# Metasploit vs ZAP by Checkmarx Comparison

| | Metasploit | ZAP by Checkmarx | 
|---|---|---|
| **Star Rating** | 4.6 out of 5 | 4.7 out of 5 | 
| **Total Reviews** | 55 | 14 | 
| **Largest Market Segment** | Small-Business (47.2% of reviews) | Small-Business (76.9% of reviews) | 
| **Entry Level Price** | No pricing available | Free | 

---
## Top Pros & Cons

### Metasploit

Pros:
- Pentesting Efficiency (2 reviews)
- Expertise (1 reviews)

Cons:
- Complex Setup (1 reviews)

### ZAP by Checkmarx

Pros:
- Ease of Use (6 reviews)
- Automation (5 reviews)

Cons:
- False Positives (3 reviews)
- Poor Documentation (2 reviews)

---
## Ratings Comparison
| Rating | Metasploit | ZAP by Checkmarx | 
|---|---|---|
  | **Meets Requirements** | 8.9 (42 reviews) | 9.6 (12 reviews) | 
  | **Ease of Use** | 8.1 (42 reviews) | 9.0 (12 reviews) | 
  | **Ease of Setup** | 7.8 (22 reviews) | Not enough data | 
  | **Ease of Admin** | 8.3 (20 reviews) | Not enough data | 
  | **Quality of Support** | 8.2 (36 reviews) | 8.1 (12 reviews) | 
  | **Has the product been a good partner in doing business?** | 8.7 (17 reviews) | Not enough data | 
  | **Product Direction (% positive)** | 9.1 (38 reviews) | 10.0 (11 reviews) | 

---
## Pricing

### Metasploit

#### Entry-Level Pricing

No pricing available

#### Free Trial

Yes

### ZAP by Checkmarx

#### Entry-Level Pricing

Plan: Open source

Price: Free

Key Features:
- Everything

[Learn more about ZAP by Checkmarx](https://www.g2.com/products/zap-by-checkmarx/reviews)

#### Free Trial

Yes

---
## Features Comparison By Category

### Penetration Testing

| Product | Score | Reviews |
|---|---|---|
| **Metasploit** | 8.4/10 | 23 |
| **ZAP by Checkmarx** | 8.4/10 | 13 |

#### Administration

| Feature | Metasploit | ZAP by Checkmarx | 
|---|---|---|
| **API / Integrations** | 8.5 (9 reviews) | 8.3 (12 reviews) | 
| **Extensibility** | 8.1 (13 reviews) | 8.8 (12 reviews) | 
| **Reporting and Analytics** | 7.7 (14 reviews) | 8.8 (12 reviews) | 

#### Analysis

| Feature | Metasploit | ZAP by Checkmarx | 
|---|---|---|
| **Issue Tracking** | 8.1 (12 reviews) | 8.1 (12 reviews) | 
| **Reconnaissance** | 8.6 (17 reviews) | 8.2 (12 reviews) | 
| **Vulnerability Scan** | 8.7 (19 reviews) | 9.4 (12 reviews) | 

#### Testing

| Feature | Metasploit | ZAP by Checkmarx | 
|---|---|---|
| **Command-Line Tools** | 9.1 (20 reviews) | 7.6 (12 reviews) | 
| **Manual Testing** | 8.3 (21 reviews) | 7.5 (12 reviews) | 
| **Test Automation** | 8.0 (16 reviews) | 8.6 (12 reviews) | 
| **Performance and Reliability** | 8.4 (19 reviews) | 8.9 (12 reviews) | 

### Dynamic Application Security Testing (DAST)

| Product | Score | Reviews |
|---|---|---|
| **Metasploit** | N/A | N/A |
| **ZAP by Checkmarx** | N/A | N/A |

#### Administration

| Feature | Metasploit | ZAP by Checkmarx | 
|---|---|---|
| **API / Integrations** | Not enough data | Not enough data | 
| **Extensibility** | Not enough data | Not enough data | 

#### Analysis

| Feature | Metasploit | ZAP by Checkmarx | 
|---|---|---|
| **Reporting and Analytics** | Not enough data | Not enough data | 
| **Issue Tracking** | Not enough data | Not enough data | 
| **Static Code Analysis** | Not enough data | Not enough data | 
| **Vulnerability Scan** | Not enough data | Not enough data | 
| **Code Analysis** | Not enough data | Not enough data | 

#### Testing

| Feature | Metasploit | ZAP by Checkmarx | 
|---|---|---|
| **Manual Testing** | Not enough data | Not enough data | 
| **Test Automation** | Not enough data | Not enough data | 
| **Compliance Testing** | Not enough data | Not enough data | 
| **Black-Box Scanning** | Not enough data | Not enough data | 
| **Detection Rate** | Not enough data | Not enough data | 
| **False Positives** | Not enough data | Not enough data | 

