Metasploit vs. Mobile Security Framework (MobSF) vs. Fortify by OpenText

Metasploit

Metasploit

19 Reviews and Ratings

Mobile Security Framework (MobSF)

Mobile Security Framework (MobSF)

1 Reviews and Ratings

Fortify by OpenText

Fortify by OpenText

22 Reviews and Ratings

Overview
Product	Rating	Most Used By	Product Summary	Starting Price
Metasploit	Score 9.0 out of 10	N/A	Metasploit is open source network security software described by Rapid7 as the world’s most used penetration testing framework, designed to help security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness.	N/A
Mobile Security Framework (MobSF)	Score 8.0 out of 10	N/A	Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, IPA & APPX) along with zipped source code and provides REST APIs for integration with CI/CD or DevSecOps pipeline. The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing.	N/A
Fortify by OpenText	Score 9.0 out of 10	N/A	An AppSec solution formerly from Micro Focus, spanning SCA, SAST and DAST that supports the breadth and management of any application portfolio, used to secure code. Features API discovery and testing for any application, throughout the software lifecycle.	N/A

Pricing

Metasploit

Mobile Security Framework (MobSF)

Fortify by OpenText

Editions & Modules

No answers on this topic

No answers on this topic

No answers on this topic

Offerings

Pricing Offerings
Metasploit	Mobile Security Framework (MobSF)	Fortify by OpenText
Free Trial
No	No	No
Free/Freemium Version
No	No	No
Premium Consulting/Integration Services
No	No	No

Entry-level Setup Fee

No setup fee

No setup fee

No setup fee

Additional Details

—

—

—

More Pricing Information

Community Pulse
	Metasploit	Mobile Security Framework (MobSF)	Fortify by OpenText

Best Alternatives
	Metasploit	Mobile Security Framework (MobSF)	Fortify by OpenText
Small Businesses	No answers on this topic	No answers on this topic	GitLab Score 8.7 out of 10
Medium-sized Companies	Veracode Score 8.8 out of 10	Veracode Score 8.8 out of 10	Veracode Score 8.8 out of 10
Enterprises	Veracode Score 8.8 out of 10	Veracode Score 8.8 out of 10	Veracode Score 8.8 out of 10
All Alternatives	View all alternatives	View all alternatives	View all alternatives

User Ratings
	Metasploit	Mobile Security Framework (MobSF)	Fortify by OpenText
Likelihood to Recommend	10.0 (5 ratings)	8.0 (1 ratings)	9.0 (6 ratings)
Likelihood to Renew	- (0 ratings)	- (0 ratings)	10.0 (1 ratings)
Usability	- (0 ratings)	- (0 ratings)	7.0 (1 ratings)
Support Rating	7.0 (1 ratings)	- (0 ratings)	10.0 (1 ratings)

User Testimonials
	Metasploit	Mobile Security Framework (MobSF)	Fortify by OpenText
Likelihood to Recommend	Rapid7 It is easy to use with sufficient documentation on how to use the tools for end users or newbies. Experienced testers will find it easy to customise and configure the test cases. Just wished that I could have taken up a course on using this tool in my study days so that I could had explored more and improved my familiarity with the tool, unlike when working where access and time to explore the other features of the tool is limited Incentivized Verified User Anonymous Read full review	Open Source MobSF is good for checking for vulnerabilities in your app. It will also give suggestions on how to address them. Another thing is can do is find code that may be incorrect. It is not, however, a substitute for a system that actually checks your code for proper use. It really is concentrated on security. Incentivized FD Francis de Castro Business User Engagement Manager Read full review	OpenText It is best suited for runtime application security scanning and very useful for automation. You can seemlessly integrate with pipeline for dynamic scans. Cloud based apps can also be scanned for vulnerabilities, cross site scripting attacks. Basically all OWASP TOP 10. It is less appropriate to use if you have serverless architecture Incentivized Verified User Anonymous Read full review
Pros	Rapid7 Easy to use. Many exploits available. Multi-platform. Incentivized Omar Israel Sánchez Monroy Auditor de Seguridad de la Información Read full review	Open Source Scan for vulnerabilities Scan for bad coding Give suggestions on fixes for security issues Incentivized FD Francis de Castro Business User Engagement Manager Read full review	OpenText DAST Scanning API Scanning Less detection of false positive Incentivized Zishan Ali Dakhani Employee Read full review
Cons	Rapid7 More robust menus Better plugin inter-operation Incentivized Alan Matson, CCNA:S, MCP Senior Network Security Engineer Read full review	Open Source The UI is not that user friendly The documentation could be easier to understand An easier method of deploying MobSF would be appreciated Incentivized FD Francis de Castro Business User Engagement Manager Read full review	OpenText Reporting could be better Can be an involved setup if your organization is not using common build tools Users get spammed with a lot of email updates from the service Incentivized Verified User Anonymous Read full review
Likelihood to Renew	Rapid7 No answers on this topic	Open Source No answers on this topic	OpenText Since every firm needs to perform static code analysis on their applications, I believe Micro Focus Fortify WebInspect would work well for them (they also offer dynamic scanning, although I haven't used it myself). Different static analysis tools scan code in different ways, and Micro Focus Fortify WebInspect asks you to submit a complete build of the application along with debugging files. Depending on how your company builds its apps, this requirement may be simple or challenging. Incentivized Zishan Ali Dakhani Employee Read full review
Usability	Rapid7 No answers on this topic	Open Source No answers on this topic	OpenText It is a cloud-based platform which can provide us a very useful and unique features like Application Assessment, Scans, Vulnerability Test, Comprehensive Reporting, Monitoring, etc. Fortify by Open Text is also outstanding in various parameters for the support and integration and it is highly adaptable in various DevOps Program where you need secure app testing with all given features. Incentivized Ankitkumar Mistry Product Consultant Read full review
Support Rating	Rapid7 We don't use it. Incentivized Omar Israel Sánchez Monroy Auditor de Seguridad de la Información Read full review	Open Source No answers on this topic	OpenText Always receive excellent support from the vendor. No issues there. Incentivized Gene Baker Vice President, Chief Architect, Development Manager and Software Engineer Read full review
Alternatives Considered	Rapid7 Metasploit is the most well-known tool in the average pen tester's toolkit. It's hard to compare to its neighbor's due to its size and following. Incentivized Verified User Anonymous Read full review	Open Source In my opinion, MobSF is not as comprehensive as SonarQube. Both, however, do a very good job in scanning your code for vulnerabilities. Both do roughly the same things. The reports of SonarQube are more detailed though. The advantage that MobSF has over SonarQube is the price. One is free while the other is a paid solution (with several tiers). However, we use them together to get a more comprehensive scan. Incentivized FD Francis de Castro Business User Engagement Manager Read full review	OpenText Fortify Application Defender is a little more timely and upfront with a lot of their information on cyber security. we like what they provide and how they communicate with our users. I think they have a good understanding and practice in their field. they seem best suited for us and the best fit. Incentivized Verified User Anonymous Read full review
Return on Investment	Rapid7 Positive: Improves efficiency of our network penetration testing operations. Positive: Allows for collaboration and information sharing during a penetration test. Incentivized Verified User Anonymous Read full review	Open Source It has allowed our apps to pass a security vetting requirement of a third party to deploy our app We can see where we can improve on the development of our app The deployment can take a while, especially with teams not familiar with the software Incentivized FD Francis de Castro Business User Engagement Manager Read full review	OpenText DevSecOps helped in reducing efforts License cost was less We could roll out double the count of applications with implementation of WebInspect Incentivized Verified User Anonymous Read full review
ScreenShots