When you think of an operating system to run pen testing tools on, you probably think of Linux and more specifically, BackTrack Linux. BackTrack Linux is a great option and one of the most common platforms for running pen testing tools. If you are a Mac user, then you would most likely run a virtual machine of BackTrack Linux.
While this is a great option, sometimes it is nice to have your tools running on the native operating system of your computer. Another benefit is not having to share your system resources with a virtual machine. This also eliminates the need to transfer files between your operating system and a virtual machine, and the hassles of having to deal with a virtual machine. Also by running the tools within OS X, you will be able to seamlessly access all of your Mac OS X applications.
My attack laptop happens to be a MacBook Pro and I started out running VirtualBox with a BackTrack Linux virtual machine. I recently started installing my hacking tools on my MacBook Pro. I wanted to expand the toolset of my Mac, so I started with Nessus, nmap, SQLMap, and then I installed Metasploit. My goal is to get most, if not all, of the tools I use installed on my MacBook Pro and run them natively within OS X. Since Mac OS X is a UNIX based operating system, you get great tools that come natively with UNIX operating systems such as netcat and SSH. You also have powerful scripting languages installed such as Perl and Python. With all of the benefits and features of the Mac OS X, there is no reason to not use Mac OS X for your pen testing platform. I was really surprised to see that there’s not a lot of information on the subject of using Mac OS X as a pen testing/hacking platform. Metasploit was the toughest application to get running on Mac OS X and that was mostly due to the PostgreSQL database setup. The majority of hacking tools are command line based, so they are easy and fairly straightforward to install.
In this article, I am going to take you through the installation and configuration of some of the most popular and useful hacking tools, such as Metasploit, on Mac OS X. If you are interested in maximizing the use of your Mac for pen testing and running your tools natively, then you should find this article helpful.
The Tools
The pen test tools we will be installing are must-haves and all of them are free, with the exception of Burp Suite and Nessus (although Burp Suite has a free version, which offers a portion of the Burp Suite tools for free). The tools offered for free with Burp Suite are useful tools and I highly recommend them. The professional version of Burp Suite is reasonably priced.
- Metasploit Framework Nmap
- SQLmap
- Burp Suite
- Nessus
- SSLScan
- Wireshark
- TCPDUMP
- Netcat
Metasploit Framework
The Metasploit Framework is one of the most popular and powerful exploit tools for pen testers and a must have for pen testers. The Metasploit Framework simplifies the exploitation process and allows you to manage your pen tests with the workspace function in Metasploit. Metasploit also allows you to run nmap within Metasploit and the scan information is organized by project with the workspace function. You can create your own exploits and modify existing exploits in Metasploit. Metasploit has too many features to mention in this article, and the scope of this article is to demonstrate how to install Metasploit and other pen testing tools.
The Install
Before we install Metasploit, we need to install some software dependencies. It is a little more work to install Metasploit on Mac OS X, but it will be worth it. Listed below are the prerequisite software packages.
Software Prerequisites
- MacPorts
- Ruby1.9.3
- Homebrew
- PostgreSQL
MacPorts Installation Install Xcode
- Xcode Install from the Apple App Store, or it can be downloaded from the following URL: https://developer.apple.com/xcode/
- Once Xcode is installed, go into the Xcode preferences and install the “Command Line Tools”. (see Figure 1)
- Install the MacPorts app
- Download and install the package file (.dmg) file from the MacPorts web site: https://distfiles.macports.org/MacPorts/
Once the files are downloaded, install MacPorts. More information on MacPorts can be found here: http://www.macports.org/install.php - Run MacPorts selfupdate to make sure it is using the latest version.
- From a terminal window run the following command:
$ sudo port selfupdate
Ruby 1.9.3
Mac OS X is preinstalled with Ruby, but we want to upgrade to Ruby 1.9.3
We will be using MacPorts to upgrade Ruby. From a terminal window run the following command:
$ sudo port install ruby19 +nosuffix
The default Ruby install path for MacPorts is: /opt/local/ It’s a good idea to verify that the PATH is correct, so that opt/local/bin is listed before /usr/bin. You should get back something that looks like this:
/opt/local/bin:/opt/local/sbin:/usr/bin:/bin:/usr/ sbin:/sbin
You can verify the path by entering the following syntax in a terminal window:
$ echo $PATH
To verify the Ruby install locations, enter this syntax:
$ which ruby gem
You should get back the following response:
/opt/local/bin/ruby /opt/local/bin/gem
Database Installation
A database is not required to run, but some of the features of Metasploit require that you install a database. The workspace feature of Metasploit is one of the really nice features of Metasploit that requires a database. Workspace allows easy project organization by offering separate workspaces for each project. PostgreSQL is the vendor recommended and supported database, but MySQL can be used. In this article, we will be using PostgreSQL.
