Rapid7 Acquires Metasploit

Viewing 18 reply threads
  • Author
    • #4355

      It looks like HD is working for rapid7 :

    • #27544

      Yes, its all here now:


      Vulnerability management vendor Rapid7 has purchased the popular open-source Metasploit penetration testing tool project and named Metasploit founder HD Moore as chief security officer of the company.

      Moore, who is synonymous with the Metasploit Project , will continue as chief architect of Metasploit in his new role at Rapid7, and with an initial team of five Rapid7 researchers dedicated to the open-source project, some of whom already have been regular contributors to Metasploit. Financial terms of the deal were not disclosed.

    • #27545

      Interesting. Hopefully we don’t see it end up like Nessus.

    • #27546

      Wow, that could be bad news.  I am hoping that it goes the way of Tripwire and not Nessus. 

    • #27547

      Let us hope its remains open source.

      Both Moore and Rapid7 say they are well aware of previous open-source and commercial marriages that have gone south, however, such as the Nessus scanning tool, which went from an open-source to a proprietary, closed-source license under Tenable Network Security. They say they are focusing on the open source community to leverage Metasploit. “Our goal is to make sure we improve the open-source” element, Thomas says. “Metasploit will remain open source.”

    • #27548

      Well, their stand as of now is  “Metasploit will remain open source.”

      I just hope that Moore has done what he thinks is best for the tool.

    • #27549

      I sure hope so, but the road to hell is paved with good intentions…

    • #27550

      I doubt that it will remain full open source.
      Maybe that it will be a lite version that will be free, but business is to make money  🙁
      Hope I’m wrong.

      Unfortunately, the ones that will be happy are the bad guys.

    • #27551

      @ Alucian

      They can keep it open source, and charge for training and support. Technically they could charge for the software as well, as long as they give the source code with the product (ala redhat)

    • #27552

      Well, I would consider paying for msf if it meant that new exploits and features were added quicker.  The charge would have to be reasonable, like $500 a year for a subscription.  (The free version would still exist and have a delayed update feed.)  We don’t need another Core Impact pricing schedule.  Just my $0.02.

    • #27553

      Looks like the biggest thing they were plugging was their NeXpose vulnerability scanner and some kind of integration with msf.  Qualys does something similar with CORE if that is there aim and they leave the products separate like CORE and Qualys that could be a great improvement.

    • #27554

      Did a quick post on it here: http://www.securityaegis.com/metasploit-buyout/

      Today HD Moore and Rapid7 announced that Rapid7 has purchased the Metasploit Framework Project. The speculation around this has taken the pentest and vulnerability scanning community by storm.  After talking with some colleagues I have come up with the following, here’s some things you should know:

      First, be happy for H.D. Moore. He is one of the hardest working exploit devs and project managers in the world. Not only HD, but Egypt as the first paid core dev for the project.  Congratulate them.  Bravo.

      HDM and Rapid7 have stated that “Rapid7 is 100% committed to keeping the project open source and the community development model.” This buyout is not so much of a buyout,  it’s a corporate backing of MSF and HD’s vision of the project. For now (or “anytime soon”) the BSD 3 License will not be going anywhere. MSF will be sticking with Ruby and Rapid7 has no plans, for now, to corporatize MSF.  Rapid7 wants to take the MSF brand and stand behind it.

      There is some worry about community submissions to MSF now that it is owned by R7. Rob Fuller (mubix) gave a pretty straight forward answer to that in reply to Sourcefire’s VRT blog:

          “For those not happy that the development for or submission of your ideas / exploits to the Metasploit project now that those submissions will also go to Rapid 7 are seriously underestimating the fact those all those companies were pulling that information already.”

      What does it mean for R7’s NeXpose Vulnerability product?

      Well, it’s really about extensibility and market share . Adding the exploit database from MSF to NeXpose gives a far better risk rating to the product by adding a way to validate vulnerabilities and rate them by current known exploit code. They also gain the name, rights, branding, and developers for the MSF project which all funnels into Rapid7 corporate brand. As R7’s new CSO HD Moore brings his talents to the R7 table. In addition R7 does not just offer vulnerability management solutions but also penetration testing solutions, which is a market they have fought to be in for a while.  Now they have legs to stand on, so to speak, when battling dominant market competitors like CORE , SAINT, and ImmunitySec.

      Catch an exclusive interview with HD and R7 on the Risky Business Podcast =)

      Heres a pretty complete article roundup on the buyout:


    • #27555

      I’m trying to see the positive side:

      • corporate backing means resources for testing and development
      • Core people getting paid to work on MSF means that the project doesn’t suffer when ‘real’ work gets in the way
      • Corporate backing means MSF gets ‘approved’ for use by companies that don’t ‘do open source’

      Until this point HD and team have done a great job of getting Metasploit off the ground and keeping it growing and evolving to meet changing times. I’ll keep faith that this won’t change.

      Regardless of the future of an unarguable great free tool, that I’m sure everyone on this forum has used to a greater or less extent, I’d like to thank hdm and team for the work that has gone into the project so far. I’m pleased to see the hard work is paying off.

    • #27556

      Most of the successfull open sources that were bought for profits companies they became commercially, int the beginning the says: We will keep the open source project but later the change, etc, etc, etc.

      They always said: Market required us to do this changes……….

    • #27557
      Michael J. Conway

      I would like the OpcodeDB to come back online. 

      I would also like to see it not go the way of Nessus.  We’ll have to watch and see.

    • #27558

      Who said writing open source doesn’t pay off in the long run?  I am willing to put money on it going the way of Nessus. 

    • #27559

      I listened to HD Moore’s interview and then some commentary by the PaulDotCom crew and I think it will work more like SourceFire than Tenable.

    • #27560

      HD Moore announced Joshua Drake is joining the Rapid7/Metasploit team this week.

      So with Rapid7 now owning Metasploit they have full-time paid engineers making it better.



    • #27561

      Looking forward to future development, hopefully it will remain free.

Viewing 18 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?