RubyGems - macos-artifacts - Versions diffs - 0.6.3 → 0.6.4 - Mend

macos-artifacts 0.6.3 → 0.6.4

Files changed (9) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +7 -0
data/README.md +20 -0
data/lib/macos/artifacts/apps.rb +31 -18
data/lib/macos/artifacts/files.rb +20 -7
data/lib/macos/artifacts/help.rb +2 -0
data/lib/macos/artifacts/version.rb +1 -1
data/lib/macos/artifacts.rb +17 -0
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ff8a46c9c151ddb085fd4c578d90e16aa922722d61728b7803934ef04617184f
-  data.tar.gz: 8ef9df8d3ca88f39c04988d856ae3d9d08cc870999d8b3058a055bec482c48bf
+  metadata.gz: f1ddf4c188e1d94cc14f5329bd1abb165a1364e0b270b394b4565e46a3861b75
+  data.tar.gz: 6cc605f5a9c737f23db1f52ed4e3bd09a271931f78e7607e7d8dff1032feaf8d
 SHA512:
-  metadata.gz: '09b71859a27f25c9db18c8ace5fcc00bfbae9023a4be65b632e8b3d3a341c4136a26c5c2eb6b445bf10e7727da52031f836af66c315bd29acce70dc697db9718'
-  data.tar.gz: 56786359ec1eca917904786f9171b481f2d5982252542b699dab1068841a9a9f00ff6a8db8db0f334a805cdc5d1613722e0b13c3f8816e1261616e66faee6e96
+  metadata.gz: 27c015884b1a648d4cd1ef28d81e04824cdc40e3577a4f73cb1c2941214c57b05bedad3afd34cc4cbc05518ab4fee9f35b907c55547594c23bb817614ed58a51
+  data.tar.gz: 9ef5208b23c47e2cb5863efda227792e68279c0c047b1ab20bb0149b0c691b444845e8f440e56f8e9b52632fbbe55d9c87c5d8bb0e668e1281216a0ac43debc1

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,13 @@
 # Change Log
+---
+## version 0.6.4
+- Add:  airdrop activity for the last 7 days shows timestamps. Macos::Artifacts::airDrop
+- Add: applications installed in current users account. Macos::Artifacts::Apps::userInstalledApplications
+- Fixed: IO error with Macos::Artifacts::Apps::applications when plist file didn't exist
+- Fixed: IO error with Macos::Artifacts::Files::systemLaunchAgents when is a symlink or doesn't exist
 ---
 ## version 0.6.3

data/README.md CHANGED Viewed

@@ -16,6 +16,8 @@ Output is simple text making it able to be scraped up by an MDM or EDR solution
 `require 'macos/artifacts'`
 ```ruby
+Macos::Artifacts::Help::options
 Macos::Artifacts::computerName
 Macos::Artifacts::serial
 Macos::Artifacts::version
@@ -35,6 +37,14 @@ Macos::Artifacts::firewallStatus
 Macos::Artifacts::screenlockStatus
 Macos::Artifacts::lockStatus
 Macos::Artifacts::softwareUpdates
+Macos::Artifacts::airDrop
+Macos::Artifacts::Apps::applications
+Macos::Artifacts::Apps::packagesReceipts
+Macos::Artifacts::Apps::installHistory
+Macos::Artifacts::Apps::appInstallLocations
+Macos::Artifacts::Apps::userInstalledApplications
 Macos::Artifacts::Files::systemLaunchAgents
 Macos::Artifacts::Files::systemLaunchDaemons
 Macos::Artifacts::Files::userLaunchAgents
@@ -44,12 +54,22 @@ Macos::Artifacts::Files::userApplicationSupport
 Macos::Artifacts::Files::libraryPreferences
 Macos::Artifacts::Files::userLibraryPreferences
 Macos::Artifacts::Files::cronTabs
 Macos::Artifacts::Files::etcHosts
+Macos::Artifacts::Files::usrLocal
+Macos::Artifacts::Files::usrLocalBin
+Macos::Artifacts::Files::usrLocalSbin
+Macos::Artifacts::Files::usersShared
+Macos::Artifacts::Files::privateTmp
+Macos::Artifacts::Files::scriptInstallLocations
 Macos::Artifacts::State::users
 Macos::Artifacts::State::adminUsers
 Macos::Artifacts::State::systemExtensions
 Macos::Artifacts::State::processCPU
 Macos::Artifacts::State::processMemory
+Macos::Artifacts::State::openNetworkConnections
+Macos::Artifacts::State::networkInterfaces
 ```

