Vulnerability management firm Rapid7 has acquired Metasploit, the popular open source dual-use penetration testing and hacking tool. Commercial terms of the deal were not disclosed.

The deal means that the Metasploit project will receive commercial backing, so furthering its development. A non-commercial version of the tool will remain available, so the agreement is comparable with the relationship between open-source intrusion detection tool Snort and Sourcefire.

HD Moore, the founder of Metasploit, will join Rapid7 as the chief architect of Metasploit and chief security officer of Rapid7.

Rapid7 said it will use Metasploit's technology to enhance its NeXpose vulnerability management tool. The security firm pledged to supply vulnerability data from its NeXpose product to “expand the accuracy and reliability of the Metasploit Framework”, which will remain open source.

An FAQ on the deal can be found here. ®

Related stories

• White hats release exploit for critical Windows vuln (16 September 2009)
• Microsoft security tools give devs the warm fuzzies (16 September 2009)
• Month of Facebook flaws gets underway (4 September 2009)
• Fortinet plots rare IT security IPO (10 August 2009)
• Sourcefire snorts at unsolicited takeover bid (30 May 2008)
• Snort bug is nothing to sniff at (20 February 2007)