Metasploit Express

Metasploit Express enables IT professionals to easily verify whether vulnerabilities are exploitable, prioritize their mitigation and conduct basic penetration testing.

Metasploit Express is for IT operations professionals who want to get started with penetration testing without the extensive training or development required by the Metasploit Framework.

Metasploit Express is especially suited for budget-conscious IT organizations that do not require some of the enterprise integrations or advanced penetration testing features included in Metasploit Pro.

Prevent data breaches

Metasploit Express helps you improve your vulnerability scanner results and test how well your network holds up against basic attacks:

• Identify critical vulnerabilities that could lead to a data breach so you know what to patch first
• Reduce the effort required for penetration testing, enabling you to test more systems more frequently.

Prioritize vulnerabilities

Metasploit Express makes your security and operations team more efficient because it helps you identify which vulnerabilities reported by your vulnerability scanner you should focus on:

• Import vulnerability management reports from more than a dozen third-party applications and verify their findings to eliminate false positives
• Focus on remediating critical vulnerabilities to reduce exposure and reduce mitigation costs
• Expedite new controls and mitigations by proving exploitability to applications owners

Verify controls and mitigations efforts

Metasploit Express helps you verify that your remediation effort, such as a patch, new firewall rule or IPS configuration, actually stops the vulnerability from being exploited.

• Re-run exploits after remediation to verify its effectiveness in preventing a data breach
• Enable the IT operations team or your client to verify whether remediation was successful by handing them a replay script that re-traces the steps you took to exploit the vulnerability

Conduct efficient penetration tests

While penetration tests are generally accepted as a great way to prevent data breaches, they are so costly that many enterprises can only afford to spot check a few hosts. Metasploit Express drastically reduces the cost of penetration testing by automating many workflow steps. As a result, it becomes feasible to increase the scope and frequency of penetration tests to better protect against data breaches.

• Automate steps of the penetration testing workflow to increase efficiency, enabling you to test more systems more frequently.
• Test the security of your network devices, desktops and servers
• Measure your security awareness with password audits
• Simulate realistic attacks with the world's largest database of quality-assured exploits
• Ensure HIPAA compliance by protecting ePHI (Electronic Protected Health Information) from "reasonably anticipated threats and hazards"
• Contribute to Sarbanes Oxley compliance by protecting the mandated controls and procedures

Click to enlarge

Not enough functionality for your needs? Consider Metasploit Pro as an alternative to Metasploit Express if you require advanced features such as:

• Web application discovery, audit and exploitation
• Client-side social engineering campaigns, including phishing
• Advanced penetration testing capabilities, including VPN pivoting, stealth features to avoid IDS, IPS, anti-virus and endpoint protection
• Metasploit Pro Console with advanced command-line feature set
• Team collaboration, including team-wide reports and audit logs as well as limiting user access to specific sub-projects
• PCI DSS and FISMA reports
• Customizable report templates
• Asset tagging for easier project management

For more information, see our detailed comparison list.