Mac as a tool for security analysis

Mac as a tool for security analysis

If you're like me, you prefer to work in MacOS or just on a Mac in general. I find the OS fluent, satisfying and productive. It's also Unix based so should be a perfect fit for securtiy related work. However most security experts seem to result to Windows machines. The latest updates to WSL 2.0 does make Windows a good candidate as you can run any OS in a low-key VM that's abstracted away for you.

I've used Windows as a daily-driver running Kali in WSL but I found myself longing back to Mac. Most security tools run completely fine on Mac, and for the few that don't, Parallels is a fantastic virtualization software (although it does cost money).

I've made a little guide on how to set up a Mac for security work, with penetration testing in mind. There are good resources on how to install a variety of tools for Mac, I just want to gather them all into one post.

Installing tools

We will look into installing the following tools

  • nmap
  • dirb
  • gobuster
  • netcat
  • msfconsole
  • exploitdb
  • john the ripper


Nmap is free and open source tool for network discovery. It is used for reconnaissance by sending packets and analysing the response

brew install nmap


dirb is a web-content scanner that looks for web objects by launching a dictionary based attack against a web server and analysing the response

cd ~/Applications
tar -xvf dirb222.tar.gz
rm dirb222.tar.gz
brew install autoconf
chmod -R 755 dirb222
cd dirb222
make install

# Source:


Gobuster is a tool to brute-force files and directories on a web server. It uses a dictionary based attack. It's similar to dirb, but there are a couple of differences. Use whichever fits your needs or the one you prefer.

brew install gobuster


Netcat is a networking tool for reading and writing to network connections using TCP/UDP.

brew install netcat


Metasploit is a penetration testing tool to explore and execute known vulnerabilities.

brew install metasploit


Exploitdb is a repository for exploits and POCs and can be searched using the searchsploit command

brew install exploitdb

John the ripper

john the ripper is a open source password security and recovery tool. It can be used for e.g. password cracking.

brew install john

Useful scripts/wordlists

  • linpeas
  • seclists


Linpeas is a script that searches for possible privilege escalation paths on Unix based systems. The script can be downloaded on a target and ran to discover possible paths.

Privilege Escalation Awesome Scripts SUITE (with colors) - carlospolop/privilege-escalation-awesome-scripts-suite


Seclists is a repository of wordlists by danielmiessler. It contains a wide varity of wordlists that come in handy in penetration testing adventures. There are wordlists for fuzzing, passwords, usernames and discovery to name a few.  

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, ...


Even though MacOS is unix based and support most of the tools required for your everyday security work, some tools and software are just not avaliable. I have encountered a handful of tools that either work differently, or not at all on my Mac. For these situations I run Kali in a Parallels VM which works fantastic. Parallels gives your VM access to files on your Mac so that you can easily access necessary files. Parallels does require a license, but a free trial is avaliable. Other alternatives like Virtualbox are also avaliable.

Parallels Inc., a global leader in cross-platform solutions, makes it simple for customers to use and access the applications and files they need on any device or operating system. We help businesses and individuals securely and productively use their favorite devices and preferred technology, wheth…


I do have other tools that I use for both security, development and productivity purposes. I will update this list as I discover more.

Alfred is a productivity app that replaces spotlight in my case. With the pro license you can create/download workflows. One workflow I use frequently in my security work is tldr-pages. This lets me quickly look up documentation for a variety of command line tools.

tldr with alfred workflow written in Go. Contribute to konoui/alfred-tldr development by creating an account on GitHub.

ITerm2 is a replacement for the terminal app and provides loads of configuration options. I have designed and configured my terminal to fit my needs. I also use tmux in Iterm for increased productivity and organization.