If I recall correctly, version 1 of metasploit actually had exploits for *live* sites (a bank) and things, so that is obviously an issue. I don't even think you will find a copy of the first version of metasploit (does HD have one locked up somewhere, who knows).
Currently, metasploit is a hammer. People kill other people with hammers, but they build substantially more things than people killed. I think you need to define what sort of legal troubles you expect with open source projects. CFAA-type legal troubles, or licensing (GPL vs MIT/BSD) legal troubles. Pretty sure source code is considered free speech. So I don't think you can be held accountable for source code that you release *that you wrote yourself*. On Fri, Apr 4, 2014 at 5:58 AM, Bryan Bickford <br...@unhwildhats.com>wrote: > Greetings > > I am a security researcher who is working on a project in my free time, > without going into details - the project will end with a powerful tool > being publicly released. > > Obviously most cyber security tools have the potential for abuse. What sort > of legal hurdles (if any) do you need to overcome to protect yourself when > releasing software along the lines of metasploit? > > _______________________________________________ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/