mailing list archives
Metasploit on Windows
From: jk at electriccat.co.uk (James Kearney)
Date: Thu, 18 Jan 2007 14:50:31 +0000
I use both linux and windows, as I believe lots of linux users would admit.
Linux is my pentesting environment, but for _some_ things windows is
simply easier (<\end flamewar before it begins>).
I would say the decision whether to continue windows support, really
depends on HD / developers and where their priorities lay / how busy
they are etc.
- I personally would like msf to be continued on both platforms -
because i use both. This is a purely selfish view obviously. (Yes i run
vm's and dual booting machines etc).
- I would not like to see developement of msf decline because too much
time was taken in windows support though.
- I believe supporting windows increases the popularity and availability
of msf - which is a good thing.
The decision is a balance between the popularity and availability of
metasploit, which will be negatively affected by removing windows
support, and the amount of time that will be 'wasted' that could be
spent on other msf developments. Ultimately this choice is the dev's.
But remember before you get on the purist *nix horse - just how
widespread windows is, and how it might affect msf popularity.
just some thoughts,
From: H D Moore [mailto:hdm at metasploit.com]
Sent: Wednesday, January 17, 2007 6:23 PM
To: framework at metasploit.com
Subject: [framework] Metasploit on Windows
We have been struggling to properly support Windows since the early days of
2.0. Cygwin has done a decent job so far, but software incompatibilities and
Cygwin version mismatches have caused a ton of problems for some of our
users. The Cygwin installer requires a ton of disk space and is a huge drain
our bandwidth (+100Gb/mo).
With Metasploit 3, we wanted to provide a native Windows version of the
Framework. There has been little progress on this front, due to the main user
interface (msfconsole) depending on libreadline and libreadline being a
broken mess on Windows.
In the last year, there have been a number of free virtualization
environments available to the public. VMWare has released VMWare Player and
VMWare Server, Microsoft is giving away copies of VirtualPC, Xen is becoming
more popular, and VirtualBox has released their source as GPL.
Both Intel and AMD have virtualization features built into their latest
processors and the new version of Windows Server will support native
virtualization. On the distribution side, BackTrack (from
remote-exploit.org) is really kicking ass and provides a ready-to-run
environment for both version of the Framework.
So, given the stability issues with the Metasploit Cygwin release, and the
wide availability of free virtualization software and OS images, would anyone
mind if we drop support for the pre-packed Windows installer of the
If we go this route, we will still support Metasploit running on top of
Cygwin, but we will not support Cygwin itself or offer a pre-packaged Cygwin
environment. We may offer custom live CDs or virtual machine images for
download, but these would not be immediately available. Our current
documentation (hah!) for using the Windows version will become a list of
methods for loading up Metasploit in a virtualized environment.
If you think this is a horrible idea, keep in mind that the technically adept
can still install Metasploit into their own Cygwin environment, and that the
less adept will be able to download ready-to-run virtual machine images
sometime in the future.
Please reply with your opinion on this (good or bad), we realize quite a few
people depend on the Windows installer.
PS. Yes, we still plan on releasing 3.0 "soon" :-) With any luck we can have
the final release completed in February.
Metasploit on Windows ken (Jan 18)