.

Rapid7 Acquires Metasploit

<<

apollo

Full Member
Full Member

Posts: 146

Joined: Fri Apr 04, 2008 7:44 pm

Post Wed Oct 21, 2009 8:30 am

Rapid7 Acquires Metasploit

It looks like HD is working for rapid7 :
http://www.rapid7.com/metasploit-announcement.jsp
CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+
<<

morpheus063

User avatar

Sr. Member
Sr. Member

Posts: 393

Joined: Sun Jun 25, 2006 10:08 am

Location: Cochin - India

Post Wed Oct 21, 2009 8:31 am

Re: Rapid7 Acquires Metasploit

Yes, its all here now:

http://www.darkreading.com/vulnerabilit ... =220800067

Vulnerability management vendor Rapid7 has purchased the popular open-source Metasploit penetration testing tool project and named Metasploit founder HD Moore as chief security officer of the company.

Moore, who is synonymous with the Metasploit Project , will continue as chief architect of Metasploit in his new role at Rapid7, and with an initial team of five Rapid7 researchers dedicated to the open-source project, some of whom already have been regular contributors to Metasploit. Financial terms of the deal were not disclosed.
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

[b]There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Wed Oct 21, 2009 8:44 am

Re: Rapid7 Acquires Metasploit

Interesting. Hopefully we don't see it end up like Nessus.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Wed Oct 21, 2009 8:45 am

Re: Rapid7 Acquires Metasploit

Wow, that could be bad news.  I am hoping that it goes the way of Tripwire and not Nessus. 
~~~~~~~~~~~~~~
Ketchup
<<

morpheus063

User avatar

Sr. Member
Sr. Member

Posts: 393

Joined: Sun Jun 25, 2006 10:08 am

Location: Cochin - India

Post Wed Oct 21, 2009 8:50 am

Re: Rapid7 Acquires Metasploit

Let us hope its remains open source.

Both Moore and Rapid7 say they are well aware of previous open-source and commercial marriages that have gone south, however, such as the Nessus scanning tool, which went from an open-source to a proprietary, closed-source license under Tenable Network Security. They say they are focusing on the open source community to leverage Metasploit. "Our goal is to make sure we improve the open-source" element, Thomas says. "Metasploit will remain open source."
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

[b]There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n
<<

Xen

User avatar

Sr. Member
Sr. Member

Posts: 386

Joined: Tue Feb 03, 2009 3:59 am

Post Wed Oct 21, 2009 9:04 am

Re: Rapid7 Acquires Metasploit

Well, their stand as of now is  "Metasploit will remain open source."

I just hope that Moore has done what he thinks is best for the tool.
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Wed Oct 21, 2009 9:06 am

Re: Rapid7 Acquires Metasploit

I sure hope so, but the road to hell is paved with good intentions...
<<

alucian

User avatar

Full Member
Full Member

Posts: 228

Joined: Mon Dec 29, 2008 2:01 pm

Location: Montreal, Canada

Post Wed Oct 21, 2009 9:23 am

Re: Rapid7 Acquires Metasploit

I doubt that it will remain full open source.
Maybe that it will be a lite version that will be free, but business is to make money  :(
Hope I'm wrong.

Unfortunately, the ones that will be happy are the bad guys.
CISSP ISSAP, CISM/A, GWAPT, GCIH, GREM, GMOB, OSWP
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Wed Oct 21, 2009 9:27 am

Re: Rapid7 Acquires Metasploit

@ Alucian

They can keep it open source, and charge for training and support. Technically they could charge for the software as well, as long as they give the source code with the product (ala redhat)
OSWP, Sec+
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Wed Oct 21, 2009 9:52 am

Re: Rapid7 Acquires Metasploit

Well, I would consider paying for msf if it meant that new exploits and features were added quicker.  The charge would have to be reasonable, like $500 a year for a subscription.  (The free version would still exist and have a delayed update feed.)  We don't need another Core Impact pricing schedule.  Just my $0.02.
~~~~~~~~~~~~~~
Ketchup
<<

geekyone

User avatar

Full Member
Full Member

Posts: 180

Joined: Fri Oct 26, 2007 12:45 pm

Location: Peoria, IL

Post Wed Oct 21, 2009 10:08 am

Re: Rapid7 Acquires Metasploit

Looks like the biggest thing they were plugging was their NeXpose vulnerability scanner and some kind of integration with msf.  Qualys does something similar with CORE if that is there aim and they leave the products separate like CORE and Qualys that could be a great improvement.
CISSP, CEH, GPEN, GCIH, GCFA
<<

