We’ll guide you through the process of using Homebrew package manager to install security tools on macOS to perform reconnaissance, discovery, and fingerprinting of the devices on your network.
For years the message was that Apple devices were impervious to common viruses. Evidenced through the classic “I’m a Mac” ads, Macs were not immune to malware: It’s just that with such a negligible (but growing) market share, threat actors did not really target Apple devices as much as devices running Windows, which posed a much larger target—with greater rewards for their efforts.
SEE: iPhone 12 event: What Apple announced at its 2020 Hi Speed event (free PDF) (TechRepublic)
Fast forward to modern times, and well, malware affects every device, regardless of the operating system, applications, or hardware type. With changes like always-on connections, a never-ending variety of software choices from corporate developers to one-person studios, the reliance on network-connected access for just about every service, and the explosive growth of computing devices in general are all adequate reasons any organization should work diligently to secure its resources.
The first step to any protection policy or plan is to first identify those resources: What they are, where they are, why they exist, who should have access to them, when they should be used, and how they are being accessed. Once you have identified these answers, then hardening can begin.
The tools listed below provide the means necessary to answer the above questions with the Homebrew app, aiding you on your quest to discover the nodes and services on your networks so a plan can be created to determine the security posture of your organization.
SEE: How to install common security tools via Homebrew on a Mac (TechRepublic)
A content scanner that uses built-in wordlists to determine files and directories—including hidden ones—on web servers. It may be paired with wordlist generators, such as CeWL, to generate custom wordlist files for better scanning results.
brew install dirb
A script to aid in the enumeration of many different types of DNS records, including checking for cached records and brute-forcing records, locating zone transfers, and resolving wildcards for a domain, among others.
brew install dnsrecon
A tool used to locate, identify, and brute force directories and files, subdomains, and Amazon S3 buckets on websites and web servers.
brew install gobuster
A network discovery tool that sends ARP packets to a target device or IP range and sniffs the network for responses to identify the nodes on the network.
brew install netdiscover
The purpose of this app is to identify which, if any, web application firewalls are being used to protect a web-based app and to determine if it is working correctly in stopping requests—regular and malicious ones—from compromising the application.
brew install wafw00f
The goal of this app, as the developer states, is to answer the question, “What is that website?” And with more than 1,800 plugins, variable settings to tune performance, and a slew of other features, it can answer that question stealthily and precisely.
brew install whatweb
RidEnum attempts to enumerate user accounts and can also perform brute-force attacks against the accounts found, by way of specifying a password list file using Python libraries.
brew install ridenum
Another Python-based script, PolEnum works by querying Windows devices to obtain the password policy, password, and information from a device, regardless of what the source machine is.
brew install polenum
In keeping with its name, this app performs recon on email servers and retrieves those details, such as MX records and server response codes, and verifies email addresses, outputting information into TXT of JSON files for reuse in other applications.
brew install simplyemail
This open-source tool is used to automate the information-gathering process by leveraging the SNMP protocol, which provides information on computers, appliances, printers—basically, any networked devices with SNMP enabled.
brew install snmpcheck