Installation
Recommended: Git Clone
Cloning the repo lets you audit the source before running, and verifies integrity via SHA-256 checksums.
git clone https://github.com/darkbrew/darkbrew.git
cd darkbrew
bash install.shAlternative: One-liner
curl -fsSL https://darkbrew.sh/install.sh | bash
Security note: We recommend
git clone over piping curl to bash. This lets you inspect install.sh before running it and verifies the SHA-256 checksum of darkbrew.sh.
System Requirements
| Requirement | Minimum | Recommended |
|---|---|---|
| macOS | 12 Monterey | 14 Sonoma+ |
| Bash | 3.2 (system) | 3.2+ |
| Homebrew | Required | Latest |
| Python | 3.9 | 3.11+ |
| Disk | 2 GB | 10 GB (all tools) |
| Docker | Optional | For labs feature |
Quick Start
# Install DarkBrew globally
darkbrew setup
# Install ~30 essential tools
darkbrew install --quick
# Or install specific tools
darkbrew install nmap hydra ffuf nuclei
# Or install by category
darkbrew install --category recon,web
# Or install everything
darkbrew install --allPackage Management
| Command | Description |
|---|---|
darkbrew install <tool> | Install a specific tool |
darkbrew install --all | Install all formulae |
darkbrew install --quick | Install ~30 essentials |
darkbrew install --category recon,web | Install by category |
darkbrew install --cask burpsuite | Install GUI application |
darkbrew install --offline | Install from cache only |
darkbrew install --skip-deps | Skip dependency resolution |
darkbrew uninstall <tool> | Remove a tool |
darkbrew update | Update all installed tools |
darkbrew pin <tool> | Prevent tool from updating |
darkbrew unpin <tool> | Allow pinned tool to update |
darkbrew rollback <tool> | Revert to previous version |
Discovery
| Command | Description |
|---|---|
darkbrew list | List all available formulae |
darkbrew list --casks | List GUI applications only |
darkbrew search <query> | Search by name or description |
darkbrew info <tool> | Show tool details |
darkbrew status | Dashboard: installed vs available |
darkbrew outdated | List tools with newer versions |
darkbrew deps <tool> | Show dependency tree |
darkbrew history <tool> | Show version history |
System & Maintenance
| Command | Description |
|---|---|
darkbrew doctor | Full system diagnostics (15+ checks) |
darkbrew cleanup | Remove caches and old downloads |
darkbrew configure | Set up macOS for pentesting |
darkbrew setup | Install as global command |
darkbrew analytics | View installation statistics |
Workflows
| Command | Description |
|---|---|
darkbrew profile <name> | Install curated tool profile |
darkbrew engage <target> | Full engagement scaffolding |
darkbrew pipeline <name> <target> | Run automated tool chain |
darkbrew report <dir> | Generate pentest report |
darkbrew report <dir> --obsidian | Export as Obsidian vault |
darkbrew cheatsheet <tool> | Quick-reference guide |
darkbrew scope check <target> | Validate against scope rules |
darkbrew proxy start <type> | Set up proxy chain |
Infrastructure
| Command | Description |
|---|---|
darkbrew lab start <name> | Launch vulnerable practice target |
darkbrew lab stop <name> | Stop a running lab |
darkbrew arsenal add <name> | Download wordlists/payloads |
darkbrew monitor <target> | Start background recon daemon |
darkbrew cloud init <repo> | Set up encrypted sync |
darkbrew cloud push | Sync to remote |
Security & Integrity
| Command | Description |
|---|---|
darkbrew verify | Verify all installed tools against package managers |
darkbrew verify --self | Check DarkBrew script SHA-256 checksum |
darkbrew verify <tool> | Verify a specific tool |
DarkBrew performs integrity checking by querying the underlying package managers (Homebrew, pip, Go modules) to confirm that installed binaries match their expected state. The --self flag checks the SHA-256 hash of darkbrew.sh against the saved checksum from installation.
Tip: Run
darkbrew verify --self after updates to ensure the script hasn't been tampered with.
Profiles
Profiles are curated sets of tools for specific use cases. Install an entire loadout with one command.
| Profile | Tools | Use Case |
|---|---|---|
bugbounty | ~18 | Bug bounty hunting |
redteam | ~20 | Red team operations |
ctf | ~15 | CTF competitions |
osint | ~12 | Open source intelligence |
web | ~16 | Web application testing |
wireless | ~8 | Wireless network testing |
forensics | ~10 | Digital forensics |
network | ~14 | Network pentesting |
darkbrew profile bugbounty # Install all bug bounty tools
darkbrew profile list # Show all available profilesPipelines
Pipelines are automated tool chains that run sequentially against a target. Each step's output feeds the next.
