Metasploit: The Attacker's Playbook

Test your defenses more efficiently with Metasploit

Knowing your opponents' moves helps you better prepare your defenses.

Metasploit, backed by a community of 200,000 users and contributors, gives you that insight. It's the most popular penetration testing solution on the planet. With it, you find your weak point before a malicious attacker does.

With Metasploit Pro, you can:

Free Penetration Testing Solution Download

Safely simulate attacks on your network to uncover security issues with Metasploit

Test Defenses Today

Conduct penetration tests 45% faster

Skilled penetration testers are hard to find, so using their time effectively is important. Yet, much of their time is spent on repetitive tasks and writing custom scripts, taking time away from identifying security issues and providing insights and advice.

Conduct penetration tests 45% faster

Metasploit Pro helps penetration testers conduct assessments more efficiently by accelerating common tasks, such as discovery, exploitation, brute-forcing and reporting, provides advanced evasion and post-exploitation methods, and efficiently managing the vast amounts of data generated in large assessments.

Security professionals new to penetration testing will find it easier to become productive with Metasploit Pro than with open source alternatives.


Time savings are the biggest reason for us to use Metasploit Pro.

Jim O'Gorman
President, Offensive Security
& Co-author of "Metasploit – The Penetration Tester's Guide"

Validate vulnerabilities to prioritize remediation

Vulnerability scanners can determine installed software and its vulnerabilities but not whether it poses a high risk in the context of your network. This can be dangerous because IT teams don't know which vulnerabilities need to be remediated first.

Validate vulnerabilities to prioritize remediation

Vulnerability validation tests the exploitability of vulnerabilities to demonstrate risk in an objective way, eliminating debates over whether a vulnerability is a high risk.

Metasploit Pro closes the vulnerability validation loop by returning results to Nexpose, where exploitability of a vulnerability can be used to create reports and prioritize vulnerabilities for remediation.


It's useful for me... to be able to deliver
closed-loop vulnerability reports that prioritize remediation
based on the exploitability of vulnerabilities in the environment.
I'd say Rapid7 helps cut the discovery process down by 70 to 80 percent.

Ben Holder
Senior Security Consultant

Manage phishing awareness to reduce user risk

Phishing is the third most popular attack vector, and phishers primarily target credentials, which themselves rank as the #1 attack vector. Yet, organizations struggle to measure their phishing exposure and gauge the effectiveness of their training and technical controls - a risky blind spot in any security program.

Manage phishing awareness to reduce user risk

Rapid7 Metasploit Pro measures the effectiveness of security awareness trainings by running simulated phishing campaigns, helping to manage exposure to this common attack vector.

Metasploit Pro integrates with Rapid7 User Insight to provide phishing risk in the context of a more comprehensive user risk, including network access, cloud service usage, and compromised credentials.


What really pushed us over the top were the phishing capabilities that Metasploit includes...
That was the real business driver for us.

Tim Pospisil
IT Security Supervisor
Nebraska Public Power District

Whitepaper - What is Penetration Testing?

Learn more about penetration testing

 Download Now

Request a Metasploit Demo

Let us walk you through Metasploit

Request A Demo

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download now