mailing list archives
Metasploit on Windows
From: tomb at byrneit.net (Tomas L. Byrnes)
Date: Wed, 17 Jan 2007 16:59:09 -0800
The only reason I ever used the Windows implementation was to make a
point in a SANS Tooltalk, by running it on windows home edition, and
then cracking a simulated bank site using an SSL tunneled attack. For
any real pen testing, I use a Linux VM anyway.
If you could make a VMWare community appliance at the same time as
dropping Cygwin support, rather than "Some time in the future", then I
would say you had all the bases covered, and it would, hopefully, free
From: Chris Byrd [mailto:cbyrd01 at gmail.com]
Sent: Wednesday, January 17, 2007 4:10 PM
To: framework at metasploit.com
Subject: Re: [framework] Metasploit on Windows
I'd vote for dropping it. I'd guess that nearly all security pros use
Linux, even if only in a VM. I'm surprised you'd continue to support
running on cygwin at all. Hopefully dropping support for cygwin will
free up dev resources for bigger and better things, and allow you to
implement features that might not work otherwise.
On 1/17/07, H D Moore <hdm at metasploit.com> wrote:
We have been struggling to properly support Windows since the early
days of 2.0. Cygwin has done a decent job so far, but software
incompatibilities and Cygwin version mismatches have caused a ton of
problems for some of our users. The Cygwin installer requires a ton of
disk space and is a huge drain our bandwidth (+100Gb/mo).
With Metasploit 3, we wanted to provide a native Windows version of
the Framework. There has been little progress on this front, due to
the main user interface (msfconsole) depending on libreadline and
libreadline being a broken mess on Windows.
In the last year, there have been a number of free virtualization
environments available to the public. VMWare has released VMWare
Player and VMWare Server, Microsoft is giving away copies of
VirtualPC, Xen is becoming more popular, and VirtualBox has released
their source as GPL.
Both Intel and AMD have virtualization features built into their
latest processors and the new version of Windows Server will support
native virtualization. On the distribution side, BackTrack (from
remote-exploit.org) is really kicking ass and provides a ready-to-run
environment for both version of the Framework.
So, given the stability issues with the Metasploit Cygwin release, and
the wide availability of free virtualization software and OS images,
would anyone mind if we drop support for the pre-packed Windows
installer of the Metasploit Framework?
If we go this route, we will still support Metasploit running on top
of Cygwin, but we will not support Cygwin itself or offer a
pre-packaged Cygwin environment. We may offer custom live CDs or
virtual machine images for download, but these would not be
immediately available. Our current documentation (hah!) for using the
Windows version will become a list of methods for loading up
Metasploit in a virtualized environment.
If you think this is a horrible idea, keep in mind that the
technically adept can still install Metasploit into their own Cygwin
environment, and that the less adept will be able to download
ready-to-run virtual machine images sometime in the future.
Please reply with your opinion on this (good or bad), we realize quite
a few people depend on the Windows installer.
PS. Yes, we still plan on releasing 3.0 "soon" :-) With any luck we
can have the final release completed in February.
Metasploit on Windows Wouter-Jan Kok (Jan 18)
Re: Metasploit on Windows netevil (Jan 18)