TrustRadius
Metasploit is open source network security software supported by Boston-based Rapid7.https://dudodiprj2sv7.cloudfront.net/product-logos/lF/7c/SL98TGQKK2SS.pngVerify and learn with MetasploitI have used Metasploit in my current and past positions to validate vulnerabilities found in other scanners and to run additional scans and tests not found by a vulnerability scanner. Metasploit is also very good for server hardening by allowing full testing before deployment.,Vulnerability exploiting Tool integration such as with NMAP Very intuitive interface and searching,More robust menus Better plugin inter-operation,9,We have been able to weed out false positives with a more manual vetting of scanned vulnerabilities. Our teams have become more well versed in penetration testing with Metasploit to understand the vulnerabilities potentially present.,Nmap and Burp Suite,Nmap, Burp SuiteMetasploit - Pen Testing at it's easiestI regularly use the Metasploit framework to run our internal security tests. It helps to identify possible weaknesses in our internal network before compromise occurs. It's also on many occasions helped me justify sometimes costly updates to software and business practices by allowing me to illustrate a vulnerability's possible use in the wild.,Scanning our network for new or existing vulnerable systems. Automation of manual tests and exploits to allow what used to be days of effort to be squeezed into hours. Metasploit has become an integral part in our validation of new systems before their inclusion in our production network.,The use of Metasploit in an active environment is scary. The chance of damage to targeted systems increases exponentially as the experience of the user goes down. In some ways, I feel Metasploit has made an industry we all need to stay difficult, accessible to anyone. Exploit updates for the last couple of years have slowed down as the use cases for Metasploit have changed. With so much of the program being driven by the paid versions since the Rapid7 purchase, they really could do with some official exploit support instead of leaning on the public community so hard. Windows versions feel like an afterthought, performance differences are staggering. Run Linux for this one.,10,Decreased our reliance on third party services for internal testing. Increased our awareness of patch management, allowed for an easy case to be made for funding. Fantastic Phishing and USB drive campaign tools.,PhishMe,Fortinet FortiGate, Microsoft Office 365, NagiosThe most important one to get the job done!Metasploit Pro is currently being used by the IT security department only and is one of the best tools we've ever used.,It's extremely intuitive. When I started off in the security field this tool helped me learn a lot. Metasploit, I believe has the largest exploit database with new additions everyday and implementation is really fast. I along with a lot of security professionals I know, consider Metasploit to be the most valued tool in any penetration tester's arsenal. There is a H-U-G-E community and the support is immense, any issues you have can be addressed there. Doesn't matter if you're a newbie or a seasoned penetration tester, everyone is welcome.,Have encountered issues with updating especially after moving from BackTrack to Kali. Sometimes it gets a little buggy, but that's a rare occurrence.,10,You get the best tool there is and considering the positive impact it has on security risk awareness and risk measurement for the company, it is well worth the investment. Negative impact - NONE.,,Tenable Unified Security, JIRA Software, Nmap, WebsensePen testers swiss army knifeOur team uses Metasploit during all penetration tests. Metasploit is fantastic in cases where and organization has not performed regular updates. The pre-compiled exploits used by metasploit are a great way to provide a proof of concept to the client. Metasploit is also used when we've gained local shell on a machine or have RCE via a web application. Sometimes it is easier to create a reverse meterpreter shell then sending a bash shell back - this is more so the case when we have RCE on a windows client, as sending a reverse shell is much more challenging without meterpreter.,Create reverse shells Test known exploits Enumerating the target (meterpreter),Better obfuscation of meterpreter payload Options for obfuscation of meterpreter handler More options for encrypting payloads,9,Metasploit has not directly had an ROI with my company, however its made PoC's easier to display to the client, which makes my company look good,,Burp Suite, Tenable Unified Security,15,15,Penetration tests Vulnerability assessments network tests red teaming,sometimes we modify the handler to obfuscate the connection back to the MSF handler We sometimes modify the ruby modules based on the system we are attacking We almost always use it for pivoting once we are sure there is no AV on the target machine,Buy the pro version Buy individual licenses for the team Start development of individual modules,10,Yes,Price Product Features Product Usability Product Reputation Prior Experience with the Product Vendor Reputation Existing Relationship with the Vendor Positive Sales Experience with the Vendor Analyst Reports Third-party Reviews,Use Nexpose first to easily identify low hanging fruit and the associated Metasploit modules. Then, having purchased individual licenses for the enterprise version, we would attempt exploiting the target. It would also be nice if there was a reporting feature for it so that we could easily generate a report to use for the client. I dont know how easy this would be for Trustwave, but if they could make the process of writing a module a little easier that would be nice,Implemented in-house,No,Change management was minimal,Dependency issues based on the OS you decide to run this on Database issues with metasploit Scanner integrations can be a pain to get up and working,10,Yes,10,Yes,I actually have posted on the metasplot github page and received very quick response. The issue I had was handled fairly quickly, same day! I mentioned this in my prior post but having the trustwave team monitoring the github and helping on the fly is great for the entire community. Just doing a google search with the issue using the "site:github.com" will usually resolve your issue fairly quickly as well,low hanging fruit public facing ports local privilege exploitation,Writing ruby modules integrating scanners to the msf framework setting up the database,No,10Metasploit Unleashed - Organized Collaborative PentestingMetasploit is one of the commonly used frameworks inside of our network security department. Our teams are able to use Metasploit's workspace system to work collaboratively on large, comprehensive network penetration tests. Metasploit helps to launch payloads and to gather and store information about systems.,Workspaces: Metasploit allows for the creation of "workspaces," which allow for shared and collaborative penetration testing. Information management: Metasploit stores and displays detailed information about devices and networks that would otherwise be difficult to manage. Community driven: Many developers from all over the world contribute to Metasploit. This helps to keep it functioning well and up-to-date.,If Metasploit could support payloads written in languages other than Ruby, that would be amazing and could help draw in a larger set of contributors.,10,Positive: Improves efficiency of our network penetration testing operations. Positive: Allows for collaboration and information sharing during a penetration test.,Pentestly Framework and Cobalt Strike,Burp Suite
Unspecified
Metasploit
13 Ratings
Score 8.6 out of 101
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>TRScore

