Legal question (Metasploit Framework License v1.1)

[mmiller at hick.org (mmiller at hick.org)]

On Thu, Dec 07, 2006 at 09:35:28PM +0100, Dennis G?nnewig wrote:
> Hi @ all,
>
> I'm a student doing a sandwich course in business information  
> technologies. As part of my studies i evaluate the use of the msf for  
> internal pentests at the company i'm doing my apprenticeship at. While  
> reading your license i'm not sure, if using the unmodified framework for  
> internal usage only, will violate the license. Indirectly i use it  
> commercial, as i check the security of my it-services to meet my service  
> level agreements.
>
> Can anybody of you throw a light on this situation?
>
> a) Is it forbidden to do internal pentests?
>
> b) Furthermore is it forbidden to offer the service pentest for money,  
> while using the msf during the test?

You are not prohibited from using the framework to perform pentest
services for money so long as you does not violate 3.b of the license
agreement.  For example, a violation of the agreement could occur if you
sell software that includes a copy of the framework to a client you are
performing the penetration test for.  Otherwise, your use of the
framework as a component of your penetration test is not a violation of
the license agreement.  H D can clarify if there's anything that I've
missed.

Feel free to let us know if you have further questions.