Its best-known sub-project is the open-source[3] Metasploit Framework, a tool for developing and executing exploit code against a remote target machine.

On October 21, 2009, the Metasploit Project announced[4] that it had been acquired by Rapid7, a security company that provides unified vulnerability management solutions.

[8][9] Metasploit 3.0 began to include fuzzing tools, used to discover software vulnerabilities, rather than just exploits for known bugs.

Metasploit Pro adds onto Metasploit Express with features such as Quick Start Wizards/MetaModules, building and managing social engineering campaigns, web application testing, an advanced Pro Console, dynamic payloads for anti-virus evasion, integration with Nexpose for ad-hoc vulnerability scans, and VPN pivoting.

It offers a graphical user interface, It integrated nmap for discovery, and added smart brute-forcing as well as automated evidence collection.

[13] Armitage is a graphical cyber attack management tool for the Metasploit Project that visualizes targets and recommends exploits.

It is a free and open source network security tool notable for its contributions to red team collaboration allowing for shared sessions, data, and communication through a single Metasploit instance.

Cobalt Strike is a collection of threat emulation tools provided by HelpSystems to work with the Metasploit Framework.

[16] Metasploit currently has over 2074 exploits, organized under the following platforms: AIX, Android, BSD, BSDi, Cisco, Firefox, FreeBSD, HP-UX, Irix, Java, JavaScript, Linux, mainframe, multi (applicable to multiple platforms), NetBSD, NetWare, NodeJS, OpenBSD, macOS, PHP, Python, R, Ruby, Solaris, Unix, and Windows.

Metasploit Framework operates as an open-source project and accepts contributions from the community through GitHub.com pull requests.