Metasploit Reviews

Metasploit
13 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.6 out of 101
Show Filters 
Hide Filters 
Filter 13 vetted Metasploit reviews and ratings
Clear all filters
Overall Rating
Reviewer's Company Size
Last Updated
By Topic
Industry
Department
Experience
Job Type
Role
Reviews (1-5 of 5)
  Vendors can't alter or remove reviews. Here's why.
Alan Matson, CCNA:S, MCP profile photo
May 14, 2018

User Review: "Verify and learn with Metasploit"

Score 9 out of 10
Vetted Review
Verified User
Review Source
I have used Metasploit in my current and past positions to validate vulnerabilities found in other scanners and to run additional scans and tests not found by a vulnerability scanner. Metasploit is also very good for server hardening by allowing full testing before deployment.
  • Vulnerability exploiting
  • Tool integration such as with Nmap
  • Very intuitive interface and searching
  • More robust menus
  • Better plugin inter-operation
Very useful for exploitation validation. When a vulnerability scanner shows a machine is vulnerable to an exploit manual testing is always a preferred practice to ensure it is not a false positive from the scanner. Manual validation allows the tester to better understand the exploit and how to properly defend from it.
Read Alan Matson, CCNA:S, MCP's full review
No photo available
April 04, 2017

Review: "Metasploit - Pen Testing at it's easiest"

