RubyGems - macos-artifacts - Versions diffs - 0.6.3 → 0.6.4 - Mend

macos-artifacts 0.6.3 → 0.6.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +7 -0
data/README.md +20 -0
data/lib/macos/artifacts/apps.rb +31 -18
data/lib/macos/artifacts/files.rb +20 -7
data/lib/macos/artifacts/help.rb +2 -0
data/lib/macos/artifacts/version.rb +1 -1
data/lib/macos/artifacts.rb +17 -0
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ff8a46c9c151ddb085fd4c578d90e16aa922722d61728b7803934ef04617184f
-  data.tar.gz: 8ef9df8d3ca88f39c04988d856ae3d9d08cc870999d8b3058a055bec482c48bf
+  metadata.gz: f1ddf4c188e1d94cc14f5329bd1abb165a1364e0b270b394b4565e46a3861b75
+  data.tar.gz: 6cc605f5a9c737f23db1f52ed4e3bd09a271931f78e7607e7d8dff1032feaf8d
 SHA512:
-  metadata.gz: '09b71859a27f25c9db18c8ace5fcc00bfbae9023a4be65b632e8b3d3a341c4136a26c5c2eb6b445bf10e7727da52031f836af66c315bd29acce70dc697db9718'
-  data.tar.gz: 56786359ec1eca917904786f9171b481f2d5982252542b699dab1068841a9a9f00ff6a8db8db0f334a805cdc5d1613722e0b13c3f8816e1261616e66faee6e96
+  metadata.gz: 27c015884b1a648d4cd1ef28d81e04824cdc40e3577a4f73cb1c2941214c57b05bedad3afd34cc4cbc05518ab4fee9f35b907c55547594c23bb817614ed58a51
+  data.tar.gz: 9ef5208b23c47e2cb5863efda227792e68279c0c047b1ab20bb0149b0c691b444845e8f440e56f8e9b52632fbbe55d9c87c5d8bb0e668e1281216a0ac43debc1

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,13 @@
 # Change Log
+---
+## version 0.6.4
+- Add:  airdrop activity for the last 7 days shows timestamps. Macos::Artifacts::airDrop
+- Add: applications installed in current users account. Macos::Artifacts::Apps::userInstalledApplications
+- Fixed: IO error with Macos::Artifacts::Apps::applications when plist file didn't exist
+- Fixed: IO error with Macos::Artifacts::Files::systemLaunchAgents when is a symlink or doesn't exist
 ---
 ## version 0.6.3

data/README.md CHANGED Viewed

@@ -16,6 +16,8 @@ Output is simple text making it able to be scraped up by an MDM or EDR solution
 `require 'macos/artifacts'`
 ```ruby
+Macos::Artifacts::Help::options
 Macos::Artifacts::computerName
 Macos::Artifacts::serial
 Macos::Artifacts::version
@@ -35,6 +37,14 @@ Macos::Artifacts::firewallStatus
 Macos::Artifacts::screenlockStatus
 Macos::Artifacts::lockStatus
 Macos::Artifacts::softwareUpdates
+Macos::Artifacts::airDrop
+Macos::Artifacts::Apps::applications
+Macos::Artifacts::Apps::packagesReceipts
+Macos::Artifacts::Apps::installHistory
+Macos::Artifacts::Apps::appInstallLocations
+Macos::Artifacts::Apps::userInstalledApplications
 Macos::Artifacts::Files::systemLaunchAgents
 Macos::Artifacts::Files::systemLaunchDaemons
 Macos::Artifacts::Files::userLaunchAgents
@@ -44,12 +54,22 @@ Macos::Artifacts::Files::userApplicationSupport
 Macos::Artifacts::Files::libraryPreferences
 Macos::Artifacts::Files::userLibraryPreferences
 Macos::Artifacts::Files::cronTabs
 Macos::Artifacts::Files::etcHosts
+Macos::Artifacts::Files::usrLocal
+Macos::Artifacts::Files::usrLocalBin
+Macos::Artifacts::Files::usrLocalSbin
+Macos::Artifacts::Files::usersShared
+Macos::Artifacts::Files::privateTmp
+Macos::Artifacts::Files::scriptInstallLocations
 Macos::Artifacts::State::users
 Macos::Artifacts::State::adminUsers
 Macos::Artifacts::State::systemExtensions
 Macos::Artifacts::State::processCPU
 Macos::Artifacts::State::processMemory
+Macos::Artifacts::State::openNetworkConnections
+Macos::Artifacts::State::networkInterfaces
 ```

