Metasploit: Penetration Testing Software

Put the right edition of our penetration testing software to work for you today

Pro Enterprise Security Programs & Advanced Penetration Tests

For Mid-sized and Enterprise IT Security Teams

  • Express features plus:
  • Closed-loop Vulnerability Validation
  • Phishing Simulations & Social Engineering
  • Web App Testing
  • Automation through Wizards, Task Chains, MetaModules
  • Out of the Box and Custom Integrations through API
Free 14-Day Trial

Express Baseline Penetration Tests

For IT Generalists in SMBs

  • Community features plus:
  • Baseline Penetration Testing Workflow
  • Smart Exploitation
  • Password Auditing
  • Baseline Penetration Testing Reports
Compare: Express vs. Pro Buy Online

Community Free Entry-level
Edition

For Small Companies and Students

  • Simple Web Interface
  • Data Management
  • Network Discovery and Third-Party Import
  • Basic Exploitation
Compare: Community vs. Pro Free Download

Framework Free Open Source Development Platform

For Developers and Security Researchers

  • Basic Command-line Interface
  • Third-Party Import
  • Manual Exploitation
  • Manual Brute Forcing
Compare: Framework vs. Pro Free Download

For more details on all features of Metasploit editions   VIEW FULL COMPARISON TABLE

Test your network's defenses with our
penetration testing software, before
someone else does.

Use our penetration testing software to:

  • Validate security risks as part of your vulnerability management program.
  • Safely simulate attacks on your network to uncover security issues.
  • Verify your defenses, security controls and mitigation efforts.
  • Measure the effectiveness of your security awareness program.
  • Audit password security beyond Windows and Linux logins.
Metasploit Penetration Testing Software

Penetration Testing Software Download

Download Metasploit today for free, and start testing your network security

Get Started Today

Here's why Metasploit is the
world's leading penetration testing software

Real-world Security Testing

Get a security reality check with exploitation, vulnerabilility validation, advanced attacks and evasion techniques.

Read more below

Vulnerability Validation

Verify which potential vulnerabilities really put your network and data at risk.

Read more below

Productivity Boost

Complete assignments faster with efficient workflows, wizards, data management, APIs and automation.

Read more below

Web and Command-line Interfaces

Select the interface of your choice for more efficiency.

Read more below

Network Discovery

Find network assets or import from over a dozen applications.

Read more below

Password Auditing

Uncover weak passwords on over a dozen network services.

Read more below

Social Engineering

Measure security awareness or trick users to get into the network.

Read more below

Web App Testing

Audit on-premise and cloud-based web apps to identify OWASP Top 10 vulnerabilities.

Read more below

Teamwork and Reporting

Leverage team members' expertise and create reports at the push of a button.

Read more below

Simulate realistic attacks with our penetration testing software to see where your security is weak

Real-World Security Testing

Get a reality check on your defenses by using real attack techniques with Metasploit, our penetration testing software.

Testing your defenses only makes sense if you are using the same methods attackers are using in the real world. Get real with exploitation, vulnerability validation, advanced attack and evasion techniques.

Our penetration testing software includes the world's biggest public library of quality-assured exploits.

The World's Most Successful Penetration Testing Software

With more than one million downloads a year and a community of 200,000 security researchers, contributors and users, you're in great company when testing your infrastructure's security.

More about:
Our penetration testing software saves you time by telling you the most problematic risks in your network

Vulnerability Validation

There's no way you can address every threat that comes your way, so spend your time wisely by validating which security risks pose a real threat.

Use Metasploit, our penetration testing software to:

  • Use time efficiently by prioritizing high-risk threats that need your attention and creating exceptions for acceptable risk.
  • Gain credibility with stakeholder teams by delivering remediation reports that are concise and relevant.
  • Integrate with Nexpose for closed-loop vulnerability validation, pushing results back into your vulnerability management solution
More about:
Use our penetration testing software to boost your productivity

Productivity Boost

Get a little help and be done in half the time.

Let our penetration testing software, Metasploit, manage your data and automate mundane or repetitive tasks, making your work more enjoyable and efficient. Use wizards to simplify and speed up common jobs; launch MetaModules to use advanced offensive security techniques or for security controls testing.

The Metasploit penetration testing software allows you to setup custom workflows

Attackers Use Automation. So Why Don't You?

Stay in control with standard workflows and let our penetration testing software, Metasploit, manage all network and evidence data for you. Use packaged offensive security techniques, schedule custom workflows, and write your own integrations with the Metasploit Pro API.

More about:
Metasploit command line interface

Web and Command-line Interfaces

Everyone has a preference, and you've got yours. Our penetration testing software allows you to choose your favorite user interface - web-based or command-line - or mix it up!

New to Metasploit? Use the web-based interface to reduce the need for training, and get the job done faster.

Metasploit veteran? Use the advanced command-line functionality of Metasploit Pro to get access to new, high-level commands, better manage your data and generate a single report for all activities.

Metasploit vulnerability scanner import formats

Network Discovery

Before you can start protecting your network, you need to know
what's on it.

Our penetration testing software allows you to:

  • Scan for available hosts, identifying open ports, services, applications, operating systems and versions.
  • Launch a Nexpose vulnerability scan or access existing results.
  • Import reports from over a dozen third-party network discovery and vulnerability management solutions.
More about:
Metasploit bruteforcing password audit

Password Auditing

Uncover weak passwords on your network to protect against brute forcing attacks that go way beyond Windows and Linux credentials. Test over a dozen network services, including SSH, VNC and telnet. Make intelligent guesses based on frequently used passwords, custom dictionaries, vendor default passwords and data collected from the environment. Download our penetration testing software to get started.

More about:
Metasploit social engineering and anti-phishing

Social Engineering

By using penetration testing software, you can see how intruders could get into your network through phishing emails, malicious websites and USB flash drives.

For ongoing security programs, measure the security awareness of your users by sending phishing emails. Metasploit Pro can also feed phishing results into Rapid7 UserInsight, providing comprehensive visibility of user risk in the context of on-premise, cloud and mobile environments.

More about:
Metasploit web application scanning, auditing, and exploitation

Web App Testing

Audit on-premise and cloud-based web apps to identify OWASP Top 10 2013 vulnerabilities. Exploit web app vulnerabilities to demonstrate risk to applications owners or as part of a penetration test. Download our penetration testing software to start testing your web apps today.

Metasploit reporting

Teamwork and Reporting

Share results and work more effectively in teams to leverage individual expertise. Mentor junior team members by delegating simpler tasks to them as part of a larger engagement. Tag assets to assign hosts to team members.

And when you're done, generate reports that reflect the entire team's work. Choose report templates depending on the stakeholder and compliance regulation.

Metasploit Penetration Testing Software

Why Rapid7 Metasploit?

From the beginning, Metasploit has been a thought-leading project. It was the first open source framework to standardize exploit development, pioneered risk validation in vulnerability management, and continues to innovate, enabling security professionals to take the view of an attacker to identify weaknesses in their defenses. Exploits are written by open source contributors, providing broad, timely coverage; they are tested and ranked by reliability to ensure safe testing. With Metasploit, you'll always be up to date on the latest attack techniques so you can defend your network better. Join the vibrant Metasploit security community of more than 200,000 users, security researchers and exploit developers today.


Whitepaper - What is Penetration Testing?

Learn more about penetration testing

 Download Now

Request a Metasploit Demo

Let us walk you through Metasploit

Request A Demo

Free Metasploit Download

Reduce the risk of a data breach with our penetration testing solution

 Free Download