Mac for Hackers: How to Install the Metasploit Framework

How to Install the Metasploit Framework

Metasploit is an extremely popular pentesting tool capable of enumeration, exploitation, and injecting shell code, and is a part of almost every hacking toolkit. So there's no way I could leave this out of our series on getting your Mac set up for hacking.

Luckily for those of us who use Apple machines, the install process is much less time-consuming than it used to be. Just a couple of years ago, I would have had to download all the required pieces and configure them manually. Now, the Metasploit Framework has an install package for macOS (previously called Mac OS X).

Of course, we could use the Metasploit that's in our Kali Linux VM we just installed, but I generally only use Kali when a tool is unavailable for Macs, such as Aircrack-ng. Plus, running tools directly on your main operating system is generally faster and easier than running them in a virtual machine.

Step 1: Download the Metasploit Framework Installer

Our fist step is to download the Metasploit installer package from Rapid7.

There are different editions, such as Pro, Express, Community, and Framework. Express costs $5,000, and Pro about 6 times that, and it's probably safe to say most of us don't have that kind of cash lying around. While the Community edition is free, we want the command-line interface, Metasploit Framework.

To save you some time, here is the download for Mac. Once it has downloaded, open the package and follow the directions in the installer. You will be prompted to enter your password.

Step 2: Configure Metasploit

Now we will need to configure Metasploit. Open a terminal window and change directories to the folder containing msfconsole (the main interface for the Metasploit Framework):

  • cd /opt/metasploit-framework/bin/

Next, run msfconsole with the command:

  • ./msfconsole

The first question asks if you want to add /opt/metasploit-framework/bin to your path. Select yes, so you can execute msf commands from any working directory.

Next, you will be asked if you want to set up a new database. Installing the database will allow us to list credentials, list hosts, and more—which is what we want.

Once the database is set up, msfconsole will drop you into the msfconsole! The install is complete.

Now let's check to see if the database is working:

  • db_status

As we can see, the database is connected and working.

Step 3: Update Metasploit

Before diving into the basics of Metasploit, let's make sure it's up to date first. In a terminal window, execute the command:

  • msfupdate

You will be prompted for your root password. Once given, Metasploit will update.

Now Get Hacking!

Installing Metasploit on macOS has never been easier. With Metasploit installed and running, you should be able to get hacking right away, so make sure to search here on Null Byte for some good guides that use msfconsole. We've got plenty to keep you occupied for a long time.

Installing many other hacking tools on macOS is also a cinch—the inclusion of Ruby and Python with the OS really help with this. But it's not only the languages, having a POSIX-compliant backend means that porting software from Linux to Mac is easier. Apple products seem to have become more popular with developers and IT professionals, and the more IT professionals using them, the more ports we'll see!

Just updated your iPhone to iOS 18? You'll find a ton of hot new features for some of your most-used Apple apps. Dive in and see for yourself:

Cover image (original) by Gennady Kireev/123RF; Screenshots by Barrow/Null Byte

19 Comments

Hey Barrow.

I was trying to follow one of the tutorials, however, when I tried the exploit command, I was greeted with: Exploit failed: Errno::EACCES Permission denied - bind(2) for 192.168.1.121:445

How do I fix this??

OMG thank you so much helped me so mech thank youuuu
respect

No worries.

hi
please how i can install an apps on my kali,??

You will use the Debian package manager apt. Launch a terminal and enter apt-get update && apt-get upgrade, this will update your mirror list and upgrade your distro. You can use apt search to look for packages.

hello!
After updating metasploit, msf no longer is recognized as a command. how do i add msf to my default path (manually)

hi,

After installing the metasploit package and installing it, I followed all the steps up to the new database setup. After selecting yes i got the following prompt in the terminal:

/opt/metasploit-framework/bin/msfconsole: line 118: 911 segmentation fault: 11$BIN/ ruby $framework/$cmd $db_args "$@"
not sure what this means , or what i have done wrong , but the msfconsole did not open. Any help would be appreciated

dyld: lazy symbol binding failed: Symbol not found: clockgettime
Referenced from: /opt/metasploit-framework/embedded/lib/libruby.2.3.0.dylib (which was built for Mac OS X 10.12)
Expected in: /usr/lib/libSystem.B.dylib

dyld: Symbol not found: clockgettime
Referenced from: /opt/metasploit-framework/embedded/lib/libruby.2.3.0.dylib (which was built for Mac OS X 10.12)
Expected in: /usr/lib/libSystem.B.dylib

./msfconsole: line 123: 4061 Trace/BPT trap: 5 $BIN/ruby $FRAMEWORK/$cmd $db_args "$@"

I was trying to do ./msfconsole and i don't know how to fix it

I have the same, and i don't know how to fix it either.

