Rapid7 Metasploit Review

The integration between Nmap, the database and Metasploit saves a lot of time. The initial setup was a bit tricky.


What is our primary use case?

I use this solution to check if there are any vulnerabilities that I find during scanning.

How has it helped my organization?

The search engine is actually pretty cool. It actually allows you to search the vulnerability very fast, and the big difference is that the exploit you see on Metasploit has been tested and imported, it's going to work and it is not going to crash anything. That's a big thing. That's basically why I use it.

What is most valuable?

The most valuable one is the integration between Nmap, the database and Metasploit. That saves a lot of time.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

I had some issues with stability in the past, but it appears that the latest upgraded version has sorted out those issues.

What do I think about the scalability of the solution?

I do not think it scales. But, I do not understand why someone would want to scale Metasploit, at it is very specific on what you are attacking. It attacks a particular server. You can only scale if you are using Nmap.

How was the initial setup?

The initial setup was a bit "tweaky" for the open-source version.

What's my experience with pricing, setup cost, and licensing?

I use the open-source version, not the paid version of this product.

Which other solutions did I evaluate?

We looked at Metasploit vs Tenable Nessus and Metasploit vs OpenVAS. These solutions were more general scanners, and not as precise as Metasploit. 

What other advice do I have?

It's not possible to do penetration testing without being very proficient in Metasploit. It's impossible.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email