We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"The reporting on the solution is good."
"The solution is open source and has many small targetted penetration tests that have been written by many people that are useful. You can choose different subjects for the test, such as Oracle databases or Apache servers."
"Rapid7 Metasploit is a useful product."
"All of the features are great."
"The most valuable feature for us is the support for testing Linux-based web server components."
"Scanners and reports using CIS templates ("de-facto" standard, easy to fix and to locate correction tips at documentation), tests against cloud providers, database profiles, several types of telecom devices, and others highly customizable scans."
"The automatic scanner and scheduler are pretty cool."
"The reports are pretty nice and easy to understand."
"I have experience with it on my attack stations, and it's pretty good to optimize. Personally, I think Nessus is quite a good product."
"I like its ease of use. It has the script that is pre-built in it, and you just got to know which ones you're looking for."
"I have found the vulnerability assessment and the reports to be useful."
"Out of the box, the product works well for us, so it's not a tool that we need to customize very much."
"The most valuable features are that it's fast, it's easy to use and it provides good reports."
"At the time I was using it, the graphical user interface needed some improvements."
"Rapid7 Metasploit can add a GUI feature because it is only available online."
"The solution is not very scalable, it does not provide any automation to be able to scale it."
"Better automation capabilities would be an improvement."
"The solution should improve the responsiveness of its live technical support."
"The reporting feature needs to be improved."
"It wasn't very clear how the scripts are running the scans. There's information about the script but it's not straightforward. The script information for each of the plugins should be available, but it doesn't give us straightforward direct information about how it was executed. That needs to be more clear."
"The solution could improve by having better integration with different vendors' IPS solutions. The ACLs and IPS policies signatures should be enabled based on the results of Tenable Nessus automatically, we currently have to do it manually which is very time-consuming. It has done a good job integrating with Fortinet but we would like it to be better integrated with other solutions that we have."
"Consumes more system resources when it's running."
"We would like to have the option of using the solution for the cloud as well as on-premises with the same license at the same time. That would be very helpful."
"Remediation needs improvement."
"We'd like to see more integration potential within the solution."
"The features are limited when it comes to scanning network devices for vulnerabilities."
"The great advantage with Rapid7 Metasploit, of course, is that it's free."
"There are two versions available, one of which is the Pro version, and the other is the free version."
"The price is reasonable."
"The price of the solution is reasonable."
"We incurred a single cost for a perpetual license, although I cannot comment on the price as this is above my management level."
"We pay approximately $2,500 on a yearly basis."
"One problem with Tenable is its pricing policy. Optimal results can be achieved with Greenbone Solutions which has much more friendly pricing policies."
"In general, it is extremely expensive."
"There is an annual license required to use this solution."
"The solution has free options."
Attackers are always developing new exploits and attack methods—Metasploit penetration testing software helps you use their own weapons against them. Utilizing an ever-growing database of exploits, you can safely simulate real-world attacks on your network to train your security team to spot and stop the real thing.
Nessus Professional is the industry’s most widely deployed assessment solution for identifying the vulnerabilities, configuration issues, and malware that attackers use to penetrate your, or your customer's network. With the broadest coverage, the latest intelligence, rapid updates, and an easy-to-use interface, Nessus offers an effective and comprehensive vulnerability scanning package for one low cost.
Rapid7 Metasploit is ranked 10th in Vulnerability Management with 5 reviews while Tenable Nessus is ranked 1st in Vulnerability Management with 22 reviews. Rapid7 Metasploit is rated 7.6, while Tenable Nessus is rated 8.2. The top reviewer of Rapid7 Metasploit writes "Straightforward to set up, and helpful for moving from development to production". On the other hand, the top reviewer of Tenable Nessus writes "Easy to use, good support, and gives full reports of what's vulnerable per device". Rapid7 Metasploit is most compared with Rapid7 InsightVM, Wireshark, Darktrace, Qualys VM and Acunetix by Invicti, whereas Tenable Nessus is most compared with Rapid7 InsightVM, Tenable.io Vulnerability Management, Qualys VM, Tenable SC and Microsoft Intune. See our Rapid7 Metasploit vs. Tenable Nessus report.
See our list of best Vulnerability Management vendors.
We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.