When it comes to assessing the security of the systems in and on your network, the very same tools threat actors are known to use will be the tools of choice to identify vulnerabilities on those systems. They can help the effort to mitigate issues before someone else has a chance to exploit them, possibly for malicious gain.
SEE: Identity theft protection policy (TechRepublic Premium)
Typically, security admins would use a security suite that includes all the tools needed, such as Parrot or the popular Kali distribution, based on the Linux kernel. While the suite is usually run on computers as a virtual machine, many of the individual tools themselves may be installed independent of the Linux core, to be run natively on macOS systems using the Homebrew package manager for simplified installation and management.
Given the command-line-based nature of the Homebrew management system, each of the applications below can be easily installed, updated, and removed via the terminal–either locally or via remote technologies, such as SSH. And while many of the same penetration testing applications found in the aforementioned security suites are compatible with macOS, not all of them will be. To avoid these compatibility issues, this article will only highlight tools that are found within Homebrew that function fully on macOS.
SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
Nmap
Nmap is a network discovery and port-scanning utility that allows for the identification and fingerprinting of devices across networks, using a large number of syntaxes to aid in detecting services and open ports.
brew install nmap
Nikto
Nikto is a vulnerability scanner used to inspect web server configurations to detect thousands of potential issues, including misconfigurations, out-of-date patches, and version-specific problems that could otherwise allow attackers to gain unauthorized access.
brew install nikto
SQLmap
SQLmap is an open source application that allows for the detection and exploitation of SQL injection vulnerabilities in database servers using structured query language. The tool can also be used to automate attacks, as well.
brew install sqlmap
Zed Attack Proxy (ZAP)
Another open source security scanner, OWASP’s ZAP tool is used to test a web application’s security though a multitude of tools, including a proxy server to capture encrypted and unencrypted traffic, Fuzzer, and much more.
brew install caskroom/cask/brew-caskbrew cask install owasp-zap
Recon-ng
This reconnaissance framework is designed to conduct open source information gathering that leverages community-supported modules that provide additional resources to search, such as social media networks, using powerful (and secure) API tools. The data obtained can then be leveraged in other complementary tools to test vulnerabilities or exploit them.
brew install recon-ng
The Harvester
The Harvester is an information-gathering application that serves to use publicly available information and databases to obtain information, including domains, hostnames, emails, employee directory info–anything that establishes putting together a holistic picture of the target.
brew install theharvester
TestSSL
This scanner works as both an information-gathering tool that assess which security protocols and ciphers are being used on a server, including their configurations and which ports the service(s) are running on.
brew install testssl
Empire
A post-exploitation framework, this tool leverages PowerShell to make connections and create/run scripts on remote machines within memory while evading network detection, making this capable of running modules and cmdlets remotely under the radar.
brew install empire
John the Ripper
This password cracking utility is part of any security tester’s toolkit. It’s designed to detect weak passwords in many different platforms, including Windows, Linux, and macOS among a dozen others – using password lists (dictionary attack) or a fast, variable speed attempts to crack more complex passwords (brute force attack).
brew install john
Bettercap
Often referred to as a Swiss Army Knife for security software, Bettercap offers a framework of security testing that provides myriad tools for testing wireless networks (both Wi-Fi and Bluetooth), network sniffing, proxies, and spoofers for man-in-the-middle attacks.
brew install bettercap