Rapid7 Acquires Popular Pen-Testing Tool Metasploit

The vulnerability management company Rapid7 has acquired the rights to the Metasploit Framework code, as well as its trademarks and website. The project's founder, HD Moore, will join Rapid7 as its new Chief Security Officer and the platform will retain its open-source licensing.

The Metasploit Framework is a highly popular penetration testing tool that can be used to test if a system is vulnerable. It currently incorporates a number of 300 contributed exploits and is able to run them against a chosen target. If the exploitation is successful, the framework is also able to execute a chosen payload on the compromised system.

Rapid7, based in Boston, MA, plans to integrate data from the Metasploit Framework into its commercial vulnerability management solution called NeXpose in order to enhance its vulnerability risk scoring accuracy. "Metasploit and Rapid7 NeXpose are uniquely positioned to improve upon the industry-leading capabilities of both products and to raise the bar on the industry at large," said Mike Tuchen, president and CEO of Rapid7.

In addition to joining Rapid7 as CSO, HD Moore will retain his role as Metasploit lead developer. A few other dedicated Metasploit contributors will also join the Rapid7 research team and will focus on ensuring the project's progress. The company plans to provide commercial support for the framework, but the product itself will remain open source and distributed under the same BSD license.

"This acquisition provides dedicated resources to the project, accelerating our growth and allowing us to provide even better solutions to the community. Rapid7 recognizes the value of the community and is passionate about the success of the project," said Metasploit's Chief Architect HD Moore. "Together, Metasploit and Rapid7 provide the best of both penetration testing and vulnerability management solutions, paving the way to deliver unique capabilities that will vastly improve how security flaws are managed," he added.