course on using this tool in my study days so that I could had explored more and improved my familiarity with the tool, unlike when working where access and time to explore the other features of the tool is limited Incentivized Verified User Anonymous Read full review	Open Source If you're a sysadmin, or anyone who's had to deploy network services, you've almost certainly had to use Nmap at some point or other. Need to see what devices are on your LAN? Nmap can tell you that. Want to check which ports your web server has open to the internet? Nmap is your friend. Nmap is a powerful command-line tool and has many options that require some reading of documentation to get the best out of (although generally straightforward). If the thought of working at the command-line scares you (presumably not if you're reading this review), then you may want a much simpler tool, or at least check out Zenmap GUI. Incentivized Verified User Anonymous Read full review
Pros	Open Source Easily finds plantect passwords. Simply detects passwords hashes. Has a fully bespoke cracker that can be modified to users requirements. Excellent for UNIX and Windows usage. Incentivized Azhar Chaudri Security Team Lead Analyst Read full review	Rapid7 Easy to use. Many exploits available. Multi-platform. Incentivized Omar Israel Sánchez Monroy Auditor de Seguridad de la Información Read full review	Open Source NMap provides a very fast and a very thorough network "sweep" that allows you to quickly map out exactly what's on your network. NMap is highly configurable. The "canned" choices are very good in most instances, but using various switches and options, you can create a very specific scan and get exactly the results you're looking for. NMap is easy to use. Even a new administrator will be able to use the graphical version (Zenmap) with efficiency right away. Incentivized Kenneth Hess Senior Systems Analyst Read full review
Cons	Open Source It needs to be modified to be able to break SHA 256, 512 and the lastest hashes. Can be slow and wildly against the lastest hashes. Require admin access to set up account. Old and is being superseded by better applications. Incentivized Azhar Chaudri Security Team Lead Analyst Read full review	Rapid7 More robust menus Better plugin inter-operation Incentivized Alan Matson, CCNA:S, MCP Senior Network Security Engineer Read full review	Open Source The GUI version on Nmap could use some improvement with the options that are available to do scans. For example, they could make it easier to select options for the different types of scanning for people who are beginners There are no abilities to schedule a scan in the Nmap tool. An intensive scan sometimes takes too much time to complete. Incentivized Verified User Anonymous Read full review
Usability	Open Source No answers on this topic	Rapid7 No answers on this topic	Open Source Nmap uses are very practical and I don't think there is a better tools for what Nmap does. It is open-sources that therefore there is no cost to use it. It offers a number of benefits, including but not limited to network mapping, port scanning and more. It is very reliable as a network scanning tool. Incentivized Verified User Anonymous Read full review
Support Rating	Open Source No answers on this topic	Rapid7 We don't use it. Incentivized Omar Israel Sánchez Monroy Auditor de Seguridad de la Información Read full review	Open Source There is a very large support community and a robust selection of add-ons and scripts. Once you get the use down this is one of the most powerful tools and you can find anything you are looking for as far as examples on the web. While not having official support its not lacking by any means. Incentivized Alan Matson, CCNA:S, MCP Sr. Network Security Engineer Read full review
Alternatives Considered	Open Source 'John the Ripper' being open source was free to use, whereas the others had to be paid for. It was very simple to install and runs against many hundreds of hashes and crypts. It is always developing thanks to large communities on GitHub. Incentivized Azhar Chaudri Security Team Lead Analyst Read full review	Rapid7 Metasploit is the most well-known tool in the average pen tester's toolkit. It's hard to compare to its neighbor's due to its size and following. Incentivized Verified User Anonymous Read full review	Open Source Alternatives to Nmap (other IP scanners) are often much more limited in what they can do; They often only allow you to scan a specific subset of ports or a limited number of IP addresses in one command. Nmap is unrestricted in that regard. What makes Nmap stand out above the rest, is the complete network analysis package you get with it. It allows IP scanner, network deep-dives, hardware analysis, vulnerability analysis, encryption detailing, and so much more, in one free application Incentivized Dylan Eikelenboom Security Officer Read full review
Return on Investment	Open Source Helped us achieve initial Password Auditor goals and targets. Simple and cheap to deploy, so have saved greatly compared to paid for products. Incentivized Azhar Chaudri Security Team Lead Analyst Read full review	Rapid7 Positive: Improves efficiency of our network penetration testing operations. Positive: Allows for collaboration and information sharing during a penetration test. Incentivized Verified User Anonymous Read full review	Open Source Nmap with Wireshark is free, so it's been a great combo team to gather info and test. It's allowed us to avoid fines from false positives and to fix actual issues ourselves. Great for finding hosts, helps keep the network secure. Incentivized Verified User Anonymous Read full review
ScreenShots