We performed a comparison between Rapid7 Metasploit and Tenable Nessus based on real PeerSpot user reviews.
Find out in this report how the two Vulnerability Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features of the solution are the scripts, the modules, and the tools that the Rapid7 Metasploit framework has."
"The tool's most useful feature for penetration testing is its automation capabilities. With the professional edition, you can upload the results from Nessus in the Rapid7 Metasploit solution portal."
"The most valuable feature for us is the support for testing Linux-based web server components."
"The option to generate phishing emails has proven to be very valuable in understanding the behavior of users."
"I use Rapid7 Metasploit for payload generation and Post-Exploitation."
"It allows us to concentrate solely on identified vulnerabilities without the hassle of additional setup."
"Stability-wise, I rate the solution a nine out of ten...Scalability-wise, I rate the solution a nine out of ten."
"The reporting on the solution is good."
"It gives a holistic view of your entire environment."
"The most valuable feature of Tenable Nessus is vulnerability assessments. There are a lot of threats around the world and this solution is the first to come out with detection rules."
"The features of Tenable Nessus that I have found most valuable are its reliability and its ability to collate a dependable output, where we are able to get the same vulnerability when we test manually. The output is quite reliable."
"It gives you an unlimited IP scan."
"The most valuable features are that it's fast, it's easy to use and it provides good reports."
"I like its ease of use. It has the script that is pre-built in it, and you just got to know which ones you're looking for."
"I like this solution because it is complete. It can scan and check many types of vulnerabilities. It can also check for compliance."
"Once you get past the initial implementation, the solution is very stable."
"Rapid7 Metasploit can add a GUI feature because it is only available online."
"The open-source version has reporting limitations. You need to develop these capabilities yourself. Built-in reporting is an excellent feature for penetration testing, but it isn't a must-have. The solution could also cover more vulnerabilities. Metasploit has around 10,000 exploits in its library, but more is always better."
"Advanced Infrastructure should be implemented in the next release for better orchestration."
"Better automation capabilities would be an improvement."
"It is necessary to add some training materials and a tutorial for beginners."
"At the time I was using it, the graphical user interface needed some improvements."
"If your company's patch is not up to date, but you have other detection or defense solutions such as endpoint detection and response and antivirus software, the product exploit may not work effectively. This is because its exploit database update process is slow and not real-time. For zero-day vulnerabilities or new security threats, relying on Rapid7 Metasploit alone may not be effective."
"There are numerous outdated exploits in their database that should be updated."
"This is still a maturing product. Tenable is only a scanner for one ability, while other solutions like Rapid7 have more tools for verification. We still have to manually verify to see if the vulnerability is a false positive or not."
"They need more flexible pricing."
"I have found it is sometimes difficult to control the Zoom meeting sessions. For example, it is difficult to know who is talking and when trying to mute everyone but the speaker you end up muting everyone. When using multiple screens it is laborious to find the control buttons, such as to start a session. Additionally, when a recording is done I have found it difficult to find them, there should be an easier way to retrieve them."
"The inventory management function in this solution needs improvement."
"The reporting feature needs to be improved."
"We would like to have the option of using the solution for the cloud as well as on-premises with the same license at the same time. That would be very helpful."
"Tenable Nessus could improve the reporting by adding some dashboards. The reports are a hassle at this time. Tenable.io has more detailed reports. Having a better dashboard that can show where the vulnerabilities are and be categorized would be helpful. We then could present them to upper management for a deep overview of our network posture which they do not see."
"It wasn't very clear how the scripts are running the scans. There's information about the script but it's not straightforward. The script information for each of the plugins should be available, but it doesn't give us straightforward direct information about how it was executed. That needs to be more clear."
Rapid7 Metasploit is ranked 13th in Vulnerability Management with 18 reviews while Tenable Nessus is ranked 3rd in Vulnerability Management with 75 reviews. Rapid7 Metasploit is rated 7.6, while Tenable Nessus is rated 8.4. The top reviewer of Rapid7 Metasploit writes "Helps find vulnerabilities in a system to determine whether the system needs to be upgraded". On the other hand, the top reviewer of Tenable Nessus writes "Unlimited assets for one price and quick, agentless results". Rapid7 Metasploit is most compared with Pentera, Acunetix, Rapid7 InsightVM, Nucleus and Wireshark, whereas Tenable Nessus is most compared with Qualys VMDR, Rapid7 InsightVM, Tenable Vulnerability Management, Tenable Security Center and Amazon Inspector. See our Rapid7 Metasploit vs. Tenable Nessus report.
See our list of best Vulnerability Management vendors.
We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.