[framework] Legal question (Metasploit Framework License v1.1)

[H D Moore]

The non-commercial restrictions apply to anyone redistributing the 
software, providing the software on a "leased" platform (MSSP appliance), 
or otherwise charging money for access to the software. 

The license has been updated (v1.2) with the only change being the removal 
of "solely for Your personal and non-commercial use" from section 2. 

This change should make your use of the software for internal and 
commercial penetration legal, as long as you stay within the bounds of 
the other restrictions.

If in doubt, hire a lawyer :-)

-HD

On Thursday 07 December 2006 14:35, Dennis Günnewig wrote:
> I'm a student doing a sandwich course in business information
> technologies. As part of my studies i evaluate the use of the msf for
> internal pentests at the company i'm doing my apprenticeship at. While
> reading your license i'm not sure, if using the unmodified framework
> for internal usage only, will violate the license. Indirectly i use it
> commercial, as i check the security of my it-services to meet my
> service level agreements.
>
> Can anybody of you throw a light on this situation?
>
> a) Is it forbidden to do internal pentests?
>
> b) Furthermore is it forbidden to offer the service pentest for money,
> while using the msf during the test?
>
>
>
> Best regards,
> Dennis Guennewig
>
>
> extract of the Metasploit Framework License v1.1
> ====================================================
> g. "Use" means to download, install, access, copy, >>> execute <<<,
> sell, or
> otherwise benefit from the Software (directly or indirectly, with or
> without notice or knowledge of the Software's incorporation or
> utilization in any larger application or product).
>
> 2. Subject to the terms and conditions of this License, Developer
> hereby grants You a worldwide, royalty-free, non-exclusive license to
> reproduce, publicly display, and publicly perform the Software solely
> for Your personal and >>> non-commercial use <<<.