Home page logo

metasploit logo Metasploit mailing list archives

Metasploit on Windows
From: tomb at byrneit.net (Tomas L. Byrnes)
Date: Wed, 17 Jan 2007 16:59:09 -0800

The only reason I ever used the Windows implementation was to make a
point in a SANS Tooltalk, by running it on windows home edition, and
then cracking a simulated bank site using an SSL tunneled attack. For
any real pen testing, I use a Linux VM anyway.

If you could make a VMWare community appliance at the same time as
dropping Cygwin support, rather than "Some time in the future", then I
would say you had all the bases covered, and it would, hopefully, free
up resources.

-----Original Message-----
From: Chris Byrd [mailto:cbyrd01 at gmail.com] 
Sent: Wednesday, January 17, 2007 4:10 PM
To: framework at metasploit.com
Subject: Re: [framework] Metasploit on Windows

I'd vote for dropping it.  I'd guess that nearly all security pros use
Linux, even if only in a VM.  I'm surprised you'd continue to support
running on cygwin at all.  Hopefully dropping support for cygwin will
free up dev resources for bigger and better things, and allow you to
implement features that might not work otherwise.


- Chris

On 1/17/07, H D Moore <hdm at metasploit.com> wrote:
Hi everyone,

We have been struggling to properly support Windows since the early 
days of 2.0. Cygwin has done a decent job so far, but software 
incompatibilities and Cygwin version mismatches have caused a ton of 
problems for some of our users. The Cygwin installer requires a ton of

disk space and is a huge drain our bandwidth (+100Gb/mo).

With Metasploit 3, we wanted to provide a native Windows version of 
the Framework. There has been little progress on this front, due to 
the main user interface (msfconsole) depending on libreadline and 
libreadline being a broken mess on Windows.

In the last year, there have been a number of free virtualization 
environments available to the public. VMWare has released VMWare 
Player and VMWare Server, Microsoft is giving away copies of 
VirtualPC, Xen is becoming more popular, and VirtualBox has released
their source as GPL.
Both Intel and AMD have virtualization features built into their 
latest processors and the new version of Windows Server will support 
native virtualization. On the distribution side, BackTrack (from
remote-exploit.org) is really kicking ass and provides a ready-to-run 
environment for both version of the Framework.

So, given the stability issues with the Metasploit Cygwin release, and

the wide availability of free virtualization software and OS images, 
would anyone mind if we drop support for the pre-packed Windows 
installer of the Metasploit Framework?

If we go this route, we will still support Metasploit running on top 
of Cygwin, but we will not support Cygwin itself or offer a 
pre-packaged Cygwin environment. We may offer custom live CDs or 
virtual machine images for download, but these would not be 
immediately available. Our current documentation (hah!) for using the 
Windows version will become a list of methods for loading up
Metasploit in a virtualized environment.

If you think this is a horrible idea, keep in mind that the 
technically adept can still install Metasploit into their own Cygwin 
environment, and that the less adept will be able to download 
ready-to-run virtual machine images sometime in the future.

Please reply with your opinion on this (good or bad), we realize quite

a few people depend on the Windows installer.



PS. Yes, we still plan on releasing 3.0 "soon" :-) With any luck we 
can have the final release completed  in February.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]