Metasploit is open source network security software described by Rapid7 as the world’s most used penetration testing framework, designed to help security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness.
A de minimis incentive was given to thank the reviewer for their time. The incentive was not used to bias or drive a particular response, nor was the incentive contingent on a positive endorsement. More Info
A de minimis incentive was given to thank the reviewer for their time. The incentive was not used to bias or drive a particular response, nor was the incentive contingent on a positive endorsement. More Info
A de minimis incentive was given to thank the reviewer for their time. The incentive was not used to bias or drive a particular response, nor was the incentive contingent on a positive endorsement. More Info
Verified User
Consultant in Information Technology (1001-5000 employees employees)
Pros
Test known exploits
Segregated workspaces for different projects
Updated databases of exploits
Cons
Improve dashboard to allow C levels to better understand the concerns
Exporting the results or integrate with reporting tools
A de minimis incentive was given to thank the reviewer for their time. The incentive was not used to bias or drive a particular response, nor was the incentive contingent on a positive endorsement. More Info
Verified User
Engineer in Information Technology (501-1000 employees employees)
Pros
Scanning our network for new or existing vulnerable systems.
Automation of manual tests and exploits to allow what used to be days of effort to be squeezed into hours.
Metasploit has become an integral part in our validation of new systems before their inclusion in our production network.
Cons
The use of Metasploit in an active environment is scary. The chance of damage to targeted systems increases exponentially as the experience of the user goes down. In some ways, I feel Metasploit has made an industry we all need to stay difficult, accessible to anyone.
Exploit updates for the last couple of years have slowed down as the use cases for Metasploit have changed. With so much of the program being driven by the paid versions since the Rapid7 purchase, they really could do with some official exploit support instead of leaning on the public community so hard.
Windows versions feel like an afterthought, performance differences are staggering. Run Linux for this one.
Return on Investment
Decreased our reliance on third party services for internal testing.
Increased our awareness of patch management, allowed for an easy case to be made for funding.
A de minimis incentive was given to thank the reviewer for their time. The incentive was not used to bias or drive a particular response, nor was the incentive contingent on a positive endorsement. More Info
Verified User
Engineer (11-50 employees employees)
Pros
Workspaces: Metasploit allows for the creation of "workspaces," which allow for shared and collaborative penetration testing.
Information management: Metasploit stores and displays detailed information about devices and networks that would otherwise be difficult to manage.
Community driven: Many developers from all over the world contribute to Metasploit. This helps to keep it functioning well and up-to-date.
Cons
If Metasploit could support payloads written in languages other than Ruby, that would be amazing and could help draw in a larger set of contributors.
Return on Investment
Positive: Improves efficiency of our network penetration testing operations.
Positive: Allows for collaboration and information sharing during a penetration test.