- Homebrew’s package index.
- Homebrew’s package index. Name: Zenmap Multi-platform graphical interface for official Nmap Security Scanner.
Java
Download the latest Java JDK 8 from Oracle. This should set all the proper shortcuts for the Java binaries http://www.oracle.com/technetwork/java/javase/downloads/index.html
Installing xcode. Xcode is Apple’s IDE for macOS. We can use Xcode to produce apps for macOS.
Test that Java is properly installed by running
Homebrew Maps
It should return the version of Java you just installed. To check tha the location is /usr/bin/java for the link run:
If both commands runs and the location is correct Java is properly installed on the system.
Install Homebrew
Homebrew Map
We need to make sure that the binaries we install with homebrew are first in the path:
Install Nmap
For Nmap in the case of OSX I recommend the use of Homebrew since they are quite quick and keeping their formulas updated for the tool and work out most of the problems that may arise quite quickly. To install Nmap just run the command bellow:
Homebrew Map Dnd
Install Ruby 2.1
On OS X we have 3 methods for installing ruby 2.1.x these are:
- Homebrew
- RVM (Ruby Version Manager)
- rbenv
Installing Ruby using Homebrew:
Check that yo are running the version of ruby you just installed with:
If installing using RVM be warned that symlinks will not work do to the way it places the binary stubs of the metasploit-framework gem
Installing Ruby using RVM:
Installing Ruby using rbenv:
Once the packages have been install we need to install the required Ruby libraries that metasploit depends on:
Install PostgreSQL
Configure PostgreSQL
Init the Database if this is a first time install:
Configure Postgres to automatically load on login, the instruction bellow are as an example copy and paste the commands that the brew installer showed and follow any other instruction it shows :
PostgreSQL will now start every time a user logs in. Create user called msf for use in Metasploit:
Create database for use with metasploit called msf and make the user msf the owner:
Record the password used for the account created since it will be used when configuring the framework.
Installing Metasploit Framework
Install Nmap Homebrew Mac
For regular use of the framework only needs to clone the Git repository and create the necessary links and set the variable for the database config file
Create Symlink Copy for Regular Use
WARNING: Currently there is a bug in Metasploit Framework with Symlinks and RVM: https://github.com/rapid7/metasploit-framework/issues/4602
From the Metasploit-Framework folder lets use the Bundler Gem to install the properly supportted Gem versions:
Before starting to use the framework we need to create the database config file and set the parameters:
Enter the following text in to the file keeping the spacing and using the values used for creating the user and database:
To load the variable for the database configuration file for the current user:
Execute Metasploit msfconsole for the first time so it initializes the schema for the database for the first time as your current user and not as root:
Metasploit for Development and Contribution
If you wish to develop and contribute to the product you can follow the additional steps here Metasploit Dev Environment . For this you will need a GitHub account and you will fork the project in to your own account. I personally keep my dev copy of Metasploit in ~/Development folder and after an initial run of msfconsole I keep my database.yml file in ~/.msf4/cofig folder and adjust the MSF_DATABASE_CONFIG variable for it or run msfconsole with the -y option and point it to a YAML file with the correct configuration.
Install Armitage
Since armitage is no longer included with Framework we need to execute some additional steps:
Link Scripts
One important thing to take into consideration, for using Armitage and many of the modules provided in Metasploit you need to run them as root. Due to the way variables are handled when using the sudo command to invoke msfconsole or Armitage you need to give it the -E option: