mailing list archives
Metasploit on Windows
From: L.vd.Eijk at mindef.nl (L.vd.Eijk at mindef.nl)
Date: Thu, 18 Jan 2007 08:00:53 +0100
HD, if it takes to many resources, time etc. You should drop supporting
Cygwin. You have my vote !
From: H D Moore [mailto:hdm at metasploit.com]
Sent: donderdag 18 januari 2007 0:23
To: framework at metasploit.com
Subject: [framework] Metasploit on Windows
We have been struggling to properly support Windows since the early days
of 2.0. Cygwin has done a decent job so far, but software
incompatibilities and Cygwin version mismatches have caused a ton of
problems for some of our users. The Cygwin installer requires a ton of
disk space and is a huge drain our bandwidth (+100Gb/mo).
With Metasploit 3, we wanted to provide a native Windows version of the
Framework. There has been little progress on this front, due to the main
user interface (msfconsole) depending on libreadline and libreadline
being a broken mess on Windows.
In the last year, there have been a number of free virtualization
environments available to the public. VMWare has released VMWare Player
and VMWare Server, Microsoft is giving away copies of VirtualPC, Xen is
becoming more popular, and VirtualBox has released their source as GPL.
Both Intel and AMD have virtualization features built into their latest
processors and the new version of Windows Server will support native
virtualization. On the distribution side, BackTrack (from
remote-exploit.org) is really kicking ass and provides a ready-to-run
environment for both version of the Framework.
So, given the stability issues with the Metasploit Cygwin release, and
the wide availability of free virtualization software and OS images,
would anyone mind if we drop support for the pre-packed Windows
installer of the Metasploit Framework?
If we go this route, we will still support Metasploit running on top of
Cygwin, but we will not support Cygwin itself or offer a pre-packaged
Cygwin environment. We may offer custom live CDs or virtual machine
images for download, but these would not be immediately available. Our
current documentation (hah!) for using the Windows version will become a
list of methods for loading up Metasploit in a virtualized environment.
If you think this is a horrible idea, keep in mind that the technically
adept can still install Metasploit into their own Cygwin environment,
and that the less adept will be able to download ready-to-run virtual
machine images sometime in the future.
Please reply with your opinion on this (good or bad), we realize quite a
few people depend on the Windows installer.
PS. Yes, we still plan on releasing 3.0 "soon" :-) With any luck we can
have the final release completed in February.
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht
abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De
Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan
het elektronisch verzenden van berichten.
This message may contain information that is not intended for you. If you are not the addressee or if this message was
sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability
for damage of any kind resulting from the risk inherent in the electronic transmission of messages.