Metasploit vs. Pentest-Tools.com

It is easy to use with sufficient documentation on how to use the tools for end users or newbies. Experienced testers will find it easy to customise and configure the test cases. Just wished that I could have taken up a course on using this tool in my study days so that I could had explored more and improved my familiarity with the tool, unlike when working where access and time to explore the other features of the tool is limited

Incentivized

This website is well suited for organisations that perform regular security assessments. In particular, external scans and reconnaissance. As an example, I am able to run a report on our Wordpress website to enable me to see whether we are missing any important security updates. We found it to be very useful for training new security analysts, due to the straightforward GUI. You can work on the same projects together to help you to do this. Having it laid out in front of them helps them to understand the concepts much easier than using dozens of different tools to achieve the same goals, and also speeds up training. If you're a personal user it may not be appropriate due to price. If you are a personal user, I would advise using the many open source tools there are that do the same things. The strength of this platform is that it combines them into a single pane of glass, but you can achieve the same things with other tools if necessary. For example, there are many other tools that you could use to run a UDP port scan that do not cost money (EG NMAP)

Incentivized

• Scanning our network for new or existing vulnerable systems.
• Automation of manual tests and exploits to allow what used to be days of effort to be squeezed into hours.
• Metasploit has become an integral part in our validation of new systems before their inclusion in our production network.

Incentivized

• Cheaper than some other platforms
• Good support
• Cloud based
• Integrates well with identity providers

Incentivized

• Have encountered issues with updating especially after moving from BackTrack to Kali.
• Sometimes it gets a little buggy, but that's a rare occurrence.

Incentivized

• No logging for things like scanning. This means you don't actually know when the scan has failed if you're not immediately on the ball.
• Reports could look better. It would be good to be able to customise the report with some different styles to suit your company's branding.
• Could have better tutorials.
• It may be useful to have a feature similar to Microsoft Secure Score, which compares your organisation to similar ones, so that you have a reference of how secure your environment actually is.

Incentivized

We don't use it.

Incentivized

Metasploit is an all around good suite of tools to test and validate potential vulnerabilites. Other tools have bits and pecies such as Nmap, Nessus, Burp Suite, etc. but Metasploit can function in the same way but more.

Incentivized

Offers a great number of tools in one interface, giving you a single pane of glass to work from. Therefore, it's favourable compared to some of these other products, that do similar things but are less intuitive and less easy to use. This makes it not only easier to use, but easier to report results to your customers. Also, although the price point can seem high, once you start adding multiple paid tools that do the same job, there probably isn't a massive amount of difference (if any)

Incentivized

• If you prevent an attack you will save a lot of money.
• There is a free version that has a lot of useful exploits.
• You can run it in an open source OS.

Incentivized

• Price point allows us to sell the solution at an excellent margin
• Freed up time due to the automated solutions, allowing us to utilise staff better
• Use from anywhere due to being cloud based

Incentivized