
Oct 21, 2009
Metasploit Rising
Metasploit purchased by Rapid7
The Framework that we all know and love is about to take a massive leap into the future. The MSF crew as well as the MSF itself has been placed under Rapid 7’s corporate umbrella.
The framework will continue to be free, running under the BSD license. We expect to see major improvements in the MSF due to this shift. With corporate backing there will be more resources and time to improve the MSF. We have been told that version 3.3 will be a MAJOR improvement due to a whole new structure. In version 3.4 the jump will be even more drastic since full time staff and resources will be devoted to developing that version. HD Moore is still overseeing this project and will be heavily involved in development, creation and keeping MSF the awesome framework we are all used to.
Offensive Security, which has become a leader in the security market for training and penetration testing is now the official training partners for MSF education to the public. Offensive Security worked with the MSF crew to create the acclaimed Metasploit Unleashed Course and we will continue to work closely with HD Moore and the Metasploit crew to continue offering amazing training on the MSF. We look forward to seeing how all this unravels.
What’s coming in the future? We are sure to see new and exciting developments in the MSF as well in new and improved Offensive Security Courses.
Stay in the know: Become an OffSec Insider
Get the latest updates about resources, events & promotions from OffSec!
Latest from OffSec

Research & Tutorials
CVE-2024-12029 – InvokeAI Deserialization of Untrusted Data vulnerability
CVE-2024-12029: A critical deserialization vulnerability in InvokeAI’s /api/v2/models/install endpoint allows remote code execution via malicious model files. Exploit risk for AI art servers.
Jul 17, 2025
0
Research & Tutorials
What is Phishing? Introduction to Phishing Demo (for Beginners)
Learn how phishing attacks work and how to spot them. Watch OffSec’s animated video to protect yourself from scams, spoofed sites, and social engineering.
Jul 15, 2025
2 min read

Research & Tutorials
CVE-2025-27636 – Remote Code Execution in Apache Camel via Case-Sensitive Header Filtering Bypass
Discover the critical Apache Camel vulnerability (CVE-2025-27636) that allows remote code execution via case-sensitive HTTP header manipulation in the exec component. Learn how attackers exploit this flaw and how to mitigate it.
Jul 10, 2025
2 min read