
Aug 7, 2010
Metasploit 3.4 and SET 0.6.1 on iPhone 4
Installing metasploit and social engineering toolkit SET on iPhone 4
Metasploit 3.4.2 on the iPhone 4
Just a quick update on getting your favorite tools on iOS 4 – Metasploit and SET. You need to have a Jailbroken iPhone with SSH access for this. You will also need to install nano and APT 0.7 Strict via Cydia. Getting everything up and running is a breeze now. Open a console and type in:
[cc lang=”bash”]
cd /private/var/
apt-get install subversion nano ruby rubygems wget python
apt-get clean
wget http://www.metasploit.com/releases/framework-3.4.1.tar.bz2
tar jxpf framework-3.4.1.tar.bz2
cd msf3
svn update
[/cc]
Remember that everything takes a bit more time on the iPhone, be patient while running msfconsole for the first time. Once that’s done, its a quick path to a shell:
Social Engineering Toolkit (SET) 0.6.1
Also a breeze to install:
[cc lang=”bash”]
cd /private/var/
svn co http://svn.thepentest.com/social_engineering_toolkit/ SET/
cd SET/
./set # (Agree to install the pexpect and beautiful soup python modules).
[/cc]
Edit your set config file found at config/set_config and change the msf path to /private/var/msf3 (or relevant path). We ran the Website Cloner with a Malicious Java Applet :
And were immediately greeted by a meterpreter shell:
UPDATE: A few days after this post was made, the Cydia repos got an updated ruby 1.9 package, which breaks metasploit completely.
[cc lang=”bash”]
muts:/private/var/msf3 root# ./msfconsole
ruby(528,0x3e7c27c8) malloc: *** error for object 0x316eff0: pointer being freed was not allocated
*** set a breakpoint in malloc_error_break to debug
Abort trap
[/cc]
To resolve this, uninstall ruby 1.9, and rubygems, and install the older packages (ruby_1.8.6-p111-5_iphoneos-arm.deb and rubygems_1.2.0-3_iphoneos-arm.deb) manually with dpkg.
Stay in the know: Become an OffSec Insider
Get the latest updates about resources, events & promotions from OffSec!
Latest from OffSec

Research & Tutorials
CVE-2025-29306 – Unauthenticated Remote Code Execution in FoxCMS v1.2.5 via Unserialize Injection
Discover details about CVE-2025-29306, a critical RCE vulnerability in FoxCMS 1.2.5. Learn how unsafe use of PHP’s unserialize() function enables remote attackers to execute arbitrary system commands.
Jul 3, 2025
2 min read

Research & Tutorials
CVE-2024-39914 – Unauthenticated Command Injection in FOG Project’s export.php
Discover details about CVE-2024-39914, a critical unauthenticated command injection vulnerability in FOG Project ≤ 1.5.10.34. Learn how attackers can exploit export.php to execute system commands or deploy persistent webshells.
Jun 26, 2025
2 min read

OffSec News
What It Really Means to “Try Harder”
Discover how OffSec’s “Try Harder” mantra evolved into a mindset, and how it helps learners build grit, creativity, and real-world problem-solving skills.
Jun 23, 2025
7 min read