Metasploit on Windows

[tomb at byrneit.net (Tomas L. Byrnes)]

The only reason I ever used the Windows implementation was to make a
point in a SANS Tooltalk, by running it on windows home edition, and
then cracking a simulated bank site using an SSL tunneled attack. For
any real pen testing, I use a Linux VM anyway.

If you could make a VMWare community appliance at the same time as
dropping Cygwin support, rather than "Some time in the future", then I
would say you had all the bases covered, and it would, hopefully, free
up resources.


-----Original Message-----
From: Chris Byrd [mailto:cbyrd01 at gmail.com] 
Sent: Wednesday, January 17, 2007 4:10 PM
To: framework at metasploit.com
Subject: Re: [framework] Metasploit on Windows

I'd vote for dropping it.  I'd guess that nearly all security pros use
Linux, even if only in a VM.  I'm surprised you'd continue to support
running on cygwin at all.  Hopefully dropping support for cygwin will
free up dev resources for bigger and better things, and allow you to
implement features that might not work otherwise.

Cheers,

- Chris



On 1/17/07, H D Moore <hdm at metasploit.com> wrote:
> Hi everyone,
>
> We have been struggling to properly support Windows since the early 
> days of 2.0. Cygwin has done a decent job so far, but software 
> incompatibilities and Cygwin version mismatches have caused a ton of 
> problems for some of our users. The Cygwin installer requires a ton of

> disk space and is a huge drain our bandwidth (+100Gb/mo).
>
> With Metasploit 3, we wanted to provide a native Windows version of 
> the Framework. There has been little progress on this front, due to 
> the main user interface (msfconsole) depending on libreadline and 
> libreadline being a broken mess on Windows.
>
> In the last year, there have been a number of free virtualization 
> environments available to the public. VMWare has released VMWare 
> Player and VMWare Server, Microsoft is giving away copies of 
> VirtualPC, Xen is becoming more popular, and VirtualBox has released
their source as GPL.
> Both Intel and AMD have virtualization features built into their 
> latest processors and the new version of Windows Server will support 
> native virtualization. On the distribution side, BackTrack (from
> remote-exploit.org) is really kicking ass and provides a ready-to-run 
> environment for both version of the Framework.
>
> So, given the stability issues with the Metasploit Cygwin release, and

> the wide availability of free virtualization software and OS images, 
> would anyone mind if we drop support for the pre-packed Windows 
> installer of the Metasploit Framework?
>
> If we go this route, we will still support Metasploit running on top 
> of Cygwin, but we will not support Cygwin itself or offer a 
> pre-packaged Cygwin environment. We may offer custom live CDs or 
> virtual machine images for download, but these would not be 
> immediately available. Our current documentation (hah!) for using the 
> Windows version will become a list of methods for loading up
Metasploit in a virtualized environment.
> If you think this is a horrible idea, keep in mind that the 
> technically adept can still install Metasploit into their own Cygwin 
> environment, and that the less adept will be able to download 
> ready-to-run virtual machine images sometime in the future.
>
> Please reply with your opinion on this (good or bad), we realize quite

> a few people depend on the Windows installer.
>
> Thanks!
>
> -HD
>
> PS. Yes, we still plan on releasing 3.0 "soon" :-) With any luck we 
> can have the final release completed  in February.