Rapid7 penetrates Metaspolit
Pen testing tool gets commercial backing
Vulnerability management firm Rapid7 has acquired Metasploit, the popular open source dual-use penetration testing and hacking tool. Commercial terms of the deal were not disclosed.
The deal means that the Metasploit project will receive commercial backing, so furthering its development. A non-commercial version of the tool will remain available, so the agreement is comparable with the relationship between open-source intrusion detection tool Snort and Sourcefire.
HD Moore, the founder of Metasploit, will join Rapid7 as the chief architect of Metasploit and chief security officer of Rapid7.
Rapid7 said it will use Metasploit's technology to enhance its NeXpose vulnerability management tool. The security firm pledged to supply vulnerability data from its NeXpose product to “expand the accuracy and reliability of the Metasploit Framework”, which will remain open source.
An FAQ on the deal can be found here. ®
first, kill all the lawyers...
Dunno. Seems to me that putting pockets behind Metasploit not be a good idea. Particularly not a security company's pockets.
Unlike Snort, Metasploit is an intrusive tool.
Seems to me that the first time some script kiddie starts poking around some company that uses logging with Metasploit and a few weeks later a Nexpose sales call comes in, an argument could be made that Rapid7 is deliberately beefing up Metasploit to drive sales of its security consultancy.