Metasploit

Score9 out of 10

19 Reviews and Ratings

Community insights

TrustRadius Insights for Metasploit are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.

Pros

Easy to use: Users have found Metasploit to be easy to use, with several reviewers highlighting its intuitive interface and seamless navigation. Some users felt that the tool was user-friendly.

Integration with other tools: The integration of Metasploit with other tools like NMAP has been praised by many reviewers for enhancing its functionality and expanding its capabilities. Several users appreciated the seamless integration of Metasploit with complementary tools.

Automation capabilities: Many users have emphasized the automation capabilities of Metasploit, stating that it significantly reduces the time and effort required for manual tests and exploits. A significant number of reviewers highlighted the time-saving benefits provided by the automation features in Metasploit.

Reviews

5 Reviews

Good Tool for VAPT

Rating: 10 out of 10

Incentivized

April 29, 2021

Use Cases and Deployment Scope

Metasploit is used by my organization to identify system weakness and attempt to exploit them to demonstrate the weakness. It is an easy tool used by the security team to identify, isolate, and demonstrate the weakness and allow for verification of the remediations. As an industry-recognized tool, there is no dispute from different vendors when using the tool.

Pros

Test known exploits
Segregated workspaces for different projects
Updated databases of exploits

Cons

Improve dashboard to allow C levels to better understand the concerns
Exporting the results or integrate with reporting tools
Options to manage the payloads

Likelihood to Recommend

It is easy to use with sufficient documentation on how to use the tools for end users or newbies. Experienced testers will find it easy to customise and configure the test cases. Just wished that I could have taken up a course on using this tool in my study days so that I could had explored more and improved my familiarity with the tool, unlike when working where access and time to explore the other features of the tool is limited.

Verified User

Consultant in Information Technology (1001-5000 employees)

Vetted Review

8 years of experience

Auditing with Metasploit

Rating: 9 out of 10

Incentivized

November 19, 2019

Use Cases and Deployment Scope

Well we use Metasploit in two areas of the company. Intern audit and security of systems to test network security, the applications and some other technologies of IT and OT. By knowing the most common exploits and hacking techniques we improve the controls in order to mitigate the risks and better understand the anatomy of an attack.

Pros

Easy to use.
Many exploits available.
Multi-platform.

Cons

Some exploits need a bit of intervention to work.

Likelihood to Recommend

In security of information it's vital to think like a hacker and it's important to know the tools they use for attacks. So this software gives you the exploits that are already in the wild and to the access of everyone. That's very dangerous so you have to be aware of it.

Omar Israel Sánchez Monroy

Auditor de Seguridad de la Información in Information Technology at Peñoles (5001-10,000 employees)

Vetted Review

5 years of experience

View profile

Verify and learn with Metasploit

Rating: 9 out of 10

Incentivized

May 14, 2018

Use Cases and Deployment Scope

I have used Metasploit in my current and past positions to validate vulnerabilities found in other scanners and to run additional scans and tests not found by a vulnerability scanner. Metasploit is also very good for server hardening by allowing full testing before deployment.

Pros

Vulnerability exploiting
Tool integration such as with NMAP
Very intuitive interface and searching

Cons

More robust menus
Better plugin inter-operation

Likelihood to Recommend

Very useful for exploitation validation. When a vulnerability scanner shows a machine is vulnerable to an exploit manual testing is always a preferred practice to ensure it is not a false positive from the scanner. Manual validation allows the tester to better understand the exploit and how to properly defend from it.

Alan Matson, CCNA:S, MCP

Senior Network Security Engineer in Information Technology at Insight (5001-10,000 employees)

Vetted Review

10 years of experience

View profile

Metasploit - Pen Testing at it's easiest

Rating: 10 out of 10

Incentivized

April 4, 2017

Use Cases and Deployment Scope

I regularly use the Metasploit framework to run our internal security tests. It helps to identify possible weaknesses in our internal network before compromise occurs. It's also on many occasions helped me justify sometimes costly updates to software and business practices by allowing me to illustrate a vulnerability's possible use in the wild.

Pros

Scanning our network for new or existing vulnerable systems.
Automation of manual tests and exploits to allow what used to be days of effort to be squeezed into hours.
Metasploit has become an integral part in our validation of new systems before their inclusion in our production network.

Cons

The use of Metasploit in an active environment is scary. The chance of damage to targeted systems increases exponentially as the experience of the user goes down. In some ways, I feel Metasploit has made an industry we all need to stay difficult, accessible to anyone.
Exploit updates for the last couple of years have slowed down as the use cases for Metasploit have changed. With so much of the program being driven by the paid versions since the Rapid7 purchase, they really could do with some official exploit support instead of leaning on the public community so hard.
Windows versions feel like an afterthought, performance differences are staggering. Run Linux for this one.

Likelihood to Recommend

Metasploit stands on its own in the Pen Testing world. If you're going to run your own in-house tests then get the free version and learn it. You'll see its value quickly.

Verified User

Engineer in Information Technology (501-1000 employees)

Vetted Review

10 years of experience

Metasploit Unleashed - Organized Collaborative Pentesting

Rating: 10 out of 10

Incentivized

August 1, 2016

Use Cases and Deployment Scope

Metasploit is one of the commonly used frameworks inside of our network security department. Our teams are able to use Metasploit's workspace system to work collaboratively on large, comprehensive network penetration tests. Metasploit helps to launch payloads and to gather and store information about systems.

Pros

Workspaces: Metasploit allows for the creation of "workspaces," which allow for shared and collaborative penetration testing.
Information management: Metasploit stores and displays detailed information about devices and networks that would otherwise be difficult to manage.
Community driven: Many developers from all over the world contribute to Metasploit. This helps to keep it functioning well and up-to-date.

Cons

If Metasploit could support payloads written in languages other than Ruby, that would be amazing and could help draw in a larger set of contributors.

Likelihood to Recommend

Collaborative network penetration testing: Workspaces allow for team members to work together and securely share information during a network penetration test.

Information management: Metasploit stores and displays information in an organized, easy-to-manage format. The framework can store detailed information about thousands of devices, as well as "loot," such as usernames, passwords, credit card information, and other sensitive information captured during a penetration test.

Verified User

Engineer (11-50 employees)

Vetted Review

3 years of experience

Loading Reviews List....