Verify and learn with Metasploit
May 14, 2018

Verify and learn with Metasploit

Alan Matson, CCNA:S, MCP | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with Metasploit

I have used Metasploit in my current and past positions to validate vulnerabilities found in other scanners and to run additional scans and tests not found by a vulnerability scanner. Metasploit is also very good for server hardening by allowing full testing before deployment.

Pros

  • Vulnerability exploiting
  • Tool integration such as with Nmap
  • Very intuitive interface and searching

Cons

  • More robust menus
  • Better plugin inter-operation
  • We have been able to weed out false positives with a more manual vetting of scanned vulnerabilities.
  • Our teams have become more well versed in penetration testing with Metasploit to understand the vulnerabilities potentially present.
Metasploit is an all around good suite of tools to test and validate potential vulnerabilites. Other tools have bits and pecies such as Nmap, Nessus, Burp Suite, etc. but Metasploit can function in the same way but more.
Very useful for exploitation validation. When a vulnerability scanner shows a machine is vulnerable to an exploit manual testing is always a preferred practice to ensure it is not a false positive from the scanner. Manual validation allows the tester to better understand the exploit and how to properly defend from it.

Comments

More Reviews of Metasploit