[framework] Metasploit on Windows

Thu Jan 18 08:50:31 CST 2007

I use both linux and windows, as I believe lots of linux users would admit.

Linux is my pentesting environment, but for _some_ things windows is 
simply easier (<\end flamewar before it begins>).

I would say the decision whether to continue windows support, really 
depends on HD / developers and where their priorities lay / how busy 
they are etc.

- I personally would like msf to be continued on both platforms - 
because i use both. This is a purely selfish view obviously. (Yes i run 
vm's and dual booting machines etc).
- I would not like to see developement of msf decline because too much 
time was taken in windows support though.
- I believe supporting windows increases the popularity and availability 
of msf - which is a good thing.

The decision is a balance between the popularity and availability of 
metasploit, which will be negatively affected by removing windows 
support, and the amount of time that will be 'wasted' that could be 
spent on other msf developments. Ultimately this choice is the dev's. 
But remember before you get on the purist *nix horse - just how 
widespread windows is, and how it might affect msf popularity.

just some thoughts,

kitkat

> -----Original Message-----
> From: H D Moore [mailto:hdm at metasploit.com] 
> Sent: Wednesday, January 17, 2007 6:23 PM
> To: framework at metasploit.com
> Subject: [framework] Metasploit on Windows
>
> Hi everyone, 
>
> We have been struggling to properly support Windows since the early days of
> 2.0. Cygwin has done a decent job so far, but software incompatibilities and
> Cygwin version mismatches have caused a ton of problems for some of our
> users. The Cygwin installer requires a ton of disk space and is a huge drain
> our bandwidth (+100Gb/mo). 
>
> With Metasploit 3, we wanted to provide a native Windows version of the
> Framework. There has been little progress on this front, due to the main user
> interface (msfconsole) depending on libreadline and libreadline being a
> broken mess on Windows.
>
> In the last year, there have been a number of free virtualization
> environments available to the public. VMWare has released VMWare Player and
> VMWare Server, Microsoft is giving away copies of VirtualPC, Xen is becoming
> more popular, and VirtualBox has released their source as GPL. 
> Both Intel and AMD have virtualization features built into their latest
> processors and the new version of Windows Server will support native
> virtualization. On the distribution side, BackTrack (from
> remote-exploit.org) is really kicking ass and provides a ready-to-run
> environment for both version of the Framework.
>
> So, given the stability issues with the Metasploit Cygwin release, and the
> wide availability of free virtualization software and OS images, would anyone
> mind if we drop support for the pre-packed Windows installer of the
> Metasploit Framework?
>
> If we go this route, we will still support Metasploit running on top of
> Cygwin, but we will not support Cygwin itself or offer a pre-packaged Cygwin
> environment. We may offer custom live CDs or virtual machine images for
> download, but these would not be immediately available. Our current
> documentation (hah!) for using the Windows version will become a list of
> methods for loading up Metasploit in a virtualized environment.
>
> If you think this is a horrible idea, keep in mind that the technically adept
> can still install Metasploit into their own Cygwin environment, and that the
> less adept will be able to download ready-to-run virtual machine images
> sometime in the future. 
>
> Please reply with your opinion on this (good or bad), we realize quite a few
> people depend on the Windows installer.
>
> Thanks!
>
> -HD
>
> PS. Yes, we still plan on releasing 3.0 "soon" :-) With any luck we can have
> the final release completed  in February.
>
>
>
>   