We will use Homebrew to install PostgreSQL. I tried a few different installation methods, but this is the easiest way to install PostgreSQL. Homebrew is a good method to install Open Source software packages.
First we will install Homebrew. From a terminal window run the following command:
$ ruby -e “$(curl -fsSkL raw.github.com/mxcl/homebrew/go)”
Next we will install PostgreSQL using Homebrew. From a terminal window run the following command:
$ brew install postgresql
Next we initialize the database, configure the startup, and start PostgreSQL. From a terminal window run the following command:
initdb /usr/local/var/postgres cp /usr/ local/Cellar/postgresql/9.1.4/homebrew.mxcl. postgresql.plist ~/Library/LaunchAgents/ launchctl load -w ~/Library/LaunchAgents/ homebrew.mxcl.postgresql.plist pg_ctl -D / usr/local/var/postgres -l /usr/local/var/ postgres/server.log start
Database configuration
In this step we will create our Metasploit database and the database user.
The Homebrew install does not create the postgres user, so we need to create the postgres user to create databases and database users.
At a command prompt, type the following:
$ createuser postgres_user -P
$ Enter password for new role: password
$ Enter it again: password
$ Shall the new role be a superuser? (y/n) y
$ Shall the new role be allowed to create databases? (y/n) y $ Shall the new role be allowed to create more new roles?
(y/n) y
Creating the database user
At a command prompt, type the following:
$ createuser msf_user -P
$ Enter password for new role: password
$ Enter it again: password
$ Shall the new role be a superuser? (y/n) n
$ Shall the new role be allowed to create databases? (y/n) n $ Shall the new role be allowed to create more new roles?
(y/n) n
Creating the database
At a command prompt, type the following:
$ createdb --owner=msf_user msf_database
Install the pg gem
At a command prompt, type the following:
$ gem install pg
The database and database user are created, so now it is time to install Metasploit.
Metasploit software installation
The dependencies have been installed and next we will install the Metasploit software.
Download the Metasploit source code for installation using the link provided below and do not download the .run file from the Metasploit download page. Download the Metasploit tar file from: http://downloads.metasploit.com/data/releases/framework-latest.tar.bz2
Once the download is complete, untar the file. If you have software installed to unzip or untar files, then it should untar the file when the file is finished downloading. I use StuffIt Expander and it untarred the file for me upon completion of the download. If you need to manually untar the file, type this command at the command line and it will untar the file into the desired directory:
$ sudo tar –xvf framework-lastest-tar.bz2 –C /opt
If the file was untarred for you as mentioned, you will need to move the Metasploit source file structure to the opt directory. Your directory structure should look like this:
/opt/metasploit3/msf3
Starting Metasploit
Now that Metasploit is installed, we will start Metasploit for the first time. You will need to navigate to the Metasploit directory and start Metasploit.
Navigate to the Metasploit directory with the following syntax entered at the command line:
$ cd /opt/metasploit/msf3
To start Metasploit, simply enter the following syntax:
$ sudo ./msfconsole
You will get one of the many Metasploit screens like the one in Figure 2.
Connecting to the database
In this next step, we will connect Metasploit to our PostgreSQL database. From the Metasploit prompt, type the following syntax:
msf > db_connect msf_user:[email protected]/msf_database
You will see the following message and you should be connected.
[*] Rebuilding the module cache in the background...
Type in the following syntax to verify the database is connected:
msf > db_status
You will get the following back verifying the database is connected:
[*] postgresql connected to msf_database
The database is now connected to Metasploit, but once you exit Metasploit the database will be disconnected. To configure Metasploit to automatically connect on startup, we will have to create the msfconsole.rc file.
Enter the following syntax at the command prompt:
$ cat > ~/.msf3/msfconsole.rc << EOF db_connect -y /opt/metasploit3/config/database.yml
EOF
Updating Metasploit
Now that we have Metasploit installed and configured, we will update the Metasploit installation. From the command prompt, type the following syntax:
$ ./msfupdate
This can take a while, so just sit back and let the update complete. Make sure to update Metasploit frequently so you have the latest exploits.
The benefits of Metasploit with database
Now that Metasploit is installed, the database is connected and ready to use. So what can you do with Metasploit with a database that you couldn’t do without one? Below is a list of new Metasploit Database Backend Commands taken directly from the Metasploit console. The commands are pretty much self-explanatory, but it should be noted that db_import allows you to import nmap scans done outside of Metasploit. This comes in handy when you are working with others on a pen test and you want to centrally manage your pen test data. As mentioned earlier, workspace helps you manage your pen tests by allowing you to store them in separate areas of the database. A great reference guide for Metasploit can be found at Offensive Security’s website: http://www.offensive-security.com/metasploit-unleashed/Main_Page.
