Coming October 25: PeerSpot Awards will be announced! Learn more

Rapid7 Metasploit OverviewUNIXBusinessApplication

Rapid7 Metasploit is #13 ranked solution in top Vulnerability Management tools. PeerSpot users give Rapid7 Metasploit an average rating of 7.8 out of 10. Rapid7 Metasploit is most commonly compared to Tenable Nessus: Rapid7 Metasploit vs Tenable Nessus. Rapid7 Metasploit is popular among the large enterprise segment, accounting for 55% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a comms service provider, accounting for 22% of all views.
Buyer's Guide

Download the Vulnerability Management Buyer's Guide including reviews and more. Updated: September 2022

What is Rapid7 Metasploit?

Attackers are always developing new exploits and attack methods—Metasploit penetration testing software helps you use their own weapons against them. Utilizing an ever-growing database of exploits, you can safely simulate real-world attacks on your network to train your security team to spot and stop the real thing.

Rapid7 Metasploit was previously known as Metasploit.

Rapid7 Metasploit Customers

City of Corpus Christi, Diebold, Lumenate, Nebraska Public Power District, Prairie North Regional Health, Apptio, Automation Direct, Bob's Stores, Cardinal Innovations Healthcare Solutions, Carnegie Mellon University

Rapid7 Metasploit Video

Archived Rapid7 Metasploit Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Senior Information Technology Security Officer at a financial services firm with 501-1,000 employees
Real User
Good reporting; very good at detecting vulnerabilities, and quite stable
Pros and Cons
  • "The reporting on the solution is good."
  • "The solution should improve the responsiveness of its live technical support."

What is our primary use case?

We're using the solution in conjunction with some governmental agencies.

What is most valuable?

The solution automatically discovers vulnerabilities. We don't need to update or fine-tune the tool. It automatically handles that itself.

The reporting on the solution is good.

What needs improvement?

The solution should be more user friendly. Right now, a user needs a certain level of technicality.

The solution should improve the responsiveness of its live technical support.

What do I think about the stability of the solution?

The solution has been stable so far. I hope it stays that way. We haven't experienced bugs or glitches. There haven't been crashes.

Buyer's Guide
Vulnerability Management
September 2022
Find out what your peers are saying about Rapid7, Tenable Network Security, Qualys and others in Vulnerability Management. Updated: September 2022.
635,987 professionals have used our research since 2012.

What do I think about the scalability of the solution?

So far, for our purposes, we've never run into issues with scalability. It's been good. I'm not sure how it would be for other companies, however, I don't forsee there being any issues if they should require the solution to expand to meet their needs.

How are customer service and support?

Technical support is okay. If you access its resources online, it's quite helpful. However, if you need to contact them directly, they can be quite sluggish in their response. It's sort-of unpredictable.

Which solution did I use previously and why did I switch?

We did use different solutions previously. I know of a few other products the organization utilized before this product.

How was the initial setup?

The initial setup isn't too complex. If you have a bit of a technical background, you should be fine installing the solution without facing any issues. A person with no technical background, however, may find it challenging.

What's my experience with pricing, setup cost, and licensing?

The pricing of the solution is pretty good. That said, it would be good if there could be more of a discount. It would be better for us.

What other advice do I have?

I used the product previously. Now, I am more of a consultant.

I'm not sure what version of the solution I'm currently using is.

This product is fantastic. I prefer using it. I'd rate it seven out of ten. If it wasn't for the unpredictable support, I would rate it a bit higher. If it added just a few more advancements, it would be even better still.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Principal security consultant at a computer software company with 201-500 employees
Real User
Straightforward to set up, and helpful for moving from development to production
Pros and Cons
  • "The most valuable feature for us is the support for testing Linux-based web server components."
  • "Better automation capabilities would be an improvement."

What is our primary use case?

We are a solution provider and we offer a variety of services that include security and vulnerability management. Rapid7 Metasploit is one of the products that we use to identify vulnerabilities.

Specifically, Metasploit is for penetration testing. It uses models to check for exploitable vulnerabilities, and if one is detected then we would raise the importance of solving the problem. We normally operate Metasploit at the client site, which helps us to explore and assess the vulnerabilities directly in the environment.

How has it helped my organization?

This solution allows us to offer additional services to our clients. Projects can vary, where one will include vulnerability testing and another may include penetration testing.

One of the services that we provide is security during the development process. This means that beyond user acceptance and performance testing, we are doing all of the security tests. It helps customers ensure that the code they are developing and deploying has all of the necessary security controls.

What is most valuable?

The most valuable feature for us is the support for testing Linux-based web server components.

What needs improvement?

Integration with popular vulnerability scanners would be a useful feature.

Better automation capabilities would be an improvement. For example, if a project is moving from a development to a testing environment, then automation is crucial. We are using Jenkins, JIRA, and other tools for SecOps and DevOps. If somebody is storing code or a project in SVN then it needs to be fully automated. We need the ability for the scanner to run, then have Checkmarx scan them, then exploit the vulnerabilities if any are found. 

For how long have I used the solution?

We began working with Metasploit about 15 years ago.

What do I think about the stability of the solution?

I do not have any complaints about stability, as it has been fine.

What do I think about the scalability of the solution?

For the projects that we have worked on, the scalability has been fine. I'm not sure how it would perform in a hybrid environment, but for our on-premises deployment, it is quite a nice product.

We have a team of 12 people and it is used for perhaps 10 large companies.

How are customer service and technical support?

We have not been in contact with technical support.

Which solution did I use previously and why did I switch?

When we do application-level penetration testing, we employ some manual techniques. Metasploit is generally used at the infrastructure level. We did not use another solution prior to this one.

How was the initial setup?

