Metasploit Unleashed - Organized Collaborative Pentesting
August 01, 2016

Metasploit Unleashed - Organized Collaborative Pentesting

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with Metasploit

Metasploit is one of the commonly used frameworks inside of our network security department. Our teams are able to use Metasploit's workspace system to work collaboratively on large, comprehensive network penetration tests. Metasploit helps to launch payloads and to gather and store information about systems.
  • Workspaces: Metasploit allows for the creation of "workspaces," which allow for shared and collaborative penetration testing.
  • Information management: Metasploit stores and displays detailed information about devices and networks that would otherwise be difficult to manage.
  • Community driven: Many developers from all over the world contribute to Metasploit. This helps to keep it functioning well and up-to-date.
  • If Metasploit could support payloads written in languages other than Ruby, that would be amazing and could help draw in a larger set of contributors.
  • Positive: Improves efficiency of our network penetration testing operations.
  • Positive: Allows for collaboration and information sharing during a penetration test.
  • Pentestly Framework and Cobalt Strike
They are equal in my mind. It really just depends on a user's preference. Cobalt Strike is essential a graphical user interface (GUI) built on top of Metasploit, so it will feel very familiar to Metasploit users. The Pentestly Framework is also quite similar to Metasploit. However, Pentestly is built on top of the "recon-ng" framework and is written in Python. It provides a similar workflow to Metasploit and many Metasploit users may find it equally as powerful.
Collaborative network penetration testing: Workspaces allow for team members to work together and securely share information during a network penetration test.

Information management: Metasploit stores and displays information in an organized, easy-to-manage format. The framework can store detailed information about thousands of devices, as well as "loot," such as usernames, passwords, credit card information, and other sensitive information captured during a penetration test.