‹ Book Review: Fuzzing | Brute Force Vulnerability Discovery — NoScript ClearClick Warning (aka Clickjacking) ›
Metasploit 3.2 drops commercial license restriction
It seems that Metasploit 3.2 will be sporting a BSD 3-Class license. That basically means that MSF can be forked or modified and repackaged and sold by commercial entities. The 3-Class license basically means that the source code and binaries keeps the copyright but they can’t say the mutant product is endorsed by HD.
DarkReading has an article about it and one of the ideas tossed around is Core Impact integrating MSF into their tool. Aside from the thousands of dollars that Core cost, the lack of reporting functionality is one of the reasons MSF is kept in the shadows with researchers and pen-testers. MSF is awesome and I’m a big fan of it and look forward to all it’s bastard children. But, if someone can take MSF and create some awesome reporting tools that would rock. I have always thought someone should build some reporting plug-in’s for MSF maybe someone will now.
I would like to know what you think about the MSF license change in the comments.
There are 3 Comments to "Metasploit 3.2 drops commercial license restriction"
I’d rather pay for exploits for MSF than any of the other “for pay” tools. so kudos to hdm, maybe some fun new developments will come out of it.
@CG: Chris thanks for your comment. I have been following you on the Security Bloggers Network for a while.
I tried to make it to your Pen-test workshop, when you were in town for ToorconX. But I was just too busy that weekend and it didn’t work out. I’ll have to settle for the links you posted in your Wrap-Up (http://carnal0wnage.blogspot.com/2008/10/toorconx-wrap-up.html).
I would like your feedback on MSF and if it’s really only a ?security researcher? tool and less a ?commercial tool??
“I would like your feedback on MSF and if it?s really only a ?security researcher? tool and less a ?commercial tool??”
Well its not a point and click RPT piece of crap like Core Impact sells itself to be. So that probably makes it more of a security researcher tool than a commercial tool.
its really hard to compare the two tools since Core pays lots of people to write exploits, fix code, and market the tool where MSF is pretty much all volunteer time.