I've not received so many questions so far, so this section is still very rudimentary. It will grow in the future.

• Can I use Sploit for Penetration Testing?
• What's the relation between Sploit and Metasploit?

---

You can do whatever you want, but Sploit has not been designed with that purpose in mind.
For pentesting, you need reliable exploits specifically written to work against multiple targets since you cannot be sure of what is the right return address in a real environment. Brute force techniques and other tricks are good for that. Moreover, the tester usually want to be able to change the egg behavior on the fly, depending on the current situation.

Sploit does not have any of the above features. Since its purpose is providing a nice environment to develop new evasion techniques and test network-based intrusion detection systems, we can assume that you have the target system under your full control and that you can install on it the right vulnerable services.

Anyway, if you want to compose mutation techniques to avoid detection in your pentest experiment... feel free to use Sploit. And since it is a GPL project, you can always modify it to better match your needs.

---

I would say that they are job mates ;)

They both allow you to write real exploit codes and to execute them against real target systems. While Sploit is still in its childhood, Metasploit is a great tool that has been available for a while. If you are interested in testing/pentesting network services you should definitely have Metasploit in your toolkit. Anyway, its focus is not on automatically modifying the attacks to evade detection. It does not include any tcp/ip stack to allow you to play with the network packets. It is more focused on testing attacks with various shellcodes.

Moreover, Metasploit includes now a large number of reliable exploits. Having a large number of attacks is not very important in Sploit, were the key components are the mutant operators, and the exploits are just a way to test them in the field.