Metasploit Reviews

16 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 8.4 out of 101

Do you work for this company? Manage this listing

Overall Rating

Reviewer's Company Size

Last Updated

By Topic

Industry

Department

Experience

Job Type

Role

Reviews (1-6 of 6)

Omar Israel Sánchez Monroy profile photo
November 19, 2019

Auditing with Metasploit

Score 9 out of 10
Vetted Review
Verified User
Review Source
Well we use Metasploit in two areas of the company. Intern audit and security of systems to test network security, the applications and some other technologies of IT and OT. By knowing the most common exploits and hacking techniques we improve the controls in order to mitigate the risks and better understand the anatomy of an attack.
  • Easy to use.
  • Many exploits available.
  • Multi-platform.
  • Some exploits need a bit of intervention to work.
In security of information it's vital to think like a hacker and it's important to know the tools they use for attacks. So this software gives you the exploits that are already in the wild and to the access of everyone. That's very dangerous so you have to be aware of it.
Read Omar Israel Sánchez Monroy's full review
Alan Matson, CCNA:S, MCP profile photo
Score 9 out of 10
Vetted Review
Verified User
Review Source
I have used Metasploit in my current and past positions to validate vulnerabilities found in other scanners and to run additional scans and tests not found by a vulnerability scanner. Metasploit is also very good for server hardening by allowing full testing before deployment.
  • Vulnerability exploiting
  • Tool integration such as with Nmap
  • Very intuitive interface and searching
  • More robust menus
  • Better plugin inter-operation
Very useful for exploitation validation. When a vulnerability scanner shows a machine is vulnerable to an exploit manual testing is always a preferred practice to ensure it is not a false positive from the scanner. Manual validation allows the tester to better understand the exploit and how to properly defend from it.
Read Alan Matson, CCNA:S, MCP's full review
No photo available
Score 10 out of 10
Vetted Review
Verified User
Review Source
I regularly use the Metasploit framework to run our internal security tests. It helps to identify possible weaknesses in our internal network before compromise occurs. It's also on many occasions helped me justify sometimes costly updates to software and business practices by allowing me to illustrate a vulnerability's possible use in the wild.
  • Scanning our network for new or existing vulnerable systems.
  • Automation of manual tests and exploits to allow what used to be days of effort to be squeezed into hours.
  • Metasploit has become an integral part in our validation of new systems before their inclusion in our production network.
  • The use of Metasploit in an active environment is scary. The chance of damage to targeted systems increases exponentially as the experience of the user goes down. In some ways, I feel Metasploit has made an industry we all need to stay difficult, accessible to anyone.
  • Exploit updates for the last couple of years have slowed down as the use cases for Metasploit have changed. With so much of the program being driven by the paid versions since the Rapid7 purchase, they really could do with some official exploit support instead of leaning on the public community so hard.
  • Windows versions feel like an afterthought, performance differences are staggering. Run Linux for this one.
Metasploit stands on its own in the Pen Testing world. If you're going to run your own in-house tests then get the free version and learn it. You'll see its value quickly.
Read this authenticated review
No photo available
Score 10 out of 10
Vetted Review
Verified User
Review Source
Metasploit Pro is currently being used by the IT security department only and is one of the best tools we've ever used.
  • It's extremely intuitive. When I started off in the security field this tool helped me learn a lot.
  • Metasploit, I believe has the largest exploit database with new additions everyday and implementation is really fast.
  • I along with a lot of security professionals I know, consider Metasploit to be the most valued tool in any penetration tester's arsenal.
  • There is a H-U-G-E community and the support is immense, any issues you have can be addressed there. Doesn't matter if you're a newbie or a seasoned penetration tester, everyone is welcome.
  • Have encountered issues with updating especially after moving from BackTrack to Kali.
  • Sometimes it gets a little buggy, but that's a rare occurrence.
Metasploit is well suited for all information security professionals and penetration testers. I have had the opportunity of meeting with a lot of security professionals over the past year and each and every one of them has recommended this tool. According to me, if you know what you're doing this tool is never "less appropriate" for the job.
Read this authenticated review
No photo available
Score 9 out of 10
Vetted Review
Verified User
Review Source
Our team uses Metasploit during all penetration tests. Metasploit is fantastic in cases where and organization has not performed regular updates. The pre-compiled exploits used by metasploit are a great way to provide a proof of concept to the client. Metasploit is also used when we've gained local shell on a machine or have RCE via a web application. Sometimes it is easier to create a reverse meterpreter shell then sending a bash shell back - this is more so the case when we have RCE on a windows client, as sending a reverse shell is much more challenging without meterpreter.
  • Create reverse shells
  • Test known exploits
  • Enumerating the target (meterpreter)
  • Better obfuscation of meterpreter payload
  • Options for obfuscation of meterpreter handler
  • More options for encrypting payloads
Metasploit is well suited in just about any pen test environment - however it should not be used in unauthorized environments and on machines where a pen test was not welcomed/authorized
Read this authenticated review
No photo available
Score 10 out of 10
Vetted Review
Verified User
Review Source
Metasploit is one of the commonly used frameworks inside of our network security department. Our teams are able to use Metasploit's workspace system to work collaboratively on large, comprehensive network penetration tests. Metasploit helps to launch payloads and to gather and store information about systems.
  • Workspaces: Metasploit allows for the creation of "workspaces," which allow for shared and collaborative penetration testing.
  • Information management: Metasploit stores and displays detailed information about devices and networks that would otherwise be difficult to manage.
  • Community driven: Many developers from all over the world contribute to Metasploit. This helps to keep it functioning well and up-to-date.
  • If Metasploit could support payloads written in languages other than Ruby, that would be amazing and could help draw in a larger set of contributors.
Collaborative network penetration testing: Workspaces allow for team members to work together and securely share information during a network penetration test.

Information management: Metasploit stores and displays information in an organized, easy-to-manage format. The framework can store detailed information about thousands of devices, as well as "loot," such as usernames, passwords, credit card information, and other sensitive information captured during a penetration test.
Read this authenticated review

About Metasploit

Metasploit is open source network security software supported by Boston-based Rapid7.
Categories:  Network Security

Metasploit Technical Details

Operating Systems: Unspecified
Mobile Application:No