"The future of Metasploit, the highly respected, open source
penetration testing framework founded by renowned security expert
H.D. Moore, was plunged into doubt last month following the
announcement that the project had been acquired by Rapid7.
"Boston-based Rapid7 is known for its closed-source NeXpose
vulnerability scanning and reporting product, and fears were
immediately raised that the acquisition of Metasploit would lead to
the inevitable demise of the open-source Metasploit project as it
exists today. Metasploit is favored by penetration testers,
corporate security staff (and hackers) because it is open source
and free, but mainly because of Moore's expertise and the wide
community of security experts which contributes modules to
Metasploit. Alternative penetration testing systems such as Core
Security Technologies' Core Impact and Immunity's Canvas are
arguably easier to use, but are too expensive for many smaller
organizations to buy.
"The fears may be based on the precedent of Nessus, an open
source vulnerability scanner which was very popular before it went
closed source in 2005. Nessus is now only available for commercial
use with a subscription, and lacks the community contribution that
Metasploit currently enjoys."