Nmap
Nmap is an open source network discovery and security auditing tool. You can run nmap within Metasploit, but it is good to have nmap installed so you can run nmap outside of Metasploit. We will use Homebrew to install nmap. From the command prompt, type the following syntax:
$ brew install nmap
Visit the Nmap website for the Nmap reference guide: http://nmap.org/book/man.html.
Burp Suite
Burp Suite is a set of web security testing tools, including Burp Proxy. To install Burp Suite, download it from: http:// www.portswigger.net/burp/download.html.
To run Burp, type the following syntax from the command prompt:
$ java -jar -Xmx1024m burpsuite_v1.4.01.jar
For more information on using Burp, go to the Burp Suite website: http://www.portswigger.net/burp/help/.
Nessus
Nessus is a commercial vulnerability scanner and it can be downloaded from the Tenable Network website: http://www.tenable.com/products/nessus/nessus-downloadagreement.
Download the file Nessus-5.x.x.dmg.gz, and then double click on it to unzip it. Double click on the Nessus5.x.x.dmg file, which will mount the disk image and make it appear under “Devices” in “Finder”. Once the volume “Nessus 5” appears in “Finder”, double click on the file Nessus 5.
The Nessus installer is GUI based like other Mac OS X applications, so there are no special instructions to document. The Nessus 5.0 Installation and Configuration Guide as well as the Nessus 5.0 User Guide can be downloaded from the documentation section of the Tenable Network website: http://www.tenable.com/products/nessus/documentation.
SSLScan
SSLScan queries SSL services, such as HTTPS, in order to determine the ciphers that are supported.
To install sslscan, type the following syntax at the command prompt:
$ brew install sslscan
Wireshark
Wireshark is a packet analyzer and can be useful in pen tests. Wireshark DMG package can be downloaded from the Wireshark website: http://www.wireshark.org/download.html. Once the file is downloaded, double click to install Wireshark.
TCPDUMP
TCPDUMP is a command line packet analyzer that is preinstalled on Mac OS X. For more information consult the man page for tcpdump by typing the following syntax at the command prompt:
$ man tcpdump
Netcat
Netcat is a multipurpose network utility that is preinstalled on Mac OS X. Netcat can be used for port redirection, tunneling, and port scanning to name just a few of the capabilities of Netcat. Netcat is used a lot for reverse shells. For more information on Netcat, type the following syntax at the command prompt:
$ man nc
Conclusion
By following the instructions in this article, you will have a fully functional set of hacking tools installed on your Mac and you will be able to run them natively without having to start a virtual machine or deal with the added administrative overhead that comes with running a virtual machine. You will also not have to share resources with a virtual machine. I hope you found this article useful and I hope you enjoy setting up your Mac OS X hacker toolbox as much as I did. With Macs increasing in popularity, I can only imagine that they will become more widely used in pen testing.
Author
Latest Articles
Blog2017.01.182017 Global Fraud and Cybercrime Forecast - Explained Visually by RSA
Blog2017.01.17Don’t try to master it all – just try to understand how to NOT be the low hanging fruit - Interview with Christopher Hadnagy, CEO of Social-Engineer, LLC.
Blog2017.01.09Top 5 Cybersecurity Threats to Watch Out for in 2017 - Infographic by InApp
Blog2017.01.04Don't underestimate the script kiddies nowadays - Interview with Tal Argoni, Co- Founder of Triad Security
New Edition
great
having an issues with this “initdb /usr/local/var/postgres cp /usr/ local/Cellar/postgresql/9.1.4/homebrew.mxcl. postgresql.plist ~/Library/LaunchAgents/ launchctl load -w ~/Library/LaunchAgents/ homebrew.mxcl.postgresql.plist pg_ctl -D / usr/local/var/postgres -l /usr/local/var/ postgres/server.log start
”
I get this error
initdb /usr/local/var/postgres cp /usr/ local/Cellar/postgresql/9.1.4/homebrew.mxcl. postgresql.plist ~/Library/LaunchAgents/ launchctl load -w ~/Library/LaunchAgents/ homebrew.mxcl.postgresql.plist pg_ctl -D / usr/local/var/postgres -l /usr/local/var/ postgres/server.log start
initdb: invalid option — w
Try “initdb –help” for more information.
Hi, did anyone every get this all working ??:)
Hi, eForensics Team here – this is quite an old piece, it first appeared in BSD Magazine (our sister publication) a few years back. Some issues might be just because progress happened and things don’t work the same way they did anymore (and that might give you an idea on where to look for solutions). We are looking into updating this material, though, and hopefully as soon as we do you’ll hear about it.