Rapid7 Metasploit Room for Improvement
AdeelAgha
Team Lead - Cyber Security & Compliance at Al Tuwairqi Group
Rapid7 is able to identify vulnerabilities, but the only way to remediate them is to manually apply patches. This can be time-consuming, as evidenced by the six months it took our team to remediate vulnerabilities found in the Tenable ICS and OT security VT. To make this process easier, there should be an automated system or API to align with the PET solution, allowing systems to quickly align with it.
The solution is not user-friendly and has room for improvement.
I would like a feature for mobile tracking, allowing us to operate it from a mobile device or at least track it technologically, the basic functionality would be something I would like. For example, when I execute a vulnerability assessment activity, it takes around two to three days to complete all the plans. In order to track that, I would have to log into my system repeatedly. Therefore, I would like to have a feature that allows me to track it from my mobile device.
Md. Shahriar Hussain
Cybersecurity and Compliance Lead Engineer at Banglalink
If your company's patch is not up to date, but you have other detection or defense solutions such as endpoint detection and response and antivirus software, the product exploit may not work effectively. This is because its exploit database update process is slow and not real-time. For zero-day vulnerabilities or new security threats, relying on Rapid7 Metasploit alone may not be effective.
Adding features to Rapid7 Metasploit that enhance evasion of Endpoint Detection and Response systems would significantly improve its utility within modern organizations.
View full review »
Andrei Bigdan
Executive Manager at B2B-solutions.pro
There are numerous outdated exploits in their database that should be updated.
View full review »Buyer's Guide
Vulnerability Management
March 2024
Find out what your peers are saying about Rapid7, Tenable, Invicti and others in Vulnerability Management. Updated: March 2024.
767,319 professionals have used our research since 2012.
Alen Bohcelyan
Cyber Security Director at Coca-Cola Icecek AS
The open-source version has reporting limitations. You need to develop these capabilities yourself. Built-in reporting is an excellent feature for penetration testing, but it isn't a must-have. The solution could also cover more vulnerabilities. Metasploit has around 10,000 exploits in its library, but more is always better.
View full review »
Agustinus DWIJOKO
Network & Security Engineer at PT. Centrin Online Prima
It would be better if Metasploit had a wider module, to do explorations of vulnerabilities. We'd like them to offer better coverage of malware.
Agustinus DWIJOKO
Network & Security Engineer at PT. Centrin Online Prima
Advanced Infrastructure should be implemented in the next release for better orchestration.
View full review »
Rostum Tampor
Solutions Engineer at Gefura Inc.
I think areas with shortcomings that need improvement are more integration and automation.
View full review »SE
reviewer2295975
Senior cybersecurity engineer at a aerospace/defense firm with 5,001-10,000 employees
I would like to see more capabilities, more functions, and more features. More types of attack vectors.
View full review »AS
reviewer1088721
Principal security consultant at a computer software company with 201-500 employees
Integration with popular vulnerability scanners would be a useful feature.
Better automation capabilities would be an improvement. For example, if a project is moving from a development to a testing environment, then automation is crucial. We are using Jenkins, JIRA, and other tools for SecOps and DevOps. If somebody is storing code or a project in SVN then it needs to be fully automated. We need the ability for the scanner to run, then have Checkmarx scan them, then exploit the vulnerabilities if any are found.
View full review »MM
reviewer1432815
Project Director at a tech services company with 1,001-5,000 employees
At the time I was using it, the graphical user interface needed some improvements. It might be better now because there was a very big community behind it, and of course, newer versions are always improved. The free, community edition I was using, lacked some very specific exploits but, as I remember, under the commercial version, you could find your exploits.
All the features that are available on the command line could be integrated with the graphical user interface.
View full review »EG
reviewer1369920
Senior Information Technology Security Officer at a financial services firm with 501-1,000 employees
The solution should be more user friendly. Right now, a user needs a certain level of technicality.
The solution should improve the responsiveness of its live technical support.
View full review »VC
reviewer2378706
Senior Cyber Security Analyst at a tech services company with 501-1,000 employees
Rapid7 Metasploit could be made easier for new users to learn.
View full review »ME
reviewer1674711
Senior Cyber Security Specialist at a tech services company with 1,001-5,000 employees
Rapid7 Metasploit can add a GUI feature because it is only available online.
While it is simple to use, including a GUI would make things easier. It would be very helpful.
View full review »AA
Informate5e5
Information Security and Governance Lead Engineer at a comms service provider with 1,001-5,000 employees
- The GUI version is not as effective as a command prompt. For general users, the PT using GUI could be improved. At the same, the track of a phishing emails were not accurate sometimes. Rapid7 could work on this further.
- Metasploit cannot be installed on a machine with an antivirus. This could be improved.
- There were times when it hung, then I had to restart the DB service. This leaves an area of improvement for them.
- It is necessary to add some training materials and a tutorial for beginners.
it_user1065
Senior Manager of Data Center at a integrator with 51-200 employees
Few cons of metasploit are
1) Exploit updates are slow after security patches to a certain OS
2) High resource utilization when run under Window7 and Windows Server 2008 R2
3) Fewer browser exploits
4) Payloads not extremely effective against updated anti viruses.
View full review »
Buyer's Guide
Vulnerability Management
March 2024
Find out what your peers are saying about Rapid7, Tenable, Invicti and others in Vulnerability Management. Updated: March 2024.
767,319 professionals have used our research since 2012.
Buyer's Guide
Download our free Vulnerability Management Report and find out what your peers are saying about Rapid7, Tenable, Invicti, and more!
Updated: March 2024
Product Categories
Vulnerability ManagementPopular Comparisons
Darktrace
Qualys VMDR
Tenable Nessus
Tenable Security Center
Tenable Vulnerability Management
Rapid7 InsightVM
Vectra AI
Fortinet FortiWeb
Cato SASE Cloud Platform
Orca Security
Acunetix
Pentera
Akamai Guardicore Segmentation
Illumio
Buyer's Guide
Download our free Vulnerability Management Report and find out what your peers are saying about Rapid7, Tenable, Invicti, and more!
Quick Links
Learn More:
- Primary Use Case
- Valuable Features
- Room for Improvement
- Customer Service and Support
- Initial Setup
- ROI
- Pricing
- Other Advice
- How inadvisable is it to use a single vulnerability analysis tool?
- What are the benefits of continuous scanning for vulnerability management?
- What is a more effective approach to cyber defense: risk-based vulnerability management or vulnerability assessment?
- When evaluating Vulnerability Management, what aspect do you think is the most important to look for?
- What are the main KPIs that need to be implemented to have better posture in vulnerability projects?
- How do you use the MITRE ATT&CK framework for improving enterprise security?
- What are your recommended automated penetration testing tools?
- Can you recommend API for Tenable Connector into ServiceNow
- What penetration testing tool (or tools) do you recommend for SMB/SME?
- Which tool would you recommend for vulnerability management in your infrastructure?
