No more typing reviews! Try our Samantha, our new voice AI agent.

ManageEngine Vulnerability Manager Plus vs Rapid7 Metasploit comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Vulnerability Management
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Container Security (11th), Cloud Workload Protection Platforms (CWPP) (8th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
ManageEngine Vulnerability ...
Ranking in Vulnerability Management
36th
Average Rating
9.4
Reviews Sentiment
7.4
Number of Reviews
3
Ranking in other categories
No ranking in other categories
Rapid7 Metasploit
Ranking in Vulnerability Management
22nd
Average Rating
8.0
Reviews Sentiment
6.1
Number of Reviews
22
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Vulnerability Management category, the mindshare of Qualys TotalCloud is 1.0%, up from 0.9% compared to the previous year. The mindshare of ManageEngine Vulnerability Manager Plus is 0.7%, down from 0.8% compared to the previous year. The mindshare of Rapid7 Metasploit is 2.1%, up from 1.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Qualys TotalCloud1.0%
Rapid7 Metasploit2.1%
ManageEngine Vulnerability Manager Plus0.7%
Other96.2%
Vulnerability Management
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
MB
IT Helpdesk at a manufacturing company with 51-200 employees
Enhanced endpoint security with effective patch management and frequent scans
The most valuable feature was the patch management, which was very effective for endpoint-centric solutions requiring remediation of vulnerabilities. ManageEngine Vulnerability Manager Plus was the perfect fit for managing these requirements. We improved the number of scans and patches performed from four times per year per computer to four times per month.
reviewer1247523 - PeerSpot reviewer
Head of Sales Services Department at a comms service provider with 51-200 employees
Extensive exploit database and seamless integration enhance penetration testing capabilities
The automated approach in the audits or in the hacking testing with Rapid7 Metasploit could be improved because even the same attack you provide today will go in different ways another day. I prefer when the auditor or pen-tester provides the attack in a non-automated mode. For some, it might be a valuable option, but I'm not sure it's valuable for us, as after the attack has been provided, we should release a report detailing how it transpired and what the customer should improve to block this way of attack. If the attack was provided in an automated mode, you cannot receive sufficient information that helps with this final report for the customer. While you can check the vulnerability, and the system will tell you there is no vulnerability, usually, a human can change one, two, or three parameters and using the same technique and the same scripts can break the system. Rapid7 Metasploit could be improved in areas concerning the experience with finding particular scripts pre-installed in the solution. Customers, administrators, and pen-testers spend considerable time trying to locate the specific component they need by the name of the technique or the name of the attack, so any improvements in making it easier to find those predefined components by name or timeframe would be beneficial. Search filters could be a correct improvement.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The scalability is good as well. I would rate it ten out of ten."
"If I had to say something positive about the product that brings me the biggest benefit, I would say it has accurate reports, gets new update CVEs, zero-day attack detection, and is easy to manage with its GUI."
"I would definitely recommend Qualys TotalCloud to other users."
"Qualys TotalCloud fulfills all these needs."
"TruRisk Insights is the most important innovation they've released this year."
"Its dashboards are brilliant. It provides in-depth insights."
"I highly recommend Qualys TotalCloud to other users."
"With TotalCloud, we can scan through the API. If we are not able to deploy cloud agents on the machine, we can use the API."
"ManageEngine is a comprehensive tool that is broad and can be customized to fit specific needs."
"The solution helps us figure out vulnerabilities and fix them."
"The most valuable feature was the patch management, which was very effective for endpoint-centric solutions requiring remediation of vulnerabilities."
"I have been using it for over two years, and it is fantastic."
"Technical support is very good; whenever we need assistance, they are quite helpful and responsive."
"All of the features are great."
"Metasploit is the most favored toolkit for network security professionals and penetration testers."
"I would definitely recommend Metasploit to others."
"The search engine is actually pretty cool, it allows you to search the vulnerability very fast, and the big difference is that the exploit you see on Metasploit has been tested and imported, it's going to work and it is not going to crash anything."
"The solution is open source and has many small targetted penetration tests that have been written by many people that are useful. You can choose different subjects for the test, such as Oracle databases or Apache servers."
"The greatest advantage of Rapid7 Metasploit is that it is the only system that can directly exploit vulnerabilities on the Metasploit platform."
"The tool's most useful feature for penetration testing is its automation capabilities. With the professional edition, you can upload the results from Nessus in the Rapid7 Metasploit solution portal."
 

