Metasploit Unleashed - Organized Collaborative Pentesting
August 01, 2016
Metasploit Unleashed - Organized Collaborative Pentesting
Score 10 out of 10
Vetted Review
Verified User
Overall Satisfaction with Metasploit
Metasploit is one of the commonly used frameworks inside of our network security department. Our teams are able to use Metasploit's workspace system to work collaboratively on large, comprehensive network penetration tests. Metasploit helps to launch payloads and to gather and store information about systems.
Pros
- Workspaces: Metasploit allows for the creation of "workspaces," which allow for shared and collaborative penetration testing.
- Information management: Metasploit stores and displays detailed information about devices and networks that would otherwise be difficult to manage.
- Community driven: Many developers from all over the world contribute to Metasploit. This helps to keep it functioning well and up-to-date.
Cons
- If Metasploit could support payloads written in languages other than Ruby, that would be amazing and could help draw in a larger set of contributors.
- Positive: Improves efficiency of our network penetration testing operations.
- Positive: Allows for collaboration and information sharing during a penetration test.
- Pentestly Framework and Cobalt Strike
They are equal in my mind. It really just depends on a user's preference. Cobalt Strike is essential a graphical user interface (GUI) built on top of Metasploit, so it will feel very familiar to Metasploit users. The Pentestly Framework is also quite similar to Metasploit. However, Pentestly is built on top of the "recon-ng" framework and is written in Python. It provides a similar workflow to Metasploit and many Metasploit users may find it equally as powerful.
Comments
Please log in to join the conversation