Application security

Metasploit Sale To Rapid7 – Opinions From A Contributor

Let me start by saying that these are the opinions of a contributor. To this day I have contributed to the project 3 Auxiliary Modules and 16 Meterpreter scripts to the project and I had the honor and privilege to present with HD in Defcon 17 in the Metasploit Trac. I was initially in shock when I saw the news on my iPhone while stuck in traffic, when I saw the news I could not believe it, I thought it was a joke. When I got to my office I quickly checked the web pages and listen to the Risky Business Podcast where they interviewed about the acquisition and read all of the tweets of people in favor and against it, their worries, rants and comments. After all of this I mentioned,I came to the conclusion that this is a great thing for the project for a lot of time this project has been the labor of love of the members of the Metasploit project, with very few active committers and summiteers other than a handful, each putting of their own free time, sacrificing long nights, family time and money to work on the project. Some wrote code to scratch their own itch and solve problems they had others just did it for the same motivation that have pushed hackers everywhere to write code, the fun of creating something and learning how stuff works. In my case I stopped doing penetration tests and security audits many years ago and in December of last year decided to get back in to the game by sharing stuff in my blog, forums and turning a lot of the stuff I knew in to tools and scripts, in that process I started writing code for Metasploit and I never found in any other project a community so patient and willing to help. HD has given me tips that made me a better coder, he was always patient and cotius with me and other contributors, the members of the team have also always been helpful like Natron, ET, Chris Gates and MC with each piece of code I wrote (which many time was ugly as hell). HD is now a father and as a dad also of little girl I know how hard it is to spend time coding to contribute to a community and sacrifice the precious time one has with something as precious as ones own child, what he did will give him more time to spend with his family and still work on the project he loves as well as for some of the members of the Metasploit team. Here is a list of the advantages I see:

  • 1. Code will have dedicated dev team to work on it.
  • 2. More stable code base since more resources for testing will be available.
  • 3. More exploits and features to come faster since there will be a dedicated team.
  • 4. The side effect that other projects like Canvas, Core Impact and others will have a stronger competitor thus making them better their products even more.
  • 5. Support for pentester and others that use the framework.

 

The fears I have seen express by many have been:

  • 1. The code going private and closed source.
  • 2. That many of the cool features and exploits will be charged for by Rapid7
  • 3. That the community will disappear.

To this  I answer, HD has put long hours and money to fund this project by himself, he has expressed that he will continue to keep the project open source as well as support the community and to this I say he has more than earned our support and trust. I trust HD and keep him to his word. The project is under BSD license so the same community that has made Metasploit grow can fork it and keep it going, but for now my trust is on HD and the Dev team. So lets keep supporting the project by contributing, testing the code, reporting bugs and make this and even better framework. I do say I envy HD and Egyp7 from the team, they are now working full time on what they love so I say to them and the rest of the Metasploit team congratulations and my best wishes.

Carlos Perez

Carlos is currently the Principal Consultant, Team Lead for Research at TrustedSec and well-known for his research on both Metasploit and Windows Powershell. His blog www.darkoperator.com carries the tag line: “Shell Is Only The Beginning”.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.