Jhaddix

User avatar

Sr. Member
Sr. Member

Posts: 317

Joined: Wed Oct 29, 2008 10:25 pm

Post Wed Oct 21, 2009 2:43 pm

Re: Rapid7 Acquires Metasploit

Did a quick post on it here: http://www.securityaegis.com/metasploit-buyout/

Today HD Moore and Rapid7 announced that Rapid7 has purchased the Metasploit Framework Project. The speculation around this has taken the pentest and vulnerability scanning community by storm.  After talking with some colleagues I have come up with the following, here’s some things you should know:

First, be happy for H.D. Moore. He is one of the hardest working exploit devs and project managers in the world. Not only HD, but Egypt as the first paid core dev for the project.  Congratulate them.  Bravo.

HDM and Rapid7 have stated that “Rapid7 is 100% committed to keeping the project open source and the community development model.” This buyout is not so much of a buyout,  it’s a corporate backing of MSF and HD’s vision of the project. For now (or “anytime soon”) the BSD 3 License will not be going anywhere. MSF will be sticking with Ruby and Rapid7 has no plans, for now, to corporatize MSF.  Rapid7 wants to take the MSF brand and stand behind it.

There is some worry about community submissions to MSF now that it is owned by R7. Rob Fuller (mubix) gave a pretty straight forward answer to that in reply to Sourcefire’s VRT blog:

    “For those not happy that the development for or submission of your ideas / exploits to the Metasploit project now that those submissions will also go to Rapid 7 are seriously underestimating the fact those all those companies were pulling that information already.”

What does it mean for R7’s NeXpose Vulnerability product?

Well, it’s really about extensibility and market share . Adding the exploit database from MSF to NeXpose gives a far better risk rating to the product by adding a way to validate vulnerabilities and rate them by current known exploit code. They also gain the name, rights, branding, and developers for the MSF project which all funnels into Rapid7 corporate brand. As R7’s new CSO HD Moore brings his talents to the R7 table. In addition R7 does not just offer vulnerability management solutions but also penetration testing solutions, which is a market they have fought to be in for a while.  Now they have legs to stand on, so to speak, when battling dominant market competitors like CORE , SAINT, and ImmunitySec.

Catch an exclusive interview with HD and R7 on the Risky Business Podcast =)

Heres a pretty complete article roundup on the buyout:

http://blog.metasploit.com
http://www.metasploit.com/home/faq
http://blog.metasploit.com/2009/10/meta ... ising.html
http://www.rapid7.com/metasploit-announcement.jsp
http://searchsecurity.techtarget.com/ne ... 45,00.html
http://www.darkreading.com/vulnerabilit ... =220800067
http://infosanity.wordpress.com/2009/10 ... etasploit/
http://blog.ianetsec.net/perspective/20 ... scape.html
http://isc.sans.org/diary.html?storyid=7417
http://vrt-sourcefire.blogspot.com/2009 ... iring.html
http://www.andrewhay.ca/archives/1085
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Wed Oct 21, 2009 3:06 pm

Re: Rapid7 Acquires Metasploit

I'm trying to see the positive side:
  • corporate backing means resources for testing and development
  • Core people getting paid to work on MSF means that the project doesn't suffer when 'real' work gets in the way
  • Corporate backing means MSF gets 'approved' for use by companies that don't 'do open source'


Until this point HD and team have done a great job of getting Metasploit off the ground and keeping it growing and evolving to meet changing times. I'll keep faith that this won't change.

Regardless of the future of an unarguable great free tool, that I'm sure everyone on this forum has used to a greater or less extent, I'd like to thank hdm and team for the work that has gone into the project so far. I'm pleased to see the hard work is paying off.
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Wed Oct 21, 2009 5:03 pm

Re: Rapid7 Acquires Metasploit

Most of the successfull open sources that were bought for profits companies they became commercially, int the beginning the says: We will keep the open source project but later the change, etc, etc, etc.

They always said: Market required us to do this changes..........
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

sgt_mjc

Sr. Member
Sr. Member

Posts: 294

Joined: Tue Feb 05, 2008 8:34 am

Location: AL

Post Thu Oct 22, 2009 12:42 pm

Re: Rapid7 Acquires Metasploit

I would like the OpcodeDB to come back online. 

I would also like to see it not go the way of Nessus.  We'll have to watch and see.
Mike Conway
CISSP
CompTia Security +
C|EH
Next

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 3 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software