Open Source Communities

Building a more secure future with open source communities

More contributors, more solutions

Security is a responsibility we all share and a challenge that’s too big to face alone. It’s only through wide access to tools and data that we can move the security industry forward. After more than a decade of collaboration and support, we remain committed to the open source community. Because knowledge is power, especially when it’s shared.

Our communities thrive thanks to the input of professionals and users across the security industry. Help us get more knowledge out there – visit the links below to see how you can get involved.

Open source projects

Whether fostering long-standing communities or launching vibrant new ones, we support a range of open source projects with hundreds of thousands of active contributors across the security industry:

The world's most used penetration testing framework

A collaboration between the open source community and Rapid7 since 2009, Metasploit helps security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness; it empowers and arms defenders to always stay one step (or two) ahead of the game.

Open source network fingerprinting for hosts, services, and content

Faced with connected devices from toasters to laptops and the continued growth of shadow IT, it’s hard for security professionals to know everything that’s present in their ecosystems. They can’t identify something as a potential risk if they don’t know that it exists. Recog’s dynamic open source database of network fingerprints is here to help. Its active contributor community provides a clearer picture of every device, so security teams can address risk and move forward with confidence.

The security community’s forum for analyzing threats, because not all vulns are created equal

For years, security researchers and development teams suffered for the lack of a community-driven venue to discuss, analyze, and prioritize threats. Rapid7 recognized this need and in 2020 we created AttackerKB to meet it. This community-driven platform empowers security professionals to exchange information about vulnerabilities so they can better understand the impact and likelihood of being exploited.

An open source platform for interrogating endpoints with speed and precision

With a solid architecture, a library of customizable forensic artifacts and its own unique and flexible query language, Velociraptor lets security teams dig deeper, providing the next generation in endpoint monitoring, digital forensic investigations and cyber incident response. And as an open source platform, it continues to improve through input from professionals on the front lines.


Rapid7’s belief in the power of collaboration extends beyond our open source projects. From sharing cyber threat information in an instant to knocking down the barriers that impede security teams, we work with industry groups around the globe to empower the larger cybersecurity community.

The Cyber Threat Alliance (CTA) is a non-profit organization that works to enable near real-time, high-quality cyber threat information sharing among companies and organizations in the cybersecurity field. From his seat on the Board of Directors, Rapid7 Chairman and CEO Corey Thomas works with the CTA to further their mission of protecting end users, disrupting malicious actors, and elevating the overall security of the digital ecosystem.

The Open Cybersecurity Alliance (OCA), an OASIS Open Project, is building an open ecosystem where cybersecurity products interoperate without the need for customized integrations. By joining other industry leaders in OCA, Rapid7 aims to minimize the fragmented use of security tools and enable better collaboration between siloed teams, making powerful solutions even more accessible and impactful.