If you have never heard of the Metasploit Framework or Armitage then this guide is especially for you! Metasploit is a UNIX-based program/framework/lifestyle that should be a primary tool in every aspiring "hacker" toolbox.
Metasploit can be described as a tool for developing and executing exploit code against a remote target machine. Armitage is a GUI to be used along with the Metasploit Framework. These are probably the absolute most generic descriptions and honestly do nowhere near the amount of justice these programs deserve, but you get the picture.
Typically the only way to gain access to Metasploit and Armitage is if you were to either install and configure them individually on Ubuntu/Debian (or other Linux Distro), or by running Kali Linux. Kali Linux comes with Metasploit and Armitage installed out-of-the-box and Ubuntu/Debian you can find how to install them from our good ol' Professor Google ;) This guide is for those of you whom wish to gain access to the endless potential these programs have to offer, but are either unable (or simply do not want to) install Linux on OS X.
Before we begin I'd just like to say a few things... Whatever you do with the tools provided is your own business, so it should go without saying that any repercussions of your actions you take using the information found here is ALSO your own to deal with. I can not, will not, and shall not, under any circumstances, be held accountable for any trouble you may get yourself into because of any irresponsibility. You have been warned.
INSTALLING METASPLOIT FRAMEWORK
This guide is written from the perspective of the latest OS X 10.11.5 El Capitan. If you are not running El Capitan then feel free to follow this guide anyways, but if you run into problems I will not be able to immediately help you because I do not have a copy of OS X 10.10 Yosemite (I wish I did!).
INSTALL XCODE AND THE XCODE COMMAND LINE DEVELOPMENT TOOLS
- Open up the Mac App Store and search for Xcode. The app is about 5-6 Gigabytes in size and takes quite a while to download, so definitely be sure to do this step right away if before reading ahead. The app icon is shown below for reference...
- Now open up the Terminal and type:
A window will pop up. Just click the blue "Install" box in the bottom right to proceed.
INSTALL JAVA AND HOMEBREW
Next you'll need to download and install Java Runtime Environment 8 (JRE) AND Java Develpment Kit 8 (JDK). Open a browser to the following links and make sure you download the OS X variants:
Now open up the terminal again and type the following:
ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
- Type the following commands to install everything from homebrew needed to run Metasploit:
brew tap homebrew/versions
brew tap homebrew/dupes
brew install nmap
brew install homebrew/versions/ruby22
- Configure your environment variables to use our new ruby version by typing:
echo PATH=/usr/local/Cellar/ruby22/2.2.5/bin:/usr/local/bin:/usr/local/sbin:$PATH >> ~/.bash_profile
- Now we install the database for Metasploit by typing:
brew install postgresql --without-ossp-uuid
- IF YOU ALREADY HAVE AN EXISTING POSTGRES INSTALLATION THEN IN ORDER TO PROCEED YOU MUST FOLLOW THESE STEPS! IF YOU DID NOT ALREADY HAVE A POSTGRES INSTALLATION THEN CONTINUE TO STEP 5!
sudo chown -R $(whoami) /usr/local/var/postgres
sudo rm -rf /usr/local/var/postgres
pg_ctl -D /usr/local/var/powtgres/ -l logfile start
initdb -D /usr/local/var/postgres/
- Now in order to make postgreSQL start up in the background at boot time type the following:
mkdir -p ~/Library/LaunchAgents
Now open up the Finder to /usr/local/Cellar/postgresql. Open the folder inside which will either be or look like "9.4.5". Locate the file inside "homebrew.mxcl.postgresql.plist" and copy this file into the folder ~/Library/LaunchAgents you just created. Now start postgreSQL by typing:
launchctl load -w ~/Library/LaunchAgents/homebrew.mxcl.postgresql.plist
Now create the users that you are going to call upon when logging in by typing:
createuser msf -P -h localhost && createdb msf msf -h localhost
- In order for Armitage to run it needs to operate on a specifically configured VNC. OS X has a built in VNC just for situations like this. Modify it to our liking by typing the following:
echo '#!/usr/bin/env bash'>> /usr/local/bin/vncviewer && echo open vnc://\$1 >> /usr/local/bin/vncviewer && chmod +x /usr/local/bin/vncviewer
- The following command will install all the necessary components for Metasploit:
gem install pg sqlite3 msgpack activerecord redcarpet rspec simplecov yard bundler