An easier way to install would be with brew:
`brew cask install metasploit`
`msfconsole` (init db)
`msfupdate`
done :)

bro!!!while updating the Metasploit software, what is the password for the root user?

I had the same issue after updating where msf was no longer a valid command from any working directory. Instead of hunting down a solution I just created a simple script that moves to the directory where msf sits and then runs it. I know some people above had the same issue so ya'll can use this:

1) move to main user directory- cd ~
2) create file containing script- nano msf_run
3) insert script to move to msf directory and run it-
#! /bin/bash
cd /opt/metasploit-framework/bin/
./msfconsole
4) save file and exit
5) you can now run msfconsole from your home directory by simply typing- ./run_msf

Hi,
I just wanna make sure i'm doing this write
type the following commands:
$ cd
$ nano msf_run

copy/paste following inside GNU nano 2.0.6, File: msf_run
#! /bin/bash
cd /opt/metasploit-framework/bin/
./msfconsole

now to save and exit i'm not sure what to do. here are the options at the bottom:

^G Get Help ^O WriteOut ^R Read File ^Y Prev Page ^K Cut Text ^C Cur Pos
^X Exit ^J Justify ^W Where Is ^V Next Page ^U UnCut Text^T To Spell

where am i supposed to save this to?

I used ^X Exit, Y yes to save, ^T To File, and selected nano_msf

I keep getting these errors:
./run_msf
zsh: no such file or directory: ./run_msf

sudo ./msf_run
sudo: ./msf_run: command not found

Not sure if i'm executing incorrectly or if there's a specific place to save the file containing script.

please advise. also, it would be much appreciated is someone knows how to simply get the command ./msfconsole to work

  1. Create a text file in the main user directory.

$ cat > run_msf

  1. Copy and past the following code and exit using ^C:

#! /bin/bash
cd /opt/metasploit-framework/bin/
./msfconsole

  1. You can pull up a list to see that your new file has been saved.

$ ls
Applications Documents Movies Public
Calibre Library Downloads Music VirtualBox VMs
Desktop Library Pictures run_msf

  1. Make your file exececutable:

$ chmod +x run_msf

  1. You can pull up a list and see that your file is now red, meaning that it is executable.

$ ls
Applications Documents Movies Public
Calibre Library Downloads Music VirtualBox VMs
Desktop Library Pictures run_msf

  1. From the main user directory run the file:

$ ./run_msf

Now, I read that you can make this an executable action from the main terminal (so that you can simply write $run_msf) by copying your executable file into /usr/bin/. However, theres a system protection that doesn't allow you to edit those files even with the sudo command. Instead, copy your executable into usr/local/bin:

$ cp /Users/God/run_msf /usr/local/bin/

Alternatively, you can start this process from /usr/local/bin/ directory and not have to move or copy it later.

I am getting this when I type "db_status"

Connected to remote_data_service: (https://localhost:5443). Connection type: http. Connection name: local-https-data-service.

what to do?

Where it says

you want to add /opt/metasploit-framework/bin to your path. Select yes,

I accidentally clicked N instead of Y. How can I change that so that use the MSF commands from any directory?

instead of postgresql connected its showing this "Connected to remotedataservice: (https://localhost:5443). Connection type: http. Connection name: local-https-data-service." please help.

Are there any other problems? or is it only that it's saying the connection is different, the guide is 4 years old and some minor thing may have changed.

Hi
I have downloaded matalsploit and created an account
And set password random or so i thought
When i view it back it said password "gggg"
But when i wanted to update the metalsploit
It wanted a password and nothing worked
gggg it didnt work nothing did
I wanted to reset the password but for that i needed a fuckihg pasword for Uninstalling i neeed pasword i need helpppp
Please

Share Your Thoughts

  • Hot
  • Latest