14 DAY TRIAL // Users outside the US and Canada will have to apply for a license for Metasploit penetration testing software and provide some additional details about themselves in order to get it, as per the latest US export regulations it is subjected to.
The screening process focuses on both the paid (Pro) and the free (Community) editions, regardless if the distributor of the product is Rapid7 or a third party, the company informed on Sunday.
Non-governmental users should be eligible
“In accordance with the new requirements, the request will be reviewed by Rapid7 and, unless the user is a non-US or non-Canadian government agency (or is otherwise ineligible to receive the products without approval from the US Department of Commerce), the request will be fulfilled,” reads the announcement.
The reason for this is that Metasploit uses encryption, and all US products using this kind of technology are open to export regulations. Apart from this, software pieces dedicated to security intrusion activities have started to face increasing regulatory reviews and restrictions.
According to the blog post, some prospective users are not eligible to receive a license for working with Metasploit without the approval of the US Department of Commerce; however, Rapid7 says that non-governmental users should have no trouble getting the green light.
Reviewing the info delays license delivery
However, the wait time for obtaining the license will increase due to the information screening process. If complete and accurate details are provided, the company says that the wait should not take more than 48 hours.
All those who already have an active Metasploit license should not be affected by the change for now, but will face the same rigor when the license expires.
However, Maria Varmazis, the company’s community manager, says that the firm “will follow the appropriate US and foreign government regulations and seek authorization to continue serving our customers who already have licenses, but cannot guarantee the success of these applications to continue usage in the future.”
The restrictions do not apply to Metasploit Framework, which is an open source project and remains available for download outside the US and Canada under the same conditions as before.