Metasploit - Pen Testing at it's easiest
April 04, 2017
Metasploit - Pen Testing at it's easiest
Score 10 out of 10
Vetted Review
Verified User
Overall Satisfaction with Metasploit
I regularly use the Metasploit framework to run our internal security tests. It helps to identify possible weaknesses in our internal network before compromise occurs. It's also on many occasions helped me justify sometimes costly updates to software and business practices by allowing me to illustrate a vulnerability's possible use in the wild.
- Scanning our network for new or existing vulnerable systems.
- Automation of manual tests and exploits to allow what used to be days of effort to be squeezed into hours.
- Metasploit has become an integral part in our validation of new systems before their inclusion in our production network.
- The use of Metasploit in an active environment is scary. The chance of damage to targeted systems increases exponentially as the experience of the user goes down. In some ways, I feel Metasploit has made an industry we all need to stay difficult, accessible to anyone.
- Exploit updates for the last couple of years have slowed down as the use cases for Metasploit have changed. With so much of the program being driven by the paid versions since the Rapid7 purchase, they really could do with some official exploit support instead of leaning on the public community so hard.
- Windows versions feel like an afterthought, performance differences are staggering. Run Linux for this one.
- Decreased our reliance on third party services for internal testing.
- Increased our awareness of patch management, allowed for an easy case to be made for funding.
- Fantastic Phishing and USB drive campaign tools.
Metasploit is the most well-known tool in the average pen tester's toolkit. It's hard to compare to its neighbor's due to its size and following.