data/lib/macos/artifacts/apps.rb CHANGED Viewed

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 require 'json'
 require 'date'
+$currentUser = ENV['USER']
 module Macos
   module Artifacts
@@ -10,35 +12,39 @@ module Macos
         $applicationsDirectory = Dir.entries("#{$applicationsPath}")
         puts "Applications Folder:"
         $applicationsDirectory.sort!.each do  | filename |
-          if ! filename.start_with?(".")
+            if ! filename.start_with?(".")
             if File.extname(filename) == ".app"
-              plist = CFPropertyList::List.new(:file => "#{$applicationsPath}/#{filename}/Contents/Info.plist")
-              data = CFPropertyList.native_types(plist.value)
-              data.each do |k,v|
-                if k == "CFBundleShortVersionString"
-                  puts "  #{$applicationsPath}/#{filename}: #{v}"
+                plistfile = "#{$applicationsPath}/#{filename}/Contents/Info.plist"
+                if File.exist?("#{plistfile}")
+                    plist = CFPropertyList::List.new(:file => "#{$applicationsPath}/#{filename}/Contents/Info.plist")
+                    data = CFPropertyList.native_types(plist.value)
+                    data.each do |k,v|
+                        if k == "CFBundleShortVersionString"
+                            puts "  #{$applicationsPath}/#{filename}: #{v}"
+                        end
+                    end
                 end
-              end
             else
-              if File.directory?("#{$applicationsPath}/#{filename}")
+                if File.directory?("#{$applicationsPath}/#{filename}")
                 puts "  #{$applicationsPath}/#{filename}:"
                 subpath =  Dir.entries("#{$applicationsPath}/#{filename}")
                 subpath.each do |subdirapp|
-                  if ! subdirapp.start_with?(".")
+                    if ! subdirapp.start_with?(".")
                     if File.extname(subdirapp) == ".app"
-                      plist = CFPropertyList::List.new(:file => "#{$applicationsPath}/#{filename}/#{subdirapp}/Contents/Info.plist")
-                      data = CFPropertyList.native_types(plist.value)
-                      data.each do |k,v|
+                        plist = CFPropertyList::List.new(:file => "#{$applicationsPath}/#{filename}/#{subdirapp}/Contents/Info.plist")
+                        data = CFPropertyList.native_types(plist.value)
+                        data.each do |k,v|
                         if k == "CFBundleShortVersionString"
-                          puts "    #{$applicationsPath}/#{filename}/#{subdirapp}: #{v}"
+                            puts "    #{$applicationsPath}/#{filename}/#{subdirapp}: #{v}"
                         end
-                      end
+                        end
+                    end
                     end
-                  end
                 end
-              end
+                end
+            end
             end
-          end
         end
       end
@@ -81,8 +87,15 @@ module Macos
           end
         end
       end
+      def self.userInstalledApplications
+        history = `mdfind -onlyin /Users/"#{$currentUser}" 'kMDItemKind == "Application"'`.split("\n")
+        puts "User Installed Applications:"
+        history.each do |item|
+          puts "  #{item.strip}"
+        end
+      end
     end
   end
 end