Score 10 out of 10
Vetted Review
Verified User
Review Source
I regularly use the Metasploit framework to run our internal security tests. It helps to identify possible weaknesses in our internal network before compromise occurs. It's also on many occasions helped me justify sometimes costly updates to software and business practices by allowing me to illustrate a vulnerability's possible use in the wild.
  • Scanning our network for new or existing vulnerable systems.
  • Automation of manual tests and exploits to allow what used to be days of effort to be squeezed into hours.
  • Metasploit has become an integral part in our validation of new systems before their inclusion in our production network.
  • The use of Metasploit in an active environment is scary. The chance of damage to targeted systems increases exponentially as the experience of the user goes down. In some ways, I feel Metasploit has made an industry we all need to stay difficult, accessible to anyone.
  • Exploit updates for the last couple of years have slowed down as the use cases for Metasploit have changed. With so much of the program being driven by the paid versions since the Rapid7 purchase, they really could do with some official exploit support instead of leaning on the public community so hard.
  • Windows versions feel like an afterthought, performance differences are staggering. Run Linux for this one.
Metasploit stands on its own in the Pen Testing world. If you're going to run your own in-house tests then get the free version and learn it. You'll see its value quickly.
Read this authenticated review
No photo available
November 10, 2016

Metasploit Review: "The most important one to get the job done!"

Score 10 out of 10
Vetted Review
Verified User
Review Source
Metasploit Pro is currently being used by the IT security department only and is one of the best tools we've ever used.
  • It's extremely intuitive. When I started off in the security field this tool helped me learn a lot.
  • Metasploit, I believe has the largest exploit database with new additions everyday and implementation is really fast.
  • I along with a lot of security professionals I know, consider Metasploit to be the most valued tool in any penetration tester's arsenal.
  • There is a H-U-G-E community and the support is immense, any issues you have can be addressed there. Doesn't matter if you're a newbie or a seasoned penetration tester, everyone is welcome.
  • Have encountered issues with updating especially after moving from BackTrack to Kali.
  • Sometimes it gets a little buggy, but that's a rare occurrence.
Metasploit is well suited for all information security professionals and penetration testers. I have had the opportunity of meeting with a lot of security professionals over the past year and each and every one of them has recommended this tool. According to me, if you know what you're doing this tool is never "less appropriate" for the job.
Read this authenticated review
No photo available
November 04, 2016

Metasploit Review: "Pen testers swiss army knife"

Score 9 out of 10
Vetted Review
Verified User
Review Source
Our team uses Metasploit during all penetration tests. Metasploit is fantastic in cases where and organization has not performed regular updates. The pre-compiled exploits used by metasploit are a great way to provide a proof of concept to the client. Metasploit is also used when we've gained local shell on a machine or have RCE via a web application. Sometimes it is easier to create a reverse meterpreter shell then sending a bash shell back - this is more so the case when we have RCE on a windows client, as sending a reverse shell is much more challenging without meterpreter.
  • Create reverse shells
  • Test known exploits
  • Enumerating the target (meterpreter)
  • Better obfuscation of meterpreter payload
  • Options for obfuscation of meterpreter handler
  • More options for encrypting payloads
Metasploit is well suited in just about any pen test environment - however it should not be used in unauthorized environments and on machines where a pen test was not welcomed/authorized
Read this authenticated review
No photo available
August 01, 2016

Review: "Metasploit Unleashed - Organized Collaborative Pentesting"

Score 10 out of 10
Vetted Review
Verified User
Review Source
Metasploit is one of the commonly used frameworks inside of our network security department. Our teams are able to use Metasploit's workspace system to work collaboratively on large, comprehensive network penetration tests. Metasploit helps to launch payloads and to gather and store information about systems.
  • Workspaces: Metasploit allows for the creation of "workspaces," which allow for shared and collaborative penetration testing.
  • Information management: Metasploit stores and displays detailed information about devices and networks that would otherwise be difficult to manage.
  • Community driven: Many developers from all over the world contribute to Metasploit. This helps to keep it functioning well and up-to-date.
  • If Metasploit could support payloads written in languages other than Ruby, that would be amazing and could help draw in a larger set of contributors.
Collaborative network penetration testing: Workspaces allow for team members to work together and securely share information during a network penetration test.

Information management: Metasploit stores and displays information in an organized, easy-to-manage format. The framework can store detailed information about thousands of devices, as well as "loot," such as usernames, passwords, credit card information, and other sensitive information captured during a penetration test.
Read this authenticated review

About Metasploit

Metasploit is open source network security software supported by Boston-based Rapid7.
Categories:  Network Security

Metasploit Technical Details

Operating Systems: Unspecified
Mobile Application:No