Nikto Tool For Mac
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. Nikto is not designed as a stealthy tool. It will test a web server in the quickest time possible, and is obvious in log files or to an IPS/IDS.
- Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers.
- Nikto is commonly used for penetration testing, security assessment, or web application analysis. Target users for this tool are developers, pentesters, and security professionals. Target users for this tool are developers, pentesters, and security professionals.
I mean a package of tools like those in the Kali Linux distribution.
eccstartup
eccstartup4 Answers
The closest thing I know of is HackPorts.
HackPorts was developed as a penetration testing framework with accompanying tools and exploits that run natively on Mac platforms. HackPorts is a ‘super-project’ that leverages existing code porting efforts, security professionals can now use hundreds of penetration tools on Mac systems without the need for Virtual Machines.
Itool For Mac
n1000n1000Run Kali in a VM and get a supported USB 802.11 dongle and a USB ethernet adapter and forward both to the Kali VM.
While stuff like aircrack-ng and Kismet might work on OS X, having a proper full Linux system makes pentesting a lot easier.
Try it with stuff like VirtualBox!
While I am generally less-than satisfied with security testing on OS X, many Kali-inherited utilities run fine under OS X via HomeBrew, e.g., afl-fuzz, aircrack-ng, amap, argus, arp-scan, arping, binutils, binwalk, bro, capstone, cowpatty, crunch, ettercap, hachoir, hping, ideviceinstaller, ike-scan, ipv6toolkit, john, lft, libdnet, libimobiledevice, libnet, masscan, net-snmp, netcat, nikto, nmap, openssl, ophcrack, p0f, postgresql, pwnat, pwntools, radare2, reaver, ruby, sipsak, skipfish, sleuthkit, snort, socat, sqlmap, ssdeep, ssldump, stunnel, theharvester, usbmuxd, volatility, wireshark, zmap -- and many others. Monitoring tool for case managers.
Primary reason I mentioned postgresql and ruby above is because these can be time savers when installing metasploit-framework.
There are many missing utilities when compared to huge Debian repos such as Kali Linux or even larger community-driven repos like ArchAssault. However, some pen testers (and pen-test tool developers!) are using OS X as their primary platform, as seen in GitHub and other project repos such as Arachni, blacksheepwall, cookiescan, et al. Other key tools such as dirb, sslyze, and similar can be easily compiled under OS X. Ones that rely on interpreters such as Go, Lua, Python, and Ruby are often much easier than metasploit-framework to get working under OS X. Install Python modules through brew-pip for added benefits and tie-ins to HomeBrew and install Ruby modules via gem after installing it via HomeBrew and making /usr/local/bin a preferred path over /usr/bin.
In addition to what has been said so far, VMWare ESXi in VMWare Fusion Pro on OS X using a high-end, maxed-out-DRAM MacBook Pro makes a good virtualized environment for security testing and learning -- http://www.slideshare.net/c0ncealed/step-on-in-the-waters-fine-an-introduction-to-security-testing-within-a-virtualized-environment-39596149
7-Zip for Mac System Tools › File Compression 7-Zip is a very popular archive manager that supports most of the popular compression formats. 7-Zip for Mac has not been developed by Igor Pavlov, yet. P7zip is the command line version of 7-Zip for Linux / Unix, made by an independent developer. Some unofficial p7zip packages for Linux and other systems: p7zip for Debian (and Ubuntu). 7 zip for mac os.
In this way, I believe that OS X makes a good virtualization host for security testing, but one may want to rethink using it as a platform to target production-level attacks from. There are many reasons for this, but the primary being that critical security patches for client-aware tools are not quite as up-to date when compared to Arch Linux, Ubuntu, RedHat/CentOS, or even Debian. A secondary factor is that it has been historically easy to escalate privileges to root, with no way to add SELinux, GRSecurity, or DISA STIG hardening practices to OS X in the way one can with standardized Linux operating systems, such as RHEL or Debian. Some people do consider running OpenBSD or Ubuntu on Apple bare metal for these reasons and others. It is possible to run OS X under VMWare Workstation for Linux, but this is likely not an Apple-approved scenario.
There is also the Docker way, seen here -- https://www.youtube.com/watch?v=gC_vm1wc-AY -- which I am definitely going to test out
Open http://sectools.org/ and find the tools you want. Some of the tools are available for Mac. Good luck..