Friday, June 21, 2013

Mac OSX and penetration Testing



I' am a MacBook/MacOSx user and i love pentesting ...problem is Mac doesnt have a Pentest enviroment unless i do a VM with my FreeBSD with tools.... aside from that i love custom tools so i also have custom tools either by my hand or from others....




Setting up a Pen-Testing environment on your Mac

Download and install Xcode
Open Xcode > Preferences > Download > Install Command line tools

Open Terminal:
> java
Install it.

Install Homebrew (fuck macports)
> ruby -e "$(curl -fsSkL raw.github.com/mxcl/homebrew/go)"

Run BrewDoctor (may need to fix your .bash_profile $PATH
> brew doctor

Install nmap and nping
> brew install nmap
> brew install ruby
> brew install postgresql (if you prefer mysql: brew install mysql)

Startup PGSQL
> initdb /usr/local/var/postgres
> createuser msf -P -h localhost
> createdb -O msf msf -h localhost

Install Metasploit gems
> gem install pg sqlite3 msgpack hpricot

Setup VNC Viewer for MSF
> echo '#!/usr/bin/env bash' >> /usr/local/bin/vncviewer
> echo open vnc://\$1 >> /usr/local/bin/vncviewer
> chmod +x /usr/local/bin/vncviewer

Install Metasploit (from repository)
Select the directory to install metasploit (ex: ~/tools)
> git clone git://github.com/rapid7/metasploit-framework.git

Additional Tools:
brew install dsniff (Password Sniffer)
brew install ettercap (MitM made easy)
brew install aircrack (Wifi Suite)
brew install john (John the Ripper)
brew install hydra (Brute Force Cracker)
brew install ophcrack (Rainbow Table Cracker)
brew install skipfish (WebApp Scanner)

"tcpdump" and "netcat" are pre-installed with OSX (don't over look them )

Download and install BurpSuite free
http://www.portswigger.net/burp/download.html

No comments:

Post a Comment

Dynamic Binary Instrumentation (pt2)

Quick how to: After install of Frida on your machine, you will need to install your server agent on your (use case is phone) iphone/andro...