Mac as a tool for security analysis

Mac as a tool for security analysis

If you're like me, you prefer to work in MacOS or just on a Mac in general. I find the OS fluent, satisfying and productive. It's also Unix based so should be a perfect fit for securtiy related work. However most security experts seem to result to Windows machines. The latest updates to WSL 2.0 does make Windows a good candidate as you can run any OS in a low-key VM that's abstracted away for you.

I've used Windows as a daily-driver running Kali in WSL but I found myself longing back to Mac. Most security tools run completely fine on Mac, and for the few that don't, Parallels is a fantastic virtualization software (although it does cost money).

I've made a little guide on how to set up a Mac for security work, with penetration testing in mind. There are good resources on how to install a variety of tools for Mac, I just want to gather them all into one post.

Installing tools

We will look into installing the following tools

  • nmap
  • dirb
  • gobuster
  • netcat
  • msfconsole
  • exploitdb
  • john the ripper

Nmap

Nmap is free and open source tool for network discovery. It is used for reconnaissance by sending packets and analysing the response

brew install nmap

Dirb

dirb is a web-content scanner that looks for web objects by launching a dictionary based attack against a web server and analysing the response

cd ~/Applications
wget https://downloads.sourceforge.net/project/dirb/dirb/2.22/dirb222.tar.gz
tar -xvf dirb222.tar.gz
rm dirb222.tar.gz
brew install autoconf
chmod -R 755 dirb222
cd dirb222
./configure
make
make install

# Source: https://gist.githubusercontent.com/gmolveau/c6c1398b3351a99509c75d2d7bcaacc7/raw/0b27a9fc8f19157503846f8b7aa95afc3c89dfc3/install_dirb.sh

Gobuster

Gobuster is a tool to brute-force files and directories on a web server. It uses a dictionary based attack. It's similar to dirb, but there are a couple of differences. Use whichever fits your needs or the one you prefer.

brew install gobuster

Netcat

Netcat is a networking tool for reading and writing to network connections using TCP/UDP.

brew install netcat

Metasploit

Metasploit is a penetration testing tool to explore and execute known vulnerabilities.

brew install metasploit

Exploitdb

Exploitdb is a repository for exploits and POCs and can be searched using the searchsploit command

brew install exploitdb

John the ripper

john the ripper is a open source password security and recovery tool. It can be used for e.g. password cracking.

brew install john

Useful scripts/wordlists

  • linpeas
  • seclists

Linpeas

Linpeas is a script that searches for possible privilege escalation paths on Unix based systems. The script can be downloaded on a target and ran to discover possible paths.

carlospolop/privilege-escalation-awesome-scripts-suite
Privilege Escalation Awesome Scripts SUITE (with colors) - carlospolop/privilege-escalation-awesome-scripts-suite

Seclists

Seclists is a repository of wordlists by danielmiessler. It contains a wide varity of wordlists that come in handy in penetration testing adventures. There are wordlists for fuzzing, passwords, usernames and discovery to name a few.  

danielmiessler/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, ...

Parallels

Even though MacOS is unix based and support most of the tools required for your everyday security work, some tools and software are just not avaliable. I have encountered a handful of tools that either work differently, or not at all on my Mac. For these situations I run Kali in a Parallels VM which works fantastic. Parallels gives your VM access to files on your Mac so that you can easily access necessary files. Parallels does require a license, but a free trial is avaliable. Other alternatives like Virtualbox are also avaliable.

Home
Parallels Inc., a global leader in cross-platform solutions, makes it simple for customers to use and access the applications and files they need on any device or operating system. We help businesses and individuals securely and productively use their favorite devices and preferred technology, wheth…

Others

I do have other tools that I use for both security, development and productivity purposes. I will update this list as I discover more.

Alfred is a productivity app that replaces spotlight in my case. With the pro license you can create/download workflows. One workflow I use frequently in my security work is tldr-pages. This lets me quickly look up documentation for a variety of command line tools.

konoui/alfred-tldr
tldr with alfred workflow written in Go. Contribute to konoui/alfred-tldr development by creating an account on GitHub.

ITerm2 is a replacement for the terminal app and provides loads of configuration options. I have designed and configured my terminal to fit my needs. I also use tmux in Iterm for increased productivity and organization.