How to Install Metasploit on OS X Mavericks and Yosemite, an Updated Guide

2015-01-16

guide, howto, installation, mavericks, metasploit, osx, yosemite

Today I tried to install the Metasploit framework both on my Mavericks MacBook Pro and my Yosemite MacBook Air, unfortunately all the guides I’ve found seem to be quite outdated and various hacks are needed to make the actual process really work.
So I decided to write an updated guide on my blog, just in case someone else will need it ^_^

Requirements

First thing first, you will need to install some requirements, if you are a developer/hacker you will probably have them already, but you never know.

XCode Command Line Tools

Issue the following command on your terminal:

xcode-select --install

And choose the Install option to install XCode command line tools needed for compilation, etc.

Java

Make sure you have the latest Java SE JDK from Oracle, you can verify it issuing the command:

java -version

Otherwise download it from here and install it.

Homebrew

Homebrew is a package manager for OS X, well not really a package manager since it just manages “formulas”, which are basically build scripts for open source projects ( very much like Arch / Slackware Linux build scripts ), you will need it to install other libraries and binaries.

ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

Then update your PATH environment variable with the homebrew binary folder:

echo PATH=/usr/local/bin:/usr/local/sbin:$PATH >> ~/.bash_profile
source ~/.bash_profile
brew tap homebrew/versions

Nmap

Once you have homebrew installed, you can start using it ( NOTE: Don’t use it with sudo, it’s not required ):

brew install nmap

LibXML2

This is needed by the nokogiri gem:

brew install libxml2

PostgreSQL

brew install postgresql --without-ossp-uuid

PostgreSQL Configuration

Initialize the database ( you might already have this file, it’s not a problem ):

initdb /usr/local/var/postgres

Make sure it’s started after user login:

mkdir -p ~/Library/LaunchAgents
cp /usr/local/Cellar/postgresql/9.4.0/homebrew.mxcl.postgresql.plist ~/Library/LaunchAgents/
launchctl load -w ~/Library/LaunchAgents/homebrew.mxcl.postgresql.plist

( replace 9.4.0 with the version you have installed )

Create the db for the metasploit framework:

createuser msf -P -h localhost
createdb -O msf msf -h localhost

( Take note of the password you used, you will need it later )

Clone the Metasploit Repo

Time for metasploit itself:

cd /usr/local/share/
git clone https://github.com/rapid7/metasploit-framework.git
cd metasploit-framework
for MSF in $(ls msf*); do ln -s /usr/local/share/metasploit-framework/$MSF /usr/local/bin/$MSF;done
sudo chmod go+w /etc/profile
sudo echo export MSF_DATABASE_CONFIG=/usr/local/share/metasploit-framework/config/database.yml >> /etc/profile

HACK: Nokogiri Gem

This one is hackish, but that’s the way I’ve found to make it work:

bundle config build.nokogiri "--use-system-libraries --with-xml2-include=/usr/local/opt/libxml2/include/libxml2"

HACK: PG Gem

Another hackish one:

sudo env ARCHFLAGS="-arch x86_64" gem install pg

Other Gems

Finally, within the metasploit folder, use bundle to install the remaining gems:

bundle install

HACK: Fix the ‘robots’ Gem Permissions

If you will run msf as a normal user, you will have trouble with the robots gem, unless you fix its permissions:

sudo chmod o+r /Library/Ruby/Gems/2.0.0/gems/robots-0.10.1/lib/robots.rb

Create the Database Configuration

vim /usr/local/share/metasploit-framework/config/database.yml

Paste the following text:

production:
 adapter: postgresql
 database: msf
 username: msf
 password: PUT_YOUR_POSTGRESQL_PASSWORD_HERE
 host: 127.0.0.1
 port: 5432
 pool: 75
 timeout: 5

( keep the spacing since yml files are “space sensitive” )

And update your environment:

source /etc/profile
source ~/.bash_profile

Done

Well, you’re ready to go now, enjoy metasploit on OSX :)

msfconsole