---
## Categories
**Shared Categories (1):** [Penetration Testing Tools](https://www.g2.com/categories/penetration-testing-tools)


**Unique to ZAP by Checkmarx (1):** [Dynamic Application Security Testing (DAST) Software](https://www.g2.com/categories/dynamic-application-security-testing-dast)


---
## Reviewer Demographics

### By Company Size

| Segment | Metasploit | ZAP by Checkmarx | 
|---|---|---|
| **Small-Business** | 47.2% | 76.9% | 
| **Mid-Market** | 39.6% | 7.7% | 
| **Enterprise** | 13.2% | 15.4% | 

### By Industry

#### Metasploit

- **Computer &amp; Network Security:** 34.0%
- **Information Technology and Services:** 22.6%
- **Computer Software:** 7.5%
- **Security and Investigations:** 3.8%
- **Computer Networking:** 3.8%
- **Financial Services:** 3.8%
- **Education Management:** 3.8%
- **Accounting:** 1.9%
- **Airlines/Aviation:** 1.9%
- **Automotive:** 1.9%
- **Other:** 15.1%

#### ZAP by Checkmarx

- **Computer &amp; Network Security:** 41.7%
- **Information Technology and Services:** 25.0%
- **Computer Software:** 16.7%
- **Internet:** 8.3%
- **Hospital &amp; Health Care:** 8.3%

---
## Alternatives

### Alternatives to Metasploit

- [Burp Suite](https://www.g2.com/products/burp-suite/reviews) — 4.8/5 stars (129 reviews)
- [Acunetix by Invicti](https://www.g2.com/products/acunetix-by-invicti/reviews) — 4.1/5 stars (105 reviews)
- [Core Impact](https://www.g2.com/products/core-impact/reviews) — 4.2/5 stars (25 reviews)
- [SQLmap](https://www.g2.com/products/sqlmap/reviews) — 4.3/5 stars (38 reviews)
- [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) — 4.6/5 stars (69 reviews)
- [Intruder](https://www.g2.com/products/intruder/reviews) — 4.8/5 stars (206 reviews)
- [Cobalt](https://www.g2.com/products/cobalt-io-cobalt/reviews) — 4.5/5 stars (177 reviews)
- [Pentera](https://www.g2.com/products/pentera/reviews) — 4.5/5 stars (174 reviews)
- [Pentest-Tools.com](https://www.g2.com/products/pentest-tools-com/reviews) — 4.8/5 stars (100 reviews)
- [Astra Pentest](https://www.g2.com/products/astra-pentest/reviews) — 4.6/5 stars (186 reviews)

### Alternatives to ZAP by Checkmarx

- [GitLab](https://www.g2.com/products/gitlab/reviews) — 4.5/5 stars (893 reviews)
- [Tenable Nessus](https://www.g2.com/products/tenable-nessus/reviews) — 4.5/5 stars (301 reviews)
- [Acunetix by Invicti](https://www.g2.com/products/acunetix-by-invicti/reviews) — 4.1/5 stars (105 reviews)
- [Intruder](https://www.g2.com/products/intruder/reviews) — 4.8/5 stars (206 reviews)
- [Burp Suite](https://www.g2.com/products/burp-suite/reviews) — 4.8/5 stars (129 reviews)
- [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) — 4.6/5 stars (69 reviews)
- [vPenTest](https://www.g2.com/products/vpentest/reviews) — 4.6/5 stars (235 reviews)
- [Astra Pentest](https://www.g2.com/products/astra-pentest/reviews) — 4.6/5 stars (186 reviews)
- [Cobalt](https://www.g2.com/products/cobalt-io-cobalt/reviews) — 4.5/5 stars (177 reviews)
- [Pentera](https://www.g2.com/products/pentera/reviews) — 4.5/5 stars (174 reviews)

---
## Top Discussions

### Metasploit

- Title: [How do I get Premium License for free to make tests for local FinTech &amp; Universities and education?](https://www.g2.com/discussions/35953-how-do-i-get-premium-license-for-free-to-make-tests-for-local-fintech-universities-and-education) — 2 comments, 1 upvote
  > **Top comment:** "The best way to pass in Isaca  CRISC Exams provided by exactinside.

Visit Page: https://www.exactinside.com/CRISC-exactdumps.html "
- Title: [&lt;&gt;?:&quot;{}!@#$%^&amp;*()_+ I like that Rapid7 provides the required number of characters.](https://www.g2.com/discussions/40702-_-i-like-that-rapid7-provides-the-required-number-of-characters) — 1 comment, 2 upvotes
  > **Top comment:** "&lt;u&gt;test&lt;/u&gt;"

### ZAP by Checkmarx

No discussions available for this product.

---
**Source:** [G2.com](https://www.g2.com) | [Comparison Page](https://www.g2.com/compare/metasploit-vs-zap-by-checkmarx)