There are really two questions here.

I'll answer the broader question first. The answer is "The Ubuntu Community".

There's a process for adding software to Ubuntu's archive and having it tested as part of the releases:

https://wiki.ubuntu.com/UbuntuDevelopment/NewPackages

To answer about metasploit, its hard to say why it hasn't been packaged yet. There is a debian "Intent To Package" bug filed that is 1607 days old here:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323420

If this were ever completed, it would automatically be included in the Ubuntu universe repository. However, the bug report lists a blocker on the copyright status of some of the files. If this isn't resolved, then it won't enter Debian, and likely won't be included with Ubuntu unless the distribution legality is clarified.

Software is chosen based on it's packaging, licensing and available maintainership. If your desired package is open source and has a package maintainer in debian that is making sure to maintain it, then it makes it's way into Ubuntu automatically.

See the MOTU Getting Started Guide: https://wiki.ubuntu.com/MOTU/GettingStarted

The package you want looks like it may have an open source version, but getting it in will be a matter of working on the packaging.

The real reason

It's not open source. At least not all of it.

It seems that some parts of metasploit-framework (byakugan at least) are proprietary.

What about doing a metasploit-framework package with the core and all the free parts and a metasploit-framework-nonfree with the non-free parts?

Find the contested parts here.