TrustRadius: an HG Insights company

Metasploit

Score9 out of 10

19 Reviews and Ratings

Get a Demo

What is Metasploit?

Metasploit is open source network security software described by Rapid7 as the world’s most used penetration testing framework, designed to help security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness.

Categories & Use Cases

Reviews

What users are saying about Metasploit.
View all reviews

Auditing with Metasploit

Incentivized
Omar Israel Sánchez MonroyView profile
Auditor de Seguridad de la Información in Information Technology at Peñoles (5001-10,000 employees employees)

Pros

  • Easy to use.
  • Many exploits available.
  • Multi-platform.

Cons

  • Some exploits need a bit of intervention to work.

Return on Investment

  • If you prevent an attack you will save a lot of money.
  • There is a free version that has a lot of useful exploits.
  • You can run it in an open source OS.

Alternatives Considered

Nessus

Other Software Used

Nessus

Verify and learn with Metasploit

Incentivized
Alan Matson, CCNA:S, MCPView profile
Senior Network Security Engineer in Information Technology at Insight (5001-10,000 employees employees)

Pros

  • Vulnerability exploiting
  • Tool integration such as with NMAP
  • Very intuitive interface and searching

Cons

  • More robust menus
  • Better plugin inter-operation

Return on Investment

  • We have been able to weed out false positives with a more manual vetting of scanned vulnerabilities.
  • Our teams have become more well versed in penetration testing with Metasploit to understand the vulnerabilities potentially present.

Alternatives Considered

Nmap and Burp Suite

Other Software Used

Nmap, Burp Suite

Good Tool for VAPT

Incentivized
Verified User
Consultant in Information Technology (1001-5000 employees employees)

Pros

  • Test known exploits
  • Segregated workspaces for different projects
  • Updated databases of exploits

Cons

  • Improve dashboard to allow C levels to better understand the concerns
  • Exporting the results or integrate with reporting tools
  • Options to manage the payloads

Most Important Features

  • Accepted industry tool or brand
  • Easy to use
  • Wide database of exploits

Return on Investment

  • Expensive for small teams or POC projects
  • Specialised skill sets required
  • Understanding how to to use features

Other Software Used

Kali Linux, Burp Suite, Nexus Pro

Metasploit - Pen Testing at it's easiest

Incentivized
Verified User
Engineer in Information Technology (501-1000 employees employees)

Pros

  • Scanning our network for new or existing vulnerable systems.
  • Automation of manual tests and exploits to allow what used to be days of effort to be squeezed into hours.
  • Metasploit has become an integral part in our validation of new systems before their inclusion in our production network.

Cons

  • The use of Metasploit in an active environment is scary. The chance of damage to targeted systems increases exponentially as the experience of the user goes down. In some ways, I feel Metasploit has made an industry we all need to stay difficult, accessible to anyone.
  • Exploit updates for the last couple of years have slowed down as the use cases for Metasploit have changed. With so much of the program being driven by the paid versions since the Rapid7 purchase, they really could do with some official exploit support instead of leaning on the public community so hard.
  • Windows versions feel like an afterthought, performance differences are staggering. Run Linux for this one.

Return on Investment

  • Decreased our reliance on third party services for internal testing.
  • Increased our awareness of patch management, allowed for an easy case to be made for funding.
  • Fantastic Phishing and USB drive campaign tools.

Alternatives Considered

PhishMe

Other Software Used

Fortinet FortiGate, Microsoft Office 365, Nagios

Metasploit Unleashed - Organized Collaborative Pentesting

Incentivized
Verified User
Engineer (11-50 employees employees)

Pros

  • Workspaces: Metasploit allows for the creation of "workspaces," which allow for shared and collaborative penetration testing.
  • Information management: Metasploit stores and displays detailed information about devices and networks that would otherwise be difficult to manage.
  • Community driven: Many developers from all over the world contribute to Metasploit. This helps to keep it functioning well and up-to-date.

Cons

  • If Metasploit could support payloads written in languages other than Ruby, that would be amazing and could help draw in a larger set of contributors.

Return on Investment

  • Positive: Improves efficiency of our network penetration testing operations.
  • Positive: Allows for collaboration and information sharing during a penetration test.

Other Software Used

Burp Suite