Today I tried to install the Metasploit framework both on my Mavericks MacBook Pro and my Yosemite MacBook Air, unfortunately all the guides I’ve found seem to be quite outdated and various hacks are needed to make the actual process really work.
So I decided to write an updated guide on my blog, just in case someone else will need it ^_^
First thing first, you will need to install some requirements, if you are a developer/hacker you will probably have them already, but you never know.
Issue the following command on your terminal:
And choose the Install option to install XCode command line tools needed for compilation, etc.
Make sure you have the latest Java SE JDK from Oracle, you can verify it issuing the command:
Otherwise download it from here and install it.
Homebrew is a package manager for OS X, well not really a package manager since it just manages “formulas”, which are basically build scripts for open source projects ( very much like Arch / Slackware Linux build scripts ), you will need it to install other libraries and binaries.
ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
Then update your PATH environment variable with the homebrew binary folder:
echo PATH=/usr/local/bin:/usr/local/sbin:$PATH >> ~/.bash_profile source ~/.bash_profile brew tap homebrew/versions
Once you have homebrew installed, you can start using it ( NOTE: Don’t use it with sudo, it’s not required ):
brew install nmap
This is needed by the nokogiri gem:
brew install libxml2
brew install postgresql --without-ossp-uuid
Initialize the database ( you might already have this file, it’s not a problem ):
Make sure it’s started after user login:
mkdir -p ~/Library/LaunchAgents cp /usr/local/Cellar/postgresql/9.4.0/homebrew.mxcl.postgresql.plist ~/Library/LaunchAgents/ launchctl load -w ~/Library/LaunchAgents/homebrew.mxcl.postgresql.plist
( replace 9.4.0 with the version you have installed )
Create the db for the metasploit framework:
createuser msf -P -h localhost createdb -O msf msf -h localhost
( Take note of the password you used, you will need it later )
Time for metasploit itself:
cd /usr/local/share/ git clone https://github.com/rapid7/metasploit-framework.git cd metasploit-framework for MSF in $(ls msf*); do ln -s /usr/local/share/metasploit-framework/$MSF /usr/local/bin/$MSF;done sudo chmod go+w /etc/profile sudo echo export MSF_DATABASE_CONFIG=/usr/local/share/metasploit-framework/config/database.yml >> /etc/profile
This one is hackish, but that’s the way I’ve found to make it work:
bundle config build.nokogiri "--use-system-libraries --with-xml2-include=/usr/local/opt/libxml2/include/libxml2"
Another hackish one:
sudo env ARCHFLAGS="-arch x86_64" gem install pg
Finally, within the metasploit folder, use bundle to install the remaining gems:
If you will run msf as a normal user, you will have trouble with the robots gem, unless you fix its permissions:
sudo chmod o+r /Library/Ruby/Gems/2.0.0/gems/robots-0.10.1/lib/robots.rb
Paste the following text:
production: adapter: postgresql database: msf username: msf password: PUT_YOUR_POSTGRESQL_PASSWORD_HERE host: 127.0.0.1 port: 5432 pool: 75 timeout: 5
( keep the spacing since yml files are “space sensitive” )
And update your environment:
source /etc/profile source ~/.bash_profile
Well, you’re ready to go now, enjoy metasploit on OSX :)