Metasploit

Metasploit

Score 9.4 out of 10
Metasploit

Overview

What is Metasploit?

Metasploit is open source network security software described by Rapid7 as the world’s most used penetration testing framework, designed to help security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness.
Read more

Recent Reviews

Good Tool for VAPT

10 out of 10
April 29, 2021
Metasploit is used by my organization to identify system weakness and attempt to exploit them to demonstrate the weakness. It is an easy …
Continue reading
Verified User
Consultant
Read all reviews

Video Reviews

Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of Metasploit, and make your voice heard!

Record a review
Return to navigation

Product Details

What is Metasploit?

Metasploit is open source network security software described by Rapid7 as the world’s most used penetration testing framework, designed to help security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness.

Metasploit Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

 (20)

Attribute Ratings

Reviews

(1-6 of 6)
Popular Filters
Companies can't remove reviews or game the system. Here's why
April 29, 2021

Good Tool for VAPT

Verified User
Consultant in Information Technology
Information Technology & Services Company, 1001-5000 employees
Score 10 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
Metasploit is used by my organization to identify system weakness and attempt to exploit them to demonstrate the weakness. It is an easy tool used by the security team to identify, isolate, and demonstrate the weakness and allow for verification of the remediations. As an industry-recognized tool, there is no dispute from different vendors when using the tool.
Pros and Cons
  • Test known exploits
  • Segregated workspaces for different projects
  • Updated databases of exploits
  • Improve dashboard to allow C levels to better understand the concerns
  • Exporting the results or integrate with reporting tools
  • Options to manage the payloads
Likelihood to Recommend
It is easy to use with sufficient documentation on how to use the tools for end users or newbies. Experienced testers will find it easy to customise and configure the test cases. Just wished that I could have taken up a course on using this tool in my study days so that I could had explored more and improved my familiarity with the tool, unlike when working where access and time to explore the other features of the tool is limited.
November 19, 2019

Auditing with Metasploit

Omar Israel Sánchez Monroy | TrustRadius Reviewer
Omar Israel Sánchez Monroy
Auditor de Seguridad de la Información
Peñoles (Mining & Metals, 5001-10,000 employees)
Score 9 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
Well we use Metasploit in two areas of the company. Intern audit and security of systems to test network security, the applications and some other technologies of IT and OT. By knowing the most common exploits and hacking techniques we improve the controls in order to mitigate the risks and better understand the anatomy of an attack.
Pros and Cons
  • Easy to use.
  • Many exploits available.
  • Multi-platform.
  • Some exploits need a bit of intervention to work.
Likelihood to Recommend
In security of information it's vital to think like a hacker and it's important to know the tools they use for attacks. So this software gives you the exploits that are already in the wild and to the access of everyone. That's very dangerous so you have to be aware of it.
Support Rating
7
We don't use it.
May 14, 2018

Verify and learn with Metasploit

Alan Matson, CCNA:S, MCP | TrustRadius Reviewer
Alan Matson, CCNA:S, MCP
Senior Network Security Engineer
Insight (Information Technology and Services, 5001-10,000 employees)
Score 9 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
I have used Metasploit in my current and past positions to validate vulnerabilities found in other scanners and to run additional scans and tests not found by a vulnerability scanner. Metasploit is also very good for server hardening by allowing full testing before deployment.
Pros and Cons
  • Vulnerability exploiting
  • Tool integration such as with Nmap
  • Very intuitive interface and searching
  • More robust menus
  • Better plugin inter-operation
Likelihood to Recommend
Very useful for exploitation validation. When a vulnerability scanner shows a machine is vulnerable to an exploit manual testing is always a preferred practice to ensure it is not a false positive from the scanner. Manual validation allows the tester to better understand the exploit and how to properly defend from it.
April 04, 2017

Metasploit - Pen Testing at it's easiest

Verified User
Engineer in Information Technology
Hospitality Company, 501-1000 employees
Score 10 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
I regularly use the Metasploit framework to run our internal security tests. It helps to identify possible weaknesses in our internal network before compromise occurs. It's also on many occasions helped me justify sometimes costly updates to software and business practices by allowing me to illustrate a vulnerability's possible use in the wild.
Pros and Cons
  • Scanning our network for new or existing vulnerable systems.
  • Automation of manual tests and exploits to allow what used to be days of effort to be squeezed into hours.
  • Metasploit has become an integral part in our validation of new systems before their inclusion in our production network.
  • The use of Metasploit in an active environment is scary. The chance of damage to targeted systems increases exponentially as the experience of the user goes down. In some ways, I feel Metasploit has made an industry we all need to stay difficult, accessible to anyone.
  • Exploit updates for the last couple of years have slowed down as the use cases for Metasploit have changed. With so much of the program being driven by the paid versions since the Rapid7 purchase, they really could do with some official exploit support instead of leaning on the public community so hard.
  • Windows versions feel like an afterthought, performance differences are staggering. Run Linux for this one.
Likelihood to Recommend
Metasploit stands on its own in the Pen Testing world. If you're going to run your own in-house tests then get the free version and learn it. You'll see its value quickly.
November 10, 2016

The most important one to get the job done!

Verified User
Engineer in Information Technology
Non-Profit Organization Management Company, 501-1000 employees
Score 10 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
Metasploit Pro is currently being used by the IT security department only and is one of the best tools we've ever used.
Pros and Cons
  • It's extremely intuitive. When I started off in the security field this tool helped me learn a lot.
  • Metasploit, I believe has the largest exploit database with new additions everyday and implementation is really fast.
  • I along with a lot of security professionals I know, consider Metasploit to be the most valued tool in any penetration tester's arsenal.
  • There is a H-U-G-E community and the support is immense, any issues you have can be addressed there. Doesn't matter if you're a newbie or a seasoned penetration tester, everyone is welcome.
  • Have encountered issues with updating especially after moving from BackTrack to Kali.
  • Sometimes it gets a little buggy, but that's a rare occurrence.
Likelihood to Recommend
Metasploit is well suited for all information security professionals and penetration testers. I have had the opportunity of meeting with a lot of security professionals over the past year and each and every one of them has recommended this tool. According to me, if you know what you're doing this tool is never "less appropriate" for the job.
August 01, 2016

Metasploit Unleashed - Organized Collaborative Pentesting

Verified User
Engineer in Other
Computer & Network Security Company, 11-50 employees
Score 10 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
Metasploit is one of the commonly used frameworks inside of our network security department. Our teams are able to use Metasploit's workspace system to work collaboratively on large, comprehensive network penetration tests. Metasploit helps to launch payloads and to gather and store information about systems.
Pros and Cons
  • Workspaces: Metasploit allows for the creation of "workspaces," which allow for shared and collaborative penetration testing.
  • Information management: Metasploit stores and displays detailed information about devices and networks that would otherwise be difficult to manage.
  • Community driven: Many developers from all over the world contribute to Metasploit. This helps to keep it functioning well and up-to-date.
  • If Metasploit could support payloads written in languages other than Ruby, that would be amazing and could help draw in a larger set of contributors.
Likelihood to Recommend
Collaborative network penetration testing: Workspaces allow for team members to work together and securely share information during a network penetration test.

Information management: Metasploit stores and displays information in an organized, easy-to-manage format. The framework can store detailed information about thousands of devices, as well as "loot," such as usernames, passwords, credit card information, and other sensitive information captured during a penetration test.
Return to navigation