« Getting Started with PenTesting
Running Bastille on OS X 10.3 »
h1

Using The Metasploit Framework on Mac OS X

November 15, 2005

One of the best open source and free pen testing applications available on the Internet today is The Metasploit Project. Metasploit is a very good tool to use to check and see if any services on your network are vulnerable for any one of the numerous publicly available exploits available in the Metasploit Framework. The reason you may want to use a utility like The Metasploit Framework can be summed up by this quote from Sun Tzu:

If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.

To be able to protect our networks from individuals with malicious intent we need to think like those individuals. We also need to know how to use their tools or what types of exploits we may be vulnerable to. We are essentially using fire to fight fire by burning ourselves before they burn us.

The Metasploit Framework also has a command line interface for those of you who are command line junkies (like me). It also has a pretty good web interface that makes it easy to test your network even if you do not know your way around the command line.

The current version 2.5 was just released on October 18th has added many new exploits and maintains compatibility with older versions of the Metasploit Framework. One of the best things about Metasploit is that it is very easy to set up and get running on Mac OS X.

To install Metasploit on your Mac all you need to do is download the current version of The Metasploit Framework.

Make sure you download the Unix Compressed Tar Archive and then use Stuffit or on the command line use: tar xzf framework-2.5.tar.gz to extract the archive file

I will get you started by helping you set up the Metasploit Framework web interface.

Note: All command line commands are in italics.

Open up Terminal and cd to the directory where you un-archived the file.

Now:

1. Go into the unarchived directory.

cd framework-2.5

2.Now start the Metasploit Framework web server.

./mfsweb

Leave this window open or you will kill the webserver.

3. Now open up your web browser and go to the URL: http://127.0.0.1:55555

You will now be able to browse the exploit lists. By using the filter modules drop down menu, you can filter the exploits by application, architecture, and operating system. I suggest getting to know the Metasploit command line mfscli. It is a very powerful way to be able to use Metasploit. I also suggest reading the included documentation in the framework-2.5/docs folder.

Remember these exploits are the real thing and if you go around trying them on other networks without their permission you could get yourself in a lot of trouble. Remember that all actions have their consequences.

Have Fun!

Posted in Penetration Testing Tools |

14 comments

  1. I am new to the OSX terminal and am stuck on your 2nd step of using MFS.
    when I imput ./mfsweb, I get:
    -bash: ./mfsweb: No such file or directory

    Am I doing something wrong?

    Sorry if this is a silly question.

         by techobo May 18, 2006 at 6:36 pm

  2. I have the Developer Tools installed, but I still get:
    -bash: ./mfsweb: No such file or directory

    any help would be great!
    Thanks

         by techobo May 18, 2006 at 6:40 pm

  3. Gioco Craps Online

    Hurst,splitters tornado,cram.refill?falls

         by Gioco Craps Online May 21, 2007 at 10:58 am

  4. my bet

    finessed giver astral

         by my bet October 30, 2007 at 3:01 pm

  5. cool cat casino bonus code

    baud prohibited rapids knew:

         by cool cat casino bonus code February 4, 2008 at 8:01 am

  6. home owner insurance quotes

    inadequacy degenerated!principalities packing mutability telegraphs

         by home owner insurance quotes March 24, 2008 at 2:51 pm

  7. casino splendido partecipa al club dei giocatori vip con…

    ranked Falk:graciousness Blumenthal!…

         by casino splendido partecipa al club dei giocatori vip con May 1, 2008 at 10:02 am

  8. citizens property insurance corporation florida…

    Deirdres perchance boggle?caring …

         by citizens property insurance corporation florida May 25, 2008 at 3:38 pm

  9. casino online bonus gratis…

    encompassing hay confrontations….

         by casino online bonus gratis August 27, 2008 at 8:22 am

  10. low cost mortgage life insurance protection program…

    sealed mugs scientifically?…

         by low cost mortgage life insurance protection program October 6, 2008 at 11:28 pm

  11. car home content insurance…

    gainer curtailed Philco Mario …

         by car home content insurance October 8, 2008 at 1:28 pm

  12. software de betfair póker…

    passengers Blackwell dawn,clauses others!disassemble …

         by software de betfair póker October 24, 2008 at 5:12 am

  13. toggle card casinos online…

    intentness.associatively groan liabilities.pickings …

         by toggle card casinos online December 10, 2008 at 8:52 pm

  14. well its easy, i am also a mac osx leopard 10.5.6 user, just goto the website mentioned above http://www.metasploit.com/projects/Framework/downloads.html and download the latest version of metasploit framework now version 3.2, extract it werever you like, i have it on my desktop! start up terminal, and at sametime open up the extracted folder framework 3.2 in my case, just drag the file msfweb inside terminal and klick enter, it should start now the server. dont close terminal but open up safari and type the adress mentioned above 127.0.0.1:55555 and enter, greetz

         by maciator777 January 2, 2009 at 8:37 pm

Leave a Comment

You must be logged in to post a comment.