We performed a comparison between Rapid7 Metasploit and Tenable Nessus based on real PeerSpot user reviews.
Find out in this report how the two Vulnerability Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's not possible to do penetration testing without being very proficient in Metasploit."
"Rapid7 Metasploit is a useful product."
"The tool's most useful feature for penetration testing is its automation capabilities. With the professional edition, you can upload the results from Nessus in the Rapid7 Metasploit solution portal."
"It contains almost all the available exploits and payloads."
"It is scalable. It's in line with our needs."
"I don't have any other tools like it, and I always use it when I'm doing a pen test. Metasploit is a great solution for penetration testing,"
"It allows us to concentrate solely on identified vulnerabilities without the hassle of additional setup."
"The most valuable features of the solution are the scripts, the modules, and the tools that the Rapid7 Metasploit framework has."
"Makes ransomware checking and OS auditing and implementation relatively easy."
"It is a mature tool."
"Tenable Nessus is one of the best vulnerability assessment tools, that I know."
"The stability is very good."
"Nessus is effortless to integrate."
"The scanning capabilities are most valuable when compared to Nessus."
"The reports are pretty nice and easy to understand."
"The most valuable feature of Tenable Nessus is the GUI and user-friendliness. Additionally, the environment is easy to work with."
"We'd like them to offer better coverage of malware."
"Rapid7 Metasploit could be made easier for new users to learn."
"Metasploit cannot be installed on a machine with an antivirus."
"The solution is not very scalable, it does not provide any automation to be able to scale it."
"The open-source version has reporting limitations. You need to develop these capabilities yourself. Built-in reporting is an excellent feature for penetration testing, but it isn't a must-have. The solution could also cover more vulnerabilities. Metasploit has around 10,000 exploits in its library, but more is always better."
"Advanced Infrastructure should be implemented in the next release for better orchestration."
"It is necessary to add some training materials and a tutorial for beginners."
"The initial setup was a bit "tweaky" for the open-source version."
"The reporting is a bit cumbersome."
"Pricing is one of the most important features, and it is something that they can improve on."
"We have had some false positives in the past, which we hope can improve in the future."
"The features are limited when it comes to scanning network devices for vulnerabilities."
"It wasn't very clear how the scripts are running the scans. There's information about the script but it's not straightforward. The script information for each of the plugins should be available, but it doesn't give us straightforward direct information about how it was executed. That needs to be more clear."
"Nessus' reporting could be more user-friendly."
"Tenable Nessus could improve the price."
"The report for counters is too simple and would be improved by a dashboard."
Rapid7 Metasploit is ranked 13th in Vulnerability Management with 18 reviews while Tenable Nessus is ranked 3rd in Vulnerability Management with 75 reviews. Rapid7 Metasploit is rated 7.6, while Tenable Nessus is rated 8.4. The top reviewer of Rapid7 Metasploit writes "Helps find vulnerabilities in a system to determine whether the system needs to be upgraded". On the other hand, the top reviewer of Tenable Nessus writes "Unlimited assets for one price and quick, agentless results". Rapid7 Metasploit is most compared with Pentera, Acunetix, Rapid7 InsightVM, Nucleus and Wireshark, whereas Tenable Nessus is most compared with Qualys VMDR, Rapid7 InsightVM, Tenable Vulnerability Management, Tenable Security Center and Amazon Inspector. See our Rapid7 Metasploit vs. Tenable Nessus report.
See our list of best Vulnerability Management vendors.
We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.