- slide 1 of 4
Metasploit for Microsoft Windows
Metasploit is one of the most useful tools for any penetration tester or computer security researcher. The Metasploit Framework provides a unified interface for interacting with all of the steps involved in compromising a computer system -- from information gathering to maintaining access. This takes Metasploit a step beyond the automated vulnerability scanners like Nessus and OpenVAS, since Metasploit can be automated to test and compromise systems largely without user intervention. While most users choose to use the GNU/Linux version of Metasploit, the framework is available for Microsoft Windows as well.
The best installation option for Windows users is the full dependencies package, which includes PostgreSQL, Console2, and all of the other necessities for successfully running Metasploit on the system. Additionally, Cygwin was included in the past, for msfconsole access, but the package now needs to be acquired separately to provide a UNIX-like console interface for the framework. All of the download files are included in the binary executables available on the Metasploit website.
- slide 2 of 4
The Metasploit Framework is just as easy to install on Microsoft Windows as it is to install on machines running GNU/Linux.
Download your preferred executable (either the one with included dependencies or the one with only the Metasploit application) and double-click the installer to begin the set up process.
Click the "Next" button to begin, then continue through the installation, accepting the license agreement and choosing the location for each application. If you chose to use the installer that included all of the dependencies for Metasploit, the installation will take a bit longer and include several more steps.
Click the "Next" button to move through and install all of the applications on your system, then click the "Finish" button once the installation is complete.
- slide 3 of 4
Windows Specific Issues
The Metasploit Framework's website mentions that the majority of features should work under Microsoft Windows. Of course, the application is designed with GNU/Linux in mind and the majority of professional users of the project who contribute source code and bug fixes utilize a UNIX-like system. This means that any issues might be slow to be resolved and community support and solutions might not be as easy to find. Some specific issues with Metasploit under Microsoft Windows include the lack of support for raw socket modules. This means that SYN scans will not be supported using Nmap, the port scanner commonly used with Metasploit -- the default scan option is -Ss or SYN scan. WiFi modules using Lorcon and Lorcon2 do not work, so the injection of frames into WiFi connections will be impossible for some modules. Finally, Metasploit modules that involve ports 139 and 445 will require special configuration under Microsoft Windows since they are written with GNU/Linux to Samba in mind.
- slide 4 of 4
Screenshot from the Metasploit Framework wiki.