The initial setup is pretty straightforward. We have been working with this product for several years and it isn't a problem for us to set it up. The deployment can be completed in a matter of hours, depending on the size of the environment.

What other advice do I have?

For our needs, which is usually a dedicated environment for our customers, I cannot envision any significant improvements that need to be made.

My advice for anybody who is considering this solution is that it works well as a component in a vulnerability testing platform. We use a combination of tools with a certain level of automation and integration, which gives us the flexibility that we need to accommodate customers with differing needs. There is no one tool in the market that covers everything and ultimately, Metasploit helps to produce the reports that we need.

The biggest lesson that I have learned from using this product is that if proper security checks are not done during the development process then very likely, you will face major vulnerabilities or risks in the production environment.

Overall, it is a very good product for penetration testing.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Vulnerability Management
September 2022
Find out what your peers are saying about Rapid7, Tenable Network Security, Qualys and others in Vulnerability Management. Updated: September 2022.
635,987 professionals have used our research since 2012.
Information Security and Governance Lead Engineer at a comms service provider with 1,001-5,000 employees
Real User
It helps us understand the behaviors of our users. However, the GUI needs improvement.
Pros and Cons
  • "The option to generate phishing emails has proven to be very valuable in understanding the behavior of users."
  • "It contains almost all the available exploits and payloads."
  • "Metasploit cannot be installed on a machine with an antivirus."
  • "It is necessary to add some training materials and a tutorial for beginners."

What is our primary use case?

We use it for penetration testing of our internal systems. 

What is most valuable?

  • The option to generate phishing emails has proven to be very valuable in understanding the behavior of users. 
  • It contains almost all the available exploits and payloads. 
  • The in-built Wireshark is valuable in performing packet analysis. 
  • It has different installation files for different OSs.

What needs improvement?

  • The GUI version is not as effective as a command prompt. For general users, the PT using GUI could be improved. At the same, the track of a phishing emails were not accurate sometimes. Rapid7 could work on this further. 
  • Metasploit cannot be installed on a machine with an antivirus. This could be improved. 
  • There were times when it hung, then I had to restart the DB service. This leaves an area of improvement for them.
  • It is necessary to add some training materials and a tutorial for beginners.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It is a very robust and stable product. 

What do I think about the scalability of the solution?

Its scalability can be improved.

How is customer service and technical support?

The tech support was not as robust as our prior experience with Cisco. With Cisco, we had immediate response. 

How was the initial setup?

The initial setup was easy and straightforward. 

There is also a manual setup available for installation, both for Windows and Linux. We just had to uninstall the antivirus and disable the firewall. This is not recommended. 

What's my experience with pricing, setup cost, and licensing?

It is expensive. Our license expired, and our company is not thinking to renew because of our budget. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Senior Manager of System Security at a tech services company with 1,001-5,000 employees
Real User
The integration between Nmap, the database and Metasploit saves a lot of time. The initial setup was a bit tricky.
Pros and Cons
  • "It's not possible to do penetration testing without being very proficient in Metasploit."
  • "The initial setup was a bit "tweaky" for the open-source version."

What is our primary use case?

I use this solution to check if there are any vulnerabilities that I find during scanning.

How has it helped my organization?

The search engine is actually pretty cool. It actually allows you to search the vulnerability very fast, and the big difference is that the exploit you see on Metasploit has been tested and imported, it's going to work and it is not going to crash anything. That's a big thing. That's basically why I use it.

What is most valuable?

The most valuable one is the integration between Nmap, the database and Metasploit. That saves a lot of time.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

I had some issues with stability in the past, but it appears that the latest upgraded version has sorted out those issues.

What do I think about the scalability of the solution?

I do not think it scales. But, I do not understand why someone would want to scale Metasploit, at it is very specific on what you are attacking. It attacks a particular server. You can only scale if you are using Nmap.

How was the initial setup?

The initial setup was a bit "tweaky" for the open-source version.

What's my experience with pricing, setup cost, and licensing?

I use the open-source version, not the paid version of this product.

Which other solutions did I evaluate?

We looked at Metasploit vs Tenable Nessus and Metasploit vs OpenVAS. These solutions were more general scanners, and not as precise as Metasploit. 

What other advice do I have?

It's not possible to do penetration testing without being very proficient in Metasploit. It's impossible.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user1065 - PeerSpot reviewer
Senior Manager of Data Center at a integrator with 51-200 employees
Vendor
Metasploit is the top choice of the best information security professionals and penetration testers

Valuable Features:

Good features- 1) Availability of both graphical and command line interfaces. 2) HTML based report collection 3) Integration with PostgreSQL 4) Integration of NMAP for network scanning, brute force techniques 5) Around 800 active modules with exploits for linux, bsd , microsoft and MacOS 6) Collaboration with team feature also available 7) Open Source 8)Integration with Backtrack OS

Room for Improvement:

Few cons of metasploit are 1) Exploit updates are slow after security patches to a certain OS 2) High resource utilization when run under Window7 and Windows Server 2008 R2 3) Fewer browser exploits 4) Payloads not extremely effective against updated anti viruses.

Other Advice:

Metasploit is the most favored toolkit for network security professionals and penetration testers. It is one of the best tools for zero day exploits and payloads for operating systems such as, Microsoft Windows, Linux, and Sun Solaris. Metasploit, which has been written in Ruby, provides the ability to seamlessly create and simulate attacks on networks and provide protection. It deals with the largest database of exploits, till date available, in a single tool for both active and passive attacks on networks and applications.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Vulnerability Management Report and find out what your peers are saying about Rapid7, Tenable Network Security, Qualys, and more!
Updated: September 2022
Product Categories
Vulnerability Management
Buyer's Guide
Download our free Vulnerability Management Report and find out what your peers are saying about Rapid7, Tenable Network Security, Qualys, and more!