【1】下载Metasploit pkg

metasploitframework-latest.pkg

【2】安装Metasploit

双击安装。
然后启动：
cd /opt/metasploit-framework/bin
./msfconsole
启动后LOG如下:
xr-x 1 root wheel 2.7K 5 13 18:49 msfvenom
➜ bin ./msfconsole

** Welcome to Metasploit Framework Initial Setup **
Please answer a few questions to get started.

Would you like to add msfconsole and other programs to your default PATH? y
You may need to start a new terminal or log in again for this to take effect.

Would you like to use and setup a new database (recommended)?
Please answer yes or no.
Would you like to use and setup a new database (recommended)? yes
/opt/metasploit-framework/embedded/framework/lib/msf/util/helper.rb:11: warning: Insecure world writable dir /usr/local/bin in PATH, mode 040777
Creating database at /Users/apple/.msf4/db
Starting database at /Users/apple/.msf4/db...success
Creating database users
Writing client authentication configuration file /Users/apple/.msf4/db/pg_hba.conf
Stopping database at /Users/apple/.msf4/db
Starting database at /Users/apple/.msf4/db...success
Creating initial database schema
[?] Initial MSF web service account username? [apple]: root
[?] Initial MSF web service account password? (Leave blank for random password):
Generating SSL key and certificate for MSF web service
Attempting to start MSF web service...success
MSF web service started and online
Creating MSF web service user root

############################################################
##              MSF Web Service Credentials               ##
##                                                        ##
##        Please store these credentials securely.        ##
##    You will need them to connect to the webservice.    ##
############################################################

MSF web service username: root
MSF web service password: root
MSF web service user API token: 6dbc780eb0849a1fac9ef39691ea7e4886cadfaceacbcc06e10aa27ad81a6650dbff78ddcff2990f

MSF web service configuration complete
The web service has been configured as your default data service in msfconsole with the name "local-https-data-service"

If needed, manually reconnect to the data service in msfconsole using the command:
db_connect --token 6dbc780eb0849a1fac9ef39691ea7e4886cadfaceacbcc06e10aa27ad81a6650dbff78ddcff2990f --cert /Users/apple/.msf4/msf-ws-cert.pem --skip-verify https://localhost:5443

The username and password are credentials for the API account:
https://localhost:5443/api/v1/auth/account

** Metasploit Framework Initial Setup Complete **

+-------------------------------------------------------+
| METASPLOIT by Rapid7 |
+---------------------------+---------------------------+
| __________________ | |
| ==c(______(o(______(() | |""""""""""""|======[*** |
| )=\ | | EXPLOIT \ |
| // \ | |____________________ |
| // \ | |==[msf >]============\ |
| // \ | |______________________\ |
| // RECON \ | (@)(@)(@)(@)(@)(@)(@)/ |
| // \ | ********************* |
+---------------------------+---------------------------+
| o O o | '///'/ |
| o O | )======( |
| o | .' LOOT '. |
| |^^^^^^^^^^^^^^|l__ | / ||_ \ |
| | PAYLOAD |""_, | / (|| \ |
| |________________||)| | | _||) | |
| |(@)(@)"""|(@)(@)|(@) | " || " |
| = = = = = = = = = = = = | '--------------' |
+---------------------------+---------------------------+

   =[ metasploit v5.0.89-dev-3de0a7f08dba52de14c328d0c8ad4ecbbfc47c98]

• -- --=[ 2017 exploits - 1099 auxiliary - 343 post ]
• -- --=[ 562 payloads - 45 encoders - 10 nops ]
• -- --=[ 7 evasion ]

Metasploit tip: Writing a custom module? After editing your module, why not try the reload command

msf5 >

【3】使用

链接备份：https://localhost:5443/api/v1/auth/account

【3.1】msfdb init

数据库初始化。执行后效果如下：

 msfdb init
[*] exec: msfdb init

Found a database at /Users/apple/.msf4/db, checking to see if it is started
Starting database at /Users/apple/.msf4/db...success
MSF web service is already running as PID 18811

【3.2】db_status

检查数据库状态。执行效果：

db_status
[*] Connected to remote_data_service: (https://localhost:5443). Connection type: http. Connection name: local-https-data-service.

【4】armitage安装

Mac上的渗透测试工具：https://www.ddosi.com/b141/
armitage安装：brew install sidaf/pentest/armitage

【5】靶机收集

链接备份：
https://www.anquanke.com/post/id/168484
https://xz.aliyun.com/t/2635
https://www.freebuf.com/news/170656.html
https://www.secpulse.com/archives/114141.html
http://www.360doc.com/content/18/0818/19/31784658_779288462.shtml
http://www.secwk.com/2019/10/15/10798/
https://www.anquanke.com/post/id/104336
https://www.anquanke.com/post/id/163996
https://blog.csdn.net/nzjdsds/article/details/84572255