We're almost there to completing the setup of your Mac for hacking! Now that we have Git and Homebrew under our belts, it's time to take on something fairly easy, but very important for our hacking needs.
Ruby is an object-oriented scripting language used to write powerful projects such as Metasploit and WPScan. Although Ruby ships with macOS, there isn't a clean way included in the operating system to update and manage Ruby environments (i.e., gem files and Ruby versions).
Why is that so important? The version of Ruby that ships with macOS is usually out of date, and since we're going to need at least the latest version of Ruby—and will have to manage gems (Ruby libraries)—some form of Ruby version management is required. Plus, in some cases, our hacking tools will require a specific Ruby version to run properly, and that means we'll need more than one functioning Ruby version.
There are two leading options for this: rbenv and RVM (Ruby Version Manager). Rbenv is lightweight and modular, which fits more with the Unix philosophy of do one thing and do it well, but I personally prefer RVM. It's an all-encompassing solution to managing environments that meets almost all needs out of the box. It also doesn't hurt that it's the recommended Ruby version manager for working with the Metasploit Framework.
In this tutorial, we'll be looking at installing RVM on macOS and updating to the latest version of Ruby.
The current RVM version signs and verifies all releases and the rvm-installer script. In most cases, it's all automated and the installer will check if the downloaded files are signed.
First, we will need to install GPG, an open-source encryption tool which allows us to encrypt and sign data communications. You should have Homebrew installed already, if you've been following this series, so simply execute this command:
- brew install gpg
Next, we will execute the RVM installer with the command:
- curl -L https://get.rvm.io | bash -s stable --autolibs=enabled --ruby
This command tells cURL to get the script, and to follow any location changes reported by the host (-L). It is then piped (|)into bash. The options select the stable version of RVM, enable auto-dependency resolution, and, finally, --ruby installs the latest version of Ruby. Once that completes, we will close the terminal window and open a new one.
Now we'll check the default version of Ruby on our machine using RVM:
- rvm list
As you can see, our Ruby install is now up to date and ready to go!
When we need an older Ruby version to run a tool, RVM makes that a piece of cake. First, open up iTerm and then enter the command:
- rvm install 2.2.5
Swap out "2.2.5" with whatever version number you want.
I selected 2.2.5, since it was a binary version of Ruby, meaning no compile time. You can use the following command to get a list of easy-to-pull-down Ruby versions.
- rvm list known
The list isn't definitive, but a little checking around on the RVM site will give a more complete list.
Now that we have multiple versions of Ruby installed, we can view which versions are installed with the command:
- rvm list
In order to switch between them, use the command:
- rvm use 2.2.5
Change "2.2.5" to the version of Ruby to the one you want to use.
If tools update to the latest version of Ruby, you may want to remove the outdated and unused versions on your machine. Simply enter the command:
- rvm remove 2.2.5
Replace "2.2.5" with whatever version of Ruby you are trying to remove.
If you only want to remove Ruby itself, and not everything related to that version of Ruby, use the command:
- rvm uninstall 2.2.5
Substitute "2.2.5" with the version of Ruby you are trying to remove.
RVM is a powerful tool and has many more features geared towards developers. If you have any interest in development with Ruby, I recommend reading through this series. In order to get a firm grasp of what RVM is capable of I recommend using the command "man rvm". With RVM installed on macOS, we can now easily work with GitHub projects that are written in Ruby, and we won't need to worry about multiple versions of Ruby on our machine conflicting.
Stay tuned to future guides in this series on getting a Mac ready for hacking, which will include installing Kali and Metasploit, organizing your tools, and the basics of Vim.
It’s Black Friday week in the Null Byte shop! If you’ve been wanting to improve your skill set in hacker- and cybersecurity-geared topics such as Python, Raspberry Pi, and Linux, now’s the time. We’ve got huge sales on online courses, and we’ve outlined 13 favorites you won’t want to miss. Check them out!