Cons

"Their support could be improved."
"To improve the user experience, reporting could be simplified for better comprehension by end users and project managers, facilitating issue resolution."
"Enhancing clarity regarding its compliance capabilities would be beneficial, as the current scope is limited in geographic coverage."
"Their customer support needs improvement."
"The cloud licensing unit system is unclear, especially since "units" aren't well-defined."
"We would like to see Windows-based sensors available in Qualys, as this would make the platform more versatile and support a broader range of environments."
"I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one."
"TotalCloud could improve the classification of vulnerabilities. Specifically, it could enhance the categorization of what aspects fall under patches resolved by OS or software updates and what pertains to configuration adjustments."
"The user interface is the only drawback of the product."
"The integration with third-party solutions such as ticketing solutions or CMDB solutions can be improved."
"One area that needs improvement is the contract management. My legal team required some partner requirements for that, and ManageEngine could not support it."
"Rapid7 Metasploit can add a GUI feature because it is only available online."
"The automated approach in the audits or in the hacking testing with Rapid7 Metasploit could be improved because even the same attack you provide today will go in different ways another day."
"At the time I was using it, the graphical user interface needed some improvements."
"Better automation capabilities would be an improvement."
"Integration with popular vulnerability scanners would be a useful feature."
"Metasploit cannot be installed on a machine with an antivirus."
"The scalability is not that good."
"I think areas with shortcomings that need improvement are more integration and automation."
 

Pricing and Cost Advice

"Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great."
"Qualys TotalCloud is expensive."
"While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced."
"Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits."
"The cost is high, but it meets our organizational needs."
"Qualys TotalCloud is cost-efficient and was selected for its value compared to other products."
"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."
"The price is very reasonable."
"I use the open-source version of this product. Pricing is not relevant."
"The cost is approximately $15 per device."
"I have used the free version of Rapid7 Metasploit."
"Rapid7 Metasploit is cheaper than Tenable.io Vulnerability Management."
"The great advantage with Rapid7 Metasploit, of course, is that it's free."
"Rapid7 Metasploit is an open-source solution."
"The pricing structure involves a one-time purchase cost of approximately twenty thousand dollars or euros for all customers."
"We pay monthly. The pricing is reasonable."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
902,588 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Financial Services Firm
12%
Construction Company
8%
Comms Service Provider
8%
Computer Software Company
8%
Manufacturing Company
10%
Construction Company
10%
Comms Service Provider
9%
Financial Services Firm
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
No data available
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise12
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What is your experience regarding pricing and costs for ManageEngine Vulnerability Manager Plus?
ManageEngine is considered an affordable solution, offering competitive pricing compared to similar solutions like Ut...
What needs improvement with ManageEngine Vulnerability Manager Plus?
The integration with third-party solutions such as ticketing solutions or CMDB solutions can be improved. The asset d...
What is your primary use case for ManageEngine Vulnerability Manager Plus?
I worked in an integrator solution company, and we implemented ManageEngine Vulnerability Manager Plus for different ...
What is your experience regarding pricing and costs for Rapid7 Metasploit?
The pricing of Rapid7 Metasploit is quite affordable. It has a free version that many customers start with, and after...
What needs improvement with Rapid7 Metasploit?
The automated approach in the audits or in the hacking testing with Rapid7 Metasploit could be improved because even ...
What is your primary use case for Rapid7 Metasploit?
I use Rapid7 Metasploit as a distributor, as an integrator, and as a user. I use Rapid7 Metasploit in my company inte...
 

Also Known As

Qualys TotalCloud with FlexScan
No data available
Metasploit
 

Overview

 

Sample Customers

Information Not Available
Information Not Available
City of Corpus Christi, Diebold, Lumenate, Nebraska Public Power District, Prairie North Regional Health, Apptio, Automation Direct, Bob's Stores, Cardinal Innovations Healthcare Solutions, Carnegie Mellon University
Find out what your peers are saying about ManageEngine Vulnerability Manager Plus vs. Rapid7 Metasploit and other solutions. Updated: June 2026.
902,588 professionals have used our research since 2012.