Introduction
Kali Linux or ParrotOS are probably still the best ways to use Metasploit (in a VM or not) but I really wanted to give it a spin on Mac. It’s not too difficult, but there are a few caveats.
First of all, we’ll have to update this guide after 01-09-2026:
Deprecated because it does not pass the macOS Gatekeeper check! It will be disabled on 2026-09-01.
Also, it requires Rosetta:
==> Caveats
metasploit is built for Intel macOS and so requires Rosetta 2 to be installed.
You can install Rosetta 2 with:
softwareupdate –install-rosetta –agree-to-license
Note that it is very difficult to remove Rosetta 2 once it is installed.
So Metasploit on Mac is a bit of a pain, not at the moment, but in the near future. If you don’t mind, prep your system:
sudo softwareupdate --install --all
xcode-select --install
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
brew --versionAnd install Metasploit with Homebrew for Mac:
brew install metasploitBest to not start it until your database is set up!
Metasploit database setup
On Linux you’ll run msfdb init. Metasploit’s msfdb helper is built primarily for Linux. On a Mac you do the setup manually. See below for the proper steps.
Step 1: Install and start PostgreSQL
Install Ruby and the database:
brew install ruby postgresql
brew services start postgresqlCheck if it’s running:
brew services listStep 2: Create a database and user
createuser and createdb are PostgreSQL command-line tools that ship with the installation. Run them straight from your terminal.
createuser msf -P
createdb -O msf msf_database-Pprompts you to set a password for themsfuser-O msfmakes that user the owner of the database
Step 3: Create the config file
Create ~/.msf4/database.yml. The folder name msf4 is historical and was never renamed; Metasploit 6 still uses it.
mkdir -p ~/.msf4
cat > ~/.msf4/database.yml << 'YAML'
production:
adapter: postgresql
database: msf_database
username: msf
password: <your-password>
host: 127.0.0.1
port: 5432
pool: 5
timeout: 5
managed: false
YAMLReplace <your-password> with what you set during createuser.
managed: false tells Metasploit not to try to manage or start the database server itself; Homebrew already handles that via brew services.
Step 4: Check the connection
Check your hard work:
msfconsole
db_statusExpected output:
[*] Connected to msf_database. Connection type: postgresql.Key database commands
Couple of key command to get you going.
Connection
| Command | What it does |
|---|---|
db_status | Shows whether you’re connected and to which database |
Hosts
| Command | What it does |
|---|---|
hosts | Lists all saved hosts |
hosts -R | Loads found hosts as active targets (RHOSTS) |
db_nmap <options> <target> | Runs nmap and saves results directly to the database |
Services
| Command | What it does |
|---|---|
services | Lists all found services/ports |
services -p 445 | Filters by a specific port |
services -S http | Searches by service name |
Credentials and loot
| Command | What it does |
|---|---|
creds | Shows saved credentials (usernames, hashes, passwords) |
loot | Shows files and data collected during the session |
Workspaces
Keep different rooms or assessments separate by creating a workspace per project.
| Command | What it does |
|---|---|
workspace | Lists all workspaces and shows the active one |
workspace -a <name> | Creates a new workspace |
workspace <name> | Switches to an existing workspace |
workspace -d <name> | Deletes a workspace |
Other
| Command | What it does |
|---|---|
db_rebuild_cache | Reloads the module cache from the database |
Next
The coming days I want to score the SEC0 cert of TryHackMe. Very basic, but THM is great fun. After that, I’ll pick up the THM SEC1 certification as well.
Then back on schedule: Security+ is still the primary goal for the summer.