data/lib/macos/artifacts/files.rb CHANGED Viewed

@@ -11,14 +11,27 @@ module Macos
         $launchAgentDir = Dir.entries("#{$systemLaunchAgentsPath}")
         puts "System Launchagents:"
         $launchAgentDir.each do  | filename |
-          if filename != "." && filename != ".."
-            puts "  #{$systemLaunchAgentsPath}/#{filename}"
-            plist = CFPropertyList::List.new(:file => "#{$systemLaunchAgentsPath}/#{filename}")
-            data = CFPropertyList.native_types(plist.value)
-            data.each do |k,v|
-              puts "    #{k}: #{v}"
+            if filename != "." && filename != ".."
+                puts "  #{$systemLaunchAgentsPath}/#{filename}"
+                plistPath = "#{$systemLaunchAgentsPath}/#{filename}"
+                if File.exist?("#{plistPath}")
+                    plist = CFPropertyList::List.new(:file => "#{$systemLaunchAgentsPath}/#{filename}")
+                    data = CFPropertyList.native_types(plist.value)
+                    data.each do |k,v|
+                        puts "    #{k}: #{v}"
+                    end
+                end
+                if File.symlink?("#{plistPath}")
+                    filename = File.readlink("#{plistPath}")
+                    if File.exist?("#{filename}")
+                        plist = CFPropertyList::List.new(:file => "#{$systemLaunchAgentsPath}/#{filename}")
+                        data = CFPropertyList.native_types(plist.value)
+                        data.each do |k,v|
+                            puts "    #{k}: #{v}"
+                        end
+                    end
+                end
             end
-          end
         end
       end

data/lib/macos/artifacts/help.rb CHANGED Viewed

@@ -29,6 +29,7 @@ module Macos
         puts "  Macos::Artifacts::screenlockStatus                  checks screenlock status and time"
         puts "  Macos::Artifacts::lockStatus                        returns Activation Lock Status"
         puts "  Macos::Artifacts::softwareUpdates                   returns machines softwareupate settings"
+        puts "  Macos::Artifacts::airDrop                           returns timestamps of successful airdrops in last 7 days"
         puts ""
         puts "Macos::Artifacts::Files Usage:"
         puts "  Macos::Artifacts::Files::systemLaunchAgents         list output of installed /Library/LaunchAgents"
@@ -62,6 +63,7 @@ module Macos
         puts "  Macos::Artifacts::Apps::packagesReceipts            outputs list of installed packages"
         puts "  Macos::Artifacts::Apps::installHistory              outputs history of installed apps"
         puts "  Macos::Artifacts::Apps::appInstallLocations         outputs list of appliction install paths"
+        puts "  Macos::Artifacts::Apps::userInstalledApplications   outputs list of applictions installed in current users account"
         puts ""
       end
     end

data/lib/macos/artifacts/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module Macos
   module Artifacts
-    VERSION = "0.6.3"
+    VERSION = "0.6.4"
   end
 end

data/lib/macos/artifacts.rb CHANGED Viewed

@@ -6,6 +6,7 @@ require_relative "artifacts/files"
 require_relative "artifacts/apps"
 require_relative "artifacts/help"
 require 'cfpropertylist'
+require 'json'
 $currentUser = ENV['USER']
@@ -142,5 +143,21 @@ module Macos
         puts "  Install Critical Updates: #{criticalUpdateInstall}"
       end
     end
+    def self.airDrop
+      airdropUsage = `log show --style json --last 7d --predicate 'subsystem == "com.apple.sharing" AND category == "AirDrop" AND eventMessage == "Sending Ask response with code OK (200)"'`.strip
+      data = JSON.parse(airdropUsage)
+      puts "Airdrop Activty last 7 Days:"
+      data.each do |item|
+          # puts item
+          puts "  UserID: #{item["userID"]}"
+          puts "  Subsystem: #{item["subsystem"]}"
+          puts "  Category: #{item["category"]}"
+          puts "  Time: #{item["timestamp"]}"
+          puts "  Message: #{item["eventMessage"]}"
+          puts ""
+      end
+    end
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: macos-artifacts
 version: !ruby/object:Gem::Version
-  version: 0.6.3
+  version: 0.6.4
 platform: ruby
 authors:
 - nic scott
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-01-30 00:00:00.000000000 Z
+date: 2024-02-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler