Is there a security tools package for Mac OS X?
Solution 1:
The closest thing I know of is HackPorts.
HackPorts was developed as a penetration testing framework with accompanying tools and exploits that run natively on Mac platforms. HackPorts is a ‘super-project’ that leverages existing code porting efforts, security professionals can now use hundreds of penetration tools on Mac systems without the need for Virtual Machines.
Solution 2:
Run Kali in a VM and get a supported USB 802.11 dongle and a USB ethernet adapter and forward both to the Kali VM.
While stuff like aircrack-ng and Kismet might work on OS X, having a proper full Linux system makes pentesting a lot easier.
Try it with stuff like VirtualBox!
Solution 3:
While I am generally less-than satisfied with security testing on OS X, many Kali-inherited utilities run fine under OS X via HomeBrew, e.g., afl-fuzz, aircrack-ng, amap, argus, arp-scan, arping, binutils, binwalk, bro, capstone, cowpatty, crunch, ettercap, hachoir, hping, ideviceinstaller, ike-scan, ipv6toolkit, john, lft, libdnet, libimobiledevice, libnet, masscan, net-snmp, netcat, nikto, nmap, openssl, ophcrack, p0f, postgresql, pwnat, pwntools, radare2, reaver, ruby, sipsak, skipfish, sleuthkit, snort, socat, sqlmap, ssdeep, ssldump, stunnel, theharvester, usbmuxd, volatility, wireshark, zmap -- and many others.
Primary reason I mentioned postgresql and ruby above is because these can be time savers when installing metasploit-framework.
There are many missing utilities when compared to huge Debian repos such as Kali Linux or even larger community-driven repos like ArchAssault. However, some pen testers (and pen-test tool developers!) are using OS X as their primary platform, as seen in GitHub and other project repos such as Arachni, blacksheepwall, cookiescan, et al. Other key tools such as dirb, sslyze, and similar can be easily compiled under OS X. Ones that rely on interpreters such as Go, Lua, Python, and Ruby are often much easier than metasploit-framework to get working under OS X. Install Python modules through brew-pip for added benefits and tie-ins to HomeBrew and install Ruby modules via gem after installing it via HomeBrew and making /usr/local/bin a preferred path over /usr/bin.
In addition to what has been said so far, VMWare ESXi in VMWare Fusion Pro on OS X using a high-end, maxed-out-DRAM MacBook Pro makes a good virtualized environment for security testing and learning -- http://www.slideshare.net/c0ncealed/step-on-in-the-waters-fine-an-introduction-to-security-testing-within-a-virtualized-environment-39596149
In this way, I believe that OS X makes a good virtualization host for security testing, but one may want to rethink using it as a platform to target production-level attacks from. There are many reasons for this, but the primary being that critical security patches for client-aware tools are not quite as up-to date when compared to Arch Linux, Ubuntu, RedHat/CentOS, or even Debian. A secondary factor is that it has been historically easy to escalate privileges to root, with no way to add SELinux, GRSecurity, or DISA STIG hardening practices to OS X in the way one can with standardized Linux operating systems, such as RHEL or Debian. Some people do consider running OpenBSD or Ubuntu on Apple bare metal for these reasons and others. It is possible to run OS X under VMWare Workstation for Linux, but this is likely not an Apple-approved scenario.
There is also the Docker way, seen here -- https://www.youtube.com/watch?v=gC_vm1wc-AY -- which I am definitely going to test out