| Subscribe via RSS

Metasploit 3.2 drops commercial license restriction

October 9th, 2008 Posted in News

It seems that Metasploit 3.2 will be sporting a BSD 3-Class license.  That basically means that MSF can be forked or modified and repackaged and sold by commercial entities.  The 3-Class license basically means that the source code and binaries keeps the copyright but they can’t say the mutant product is endorsed by HD.

DarkReading has an article about it and one of the ideas tossed around is Core Impact integrating MSF into their tool.  Aside from the thousands of dollars that Core cost,  the lack of reporting functionality is one of the reasons MSF is kept in the shadows with researchers and pen-testers.  MSF is awesome and I’m a big fan of it and look forward to all it’s bastard children.  But, if someone can take MSF and create some awesome reporting tools that would rock.  I have always thought someone should build some reporting plug-in’s for MSF maybe someone will now.

I would like to know what you think about the MSF license change in the comments.

Random Posts

This entry was posted on Thursday, October 9th, 2008 at 11:58 pm and is filed under News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “Metasploit 3.2 drops commercial license restriction”

  1. CG Says:

    October 10th, 2008 at 7:53 am

    I’d rather pay for exploits for MSF than any of the other “for pay” tools. so kudos to hdm, maybe some fun new developments will come out of it.


  2. T. Nicholson Says:

    October 10th, 2008 at 8:21 am

    @CG: Chris thanks for your comment. I have been following you on the Security Bloggers Network for a while.

    I tried to make it to your Pen-test workshop, when you were in town for ToorconX. But I was just too busy that weekend and it didn’t work out. I’ll have to settle for the links you posted in your Wrap-Up (http://carnal0wnage.blogspot.com/2008/10/toorconx-wrap-up.html).

    I would like your feedback on MSF and if it’s really only a “security researcher” tool and less a “commercial tool”?


  3. CG Says:

    October 18th, 2008 at 7:23 am

    “I would like your feedback on MSF and if it’s really only a “security researcher” tool and less a “commercial tool”?”

    Well its not a point and click RPT piece of crap like Core Impact sells itself to be. So that probably makes it more of a security researcher tool than a commercial tool.

    its really hard to compare the two tools since Core pays lots of people to write exploits, fix code, and market the tool where MSF is pretty much all volunteer time.


Leave a Reply