Item: Metasploit
Rating: 9
Author: Alan Matson, CCNA:S, MCP

Use Cases and Deployment Scope

I have used Metasploit in my current and past positions to validate vulnerabilities found in other scanners and to run additional scans and tests not found by a vulnerability scanner. Metasploit is also very good for server hardening by allowing full testing before deployment.

Pros and Cons

Vulnerability exploiting
Tool integration such as with Nmap
Very intuitive interface and searching

More robust menus
Better plugin inter-operation

Return on Investment

We have been able to weed out false positives with a more manual vetting of scanned vulnerabilities.
Our teams have become more well versed in penetration testing with Metasploit to understand the vulnerabilities potentially present.

Alternatives Considered

Nmap and Burp Suite

Metasploit is an all around good suite of tools to test and validate potential vulnerabilites. Other tools have bits and pecies such as Nmap, Nessus, Burp Suite, etc. but Metasploit can function in the same way but more.

Other Software Used

Nmap, Burp Suite

Likelihood to Recommend

Very useful for exploitation validation. When a vulnerability scanner shows a machine is vulnerable to an exploit manual testing is always a preferred practice to ensure it is not a false positive from the scanner. Manual validation allows the tester to better understand the exploit and how to properly defend from it.

Verify and learn with Metasploit

Overall Satisfaction with Metasploit