Even when an illegal or illegal method of Metasploit is used, the process becomes the sole basis. As a rule of thumb, it is legal for hacking with Metasploit since it has been beforehand authorized and is being used with your consent, however, to others using it illegally and by using it illegally, there is crime.
There are many missing utilities when compared to huge Debian repos such as Kali Linux or even larger community-driven repos like ArchAssault. However, some pen testers (and pen-test tool developers!) are using OS X as their primary platform, as seen in GitHub and other project repos such as Arachni, blacksheepwall, cookiescan, et al. Other key tools such as dirb, sslyze, and similar can be easily compiled under OS X. Ones that rely on interpreters such as Go, Lua, Python, and Ruby are often much easier than metasploit-framework to get working under OS X. Install Python modules through brew-pip for added benefits and tie-ins to HomeBrew and install Ruby modules via gem after installing it via HomeBrew and making /usr/local/bin a preferred path over /usr/bin. 2b1af7f3a8