Metasploit on Windows

[arizvi at edats.com (Ali Rizvi)]

not to be a dick as the majority is immediately like "drop cygwin!" "cygwin
sucks!" "install ubuntu!"
but...is libreadline the "only" reason that msf depends on cygwin? if it
isn't, perhaps a list can be
made of things that'd need to be done to make a windows native msf a reality.

i also really don't care too much for cygwin, but rather than dropping
support for it...maybe someone would
want to throw together some really lame code that simulates readline on
windoze. wouldn't be too hard if
you don't really care about 100% of readline's functionality.

-----Original Message-----
From: H D Moore [mailto:hdm at metasploit.com] 
Sent: Wednesday, January 17, 2007 6:23 PM
To: framework at metasploit.com
Subject: [framework] Metasploit on Windows

Hi everyone, 

We have been struggling to properly support Windows since the early days of
2.0. Cygwin has done a decent job so far, but software incompatibilities and
Cygwin version mismatches have caused a ton of problems for some of our
users. The Cygwin installer requires a ton of disk space and is a huge drain
our bandwidth (+100Gb/mo). 

With Metasploit 3, we wanted to provide a native Windows version of the
Framework. There has been little progress on this front, due to the main user
interface (msfconsole) depending on libreadline and libreadline being a
broken mess on Windows.

In the last year, there have been a number of free virtualization
environments available to the public. VMWare has released VMWare Player and
VMWare Server, Microsoft is giving away copies of VirtualPC, Xen is becoming
more popular, and VirtualBox has released their source as GPL. 
Both Intel and AMD have virtualization features built into their latest
processors and the new version of Windows Server will support native
virtualization. On the distribution side, BackTrack (from
remote-exploit.org) is really kicking ass and provides a ready-to-run
environment for both version of the Framework.

So, given the stability issues with the Metasploit Cygwin release, and the
wide availability of free virtualization software and OS images, would anyone
mind if we drop support for the pre-packed Windows installer of the
Metasploit Framework?

If we go this route, we will still support Metasploit running on top of
Cygwin, but we will not support Cygwin itself or offer a pre-packaged Cygwin
environment. We may offer custom live CDs or virtual machine images for
download, but these would not be immediately available. Our current
documentation (hah!) for using the Windows version will become a list of
methods for loading up Metasploit in a virtualized environment.

If you think this is a horrible idea, keep in mind that the technically adept
can still install Metasploit into their own Cygwin environment, and that the
less adept will be able to download ready-to-run virtual machine images
sometime in the future. 

Please reply with your opinion on this (good or bad), we realize quite a few
people depend on the Windows installer.

Thanks!

-HD

PS. Yes, we still plan on releasing 3.0 "soon" :-) With any luck we can have
the final release completed  in February.