| Pipeline | Steps | Description |
|---|---|---|
recon | subfinder → httpx → gowitness → nuclei | Full reconnaissance |
webscan | ffuf → nikto → nuclei → sqlmap | Web vulnerability scan |
network | nmap → nmap-scripts → searchsploit | Network enumeration |
osint | theHarvester → sherlock → spiderfoot | OSINT gathering |
full | All stages combined | Complete assessment |
darkbrew pipeline recon target.com
darkbrew pipeline webscan https://target.com
darkbrew pipeline listPractice Labs
Labs are Docker-based vulnerable applications for practice. Requires Docker Desktop.
| Lab | Port | Description |
|---|---|---|
dvwa | 8080 | Damn Vulnerable Web Application |
juiceshop | 3000 | OWASP Juice Shop |
webgoat | 8081 | OWASP WebGoat |
hackthebox | — | HTB Pwnbox connector |
metasploitable | Various | Metasploitable 2 |
vulnhub | Various | VulnHub machine launcher |
darkbrew lab start dvwa # Launch DVWA
darkbrew lab stop dvwa # Stop it
darkbrew lab list # Show all labsEngagements
The engage command creates a full pentest engagement workspace with structured directories, scope templates, scan scripts, and optional tmux layout. Each engagement includes an audit trail that logs all DarkBrew actions.
darkbrew engage client-pentestThis creates:
~/pentests/2026-01-15_client-pentest/
├── SCOPE.md # Scope definition template
├── audit.log # Automatic action audit trail
├── notes/README.md # Engagement notes
├── scans/{nmap,web,vuln}/ # Organized scan output
├── loot/{creds,files,screenshots}/
├── exploits/
└── reports/Reports & Obsidian Export
Generate structured pentest reports from engagement data. Parses nmap, nuclei, and sqlmap outputs automatically.
# Markdown report (default)
darkbrew report ~/pentests/engagement
# HTML report
darkbrew report ~/pentests/engagement --html
# Export as Obsidian vault
darkbrew report ~/pentests/engagement --obsidianThe --obsidian flag creates a vault structure with interlinked notes, scan pages, findings templates, and evidence galleries — ready to open in Obsidian.
Offline Mode
Use --offline to install tools from your local Homebrew cache without network access. Useful for air-gapped environments or when working on unstable connections.
# Pre-download tools (while online)
darkbrew install --all
# Later, reinstall from cache (offline)
darkbrew install --offline nmap
Note: Offline mode only works for tools already cached by Homebrew. Pip, Go, and git-based tools require network access.
Tool Categories
| Category | Examples |
|---|---|
recon | nmap, masscan, subfinder, amass, httpx |
web | burpsuite, ffuf, sqlmap, nikto, nuclei |
exploit | metasploit, hydra, john, hashcat |
network | wireshark, bettercap, tcpdump, scapy |
wireless | aircrack-ng, bettercap, kismet |
forensics | binwalk, radare2, ghidra, volatility |
crypto | openssl, testssl, trufflehog, gitleaks |
osint | sherlock, spiderfoot, shodan-cli |
defense | yara, clamav, fail2ban, suricata |
mobile | frida, objection, apktool |
util | jq, bat, ripgrep, tmux, fzf |
Directory Structure
~/.darkbrew/
├── bin/ # DarkBrew binary + symlinks
├── Cellar/ # Installed formula metadata
├── opt/ # Git-cloned tools
├── etc/ # Configuration files
├── share/
│ ├── wordlists/ # Arsenal downloads
│ └── zsh/site-functions/ # Shell completions
└── var/
├── db/
│ ├── manifest.json # Installed tools registry
│ ├── pinned.json # Pinned versions
│ ├── history.json # Version history
│ └── darkbrew.sha256 # Self-verification hash
└── log/
└── darkbrew.log # Operation logEnvironment Variables
| Variable | Default | Description |
|---|---|---|
DARKBREW_PREFIX | ~/.darkbrew | Installation root |
DARKBREW_PARALLEL | 4 | Max parallel install jobs |
DARKBREW_SKIP_DEPS | unset | Set to 1 to skip dependency resolution |
DARKBREW_OFFLINE | unset | Set to 1 for offline cache-only installs |
DARKBREW_ACTIVE_ENGAGE | unset | Active engagement directory for audit trail |
Troubleshooting
darkbrew: command not found
# Re-run setup
bash darkbrew.sh setup
# Or add to PATH manually
export PATH="$HOME/.darkbrew/bin:$PATH"Homebrew not found
# Install Homebrew
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
# On Apple Silicon, add to PATH
eval "$(/opt/homebrew/bin/brew shellenv)"Permission denied
DarkBrew never requires sudo. If you see permission errors, the directory structure may have been created with wrong permissions:
chmod -R u+rwX ~/.darkbrewFull system check
darkbrew doctorThis runs 15+ diagnostic checks including SIP status, firewall, architecture, disk space, all dependencies, directory integrity, and PATH configuration.