The msfweb interface is a stand-alone web server that allows you to harness the power of the Framework through a browser. This interface is still primitive, but may be useful for team-based penetration testing environments and live demonstrations. If you plan on using msfweb on the Windows platform, keep in mind that Cygwin does not support copy-on-write (COW) for forked processes. Since msfweb uses the fork() call to handle new connections, it will run much slower and use much more memory than if it was running on a comparable Unix system.
Starting with version 2.3, msfweb provides an fast multi-user web shell. This system allows you to share your active sessions with other msfweb users. The shell console (and the rest of msfweb) have been tested with Firefox 1.0, Internet Explorer 6.0, and the Safari/Konqueror browsers.
The msfweb interface provides almost no security whatsoever; anyone who can connect to the msfweb service could potentially gain access to the underlying system. The default configuration is to listen on the loopback address only, this can be changed by using -a option to specify the local IP address. If you would like to open the server up to the entire network, pass 0.0.0.0 to the -a option of msfweb. Just like the command-line interface, the saved environment is loaded on startup and can affect module settings. We do not recommend that you expose the msfweb interface to an untrusted network.