Hello readers. If you didn’t heard about it already, on October 21st, 2009, the hackers favorite exploitation framework – the Metasploit Project was acquired by Rapid7, a vulnerability management, compliance, and penetration testing company. Yep, a commercial company.
The Metasploit Project creator, HD Moore, and one of the developers, Egypt, now got a full time job working on and developing the Metasploit Project. HD in the position of Chief Architect of Metasploit and Egypt as a core developer of Metasploit at Rapid7.
If you read this blog often you probably noticed that I’m a big supporter of the Metasploit Project. I use it on a daily basis, preforming penetration tests and exploit development while at work or at home for fun. As you may guess, my feelings about the acquisition are mixed. On one side this is a good thing, this is a big step for the Metasploit Project. Now it’ll grow and develop faster and rapidly and us, the users, will get a better, faster, more advanced and less buggy program, and I believe we’ll start seeing faster release cycles. But on the other side, now the Metasploit Project which was a free, open source, community driven project, is managed by a commercial company. I think the worst case scenario will be if Rapid7 decide to make Metasploit a commercial product, which will be a sad thing. This won’t be the first time it’ll happen to a good security product. The best example here is the Nessus vulnerability scanner which was acquired by Tenable Network Security back in 2005.
I hope the fate of the Metasploit Project won’t be the same as Nessus. HD Moore stated on the Metasploit blog that the project will remain free and open source. So, if that’s the case and long as the Metasploit Project will stay that way I think the users should be happy about it. I will continue to support the Metasploit Project and develop exploits and other modules for it and contribute in every way I can.
I guess all there’s left to say is congratulations to HD Moore and Egypt for the acquisition, keep on rocking.
References:
>> Metasploit Rising – HD Moore write about the acquisition on the Metasploit blog.
>> Rapid7 Acquires Metasploit – The Metasploit acquisition by Rapid7 CEO.
>> Rapid7 Acquisition FAQ – Questions and answers about the acquisition.
>> Metasploit + Rapid7 shakes up pen-test landscape – Ryan Naraine write about the penetration testing market changes followed by the acquisition.
Categories: Metasploit, Security News
2 Comments | 
Comments RSS | 
TrackBack URL
RSS 2.0
ATOM 1.0
RDF 1.0
Links OPML
OpenSearch
What will actually happen is this:
There will eventually be 2 versions of metasploit, a commercial “kick-ass” (or so they would like us to believe) version, and the free “this version sucks” version. This was the fate of a lot of open source projects going commercial, or the path chosen by many companies trying to grow. The free version will be less supported and lack new features.
I hope I am wrong but if there are people or groups thinking of starting up similar projects, this is the time to do it.
I sure hope you’re wrong man.
As far as I know, there’s no other open source exploitation framework, and if there will be something new it’ll take years to be as good as Metasploit.
Or, if you got a few thousand bucks to spend, there’s Immunity CANVAS and CORE IMPACT.