data/lib/macos/artifacts/apps.rb CHANGED Viewed

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 require 'json'
 require 'date'
+$currentUser = ENV['USER']
 module Macos
   module Artifacts
@@ -10,35 +12,39 @@ module Macos
         $applicationsDirectory = Dir.entries("#{$applicationsPath}")
         puts "Applications Folder:"
         $applicationsDirectory.sort!.each do  | filename |
-          if ! filename.start_with?(".")
+            if ! filename.start_with?(".")
             if File.extname(filename) == ".app"
-              plist = CFPropertyList::List.new(:file => "#{$applicationsPath}/#{filename}/Contents/Info.plist")
-              data = CFPropertyList.native_types(plist.value)
-              data.each do |k,v|
-                if k == "CFBundleShortVersionString"
-                  puts "  #{$applicationsPath}/#{filename}: #{v}"
+                plistfile = "#{$applicationsPath}/#{filename}/Contents/Info.plist"
+                if File.exist?("#{plistfile}")
+                    plist = CFPropertyList::List.new(:file => "#{$applicationsPath}/#{filename}/Contents/Info.plist")
+                    data = CFPropertyList.native_types(plist.value)
+                    data.each do |k,v|
+                        if k == "CFBundleShortVersionString"
+                            puts "  #{$applicationsPath}/#{filename}: #{v}"
+                        end
+                    end
                 end
-              end
             else
-              if File.directory?("#{$applicationsPath}/#{filename}")
+                if File.directory?("#{$applicationsPath}/#{filename}")
                 puts "  #{$applicationsPath}/#{filename}:"
                 subpath =  Dir.entries("#{$applicationsPath}/#{filename}")
                 subpath.each do |subdirapp|
-                  if ! subdirapp.start_with?(".")
+                    if ! subdirapp.start_with?(".")
                     if File.extname(subdirapp) == ".app"
-                      plist = CFPropertyList::List.new(:file => "#{$applicationsPath}/#{filename}/#{subdirapp}/Contents/Info.plist")
-                      data = CFPropertyList.native_types(plist.value)
-                      data.each do |k,v|
+                        plist = CFPropertyList::List.new(:file => "#{$applicationsPath}/#{filename}/#{subdirapp}/Contents/Info.plist")
+                        data = CFPropertyList.native_types(plist.value)
+                        data.each do |k,v|
                         if k == "CFBundleShortVersionString"
-                          puts "    #{$applicationsPath}/#{filename}/#{subdirapp}: #{v}"
+                            puts "    #{$applicationsPath}/#{filename}/#{subdirapp}: #{v}"
                         end
-                      end
+                        end
+                    end
                     end
-                  end
                 end
-              end
+                end
+            end
             end
-          end
         end
       end
@@ -81,8 +87,15 @@ module Macos
           end
         end
       end
+      def self.userInstalledApplications
+        history = `mdfind -onlyin /Users/"#{$currentUser}" 'kMDItemKind == "Application"'`.split("\n")
+        puts "User Installed Applications:"
+        history.each do |item|
+          puts "  #{item.strip}"
+        end
+      end
     end
   end
 end

data/lib/macos/artifacts/files.rb CHANGED Viewed

@@ -11,14 +11,27 @@ module Macos
         $launchAgentDir = Dir.entries("#{$systemLaunchAgentsPath}")
         puts "System Launchagents:"
         $launchAgentDir.each do  | filename |
-          if filename != "." && filename != ".."
-            puts "  #{$systemLaunchAgentsPath}/#{filename}"
-            plist = CFPropertyList::List.new(:file => "#{$systemLaunchAgentsPath}/#{filename}")
-            data = CFPropertyList.native_types(plist.value)
-            data.each do |k,v|
-              puts "    #{k}: #{v}"
+            if filename != "." && filename != ".."
+                puts "  #{$systemLaunchAgentsPath}/#{filename}"
+                plistPath = "#{$systemLaunchAgentsPath}/#{filename}"
+                if File.exist?("#{plistPath}")
+                    plist = CFPropertyList::List.new(:file => "#{$systemLaunchAgentsPath}/#{filename}")
+                    data = CFPropertyList.native_types(plist.value)
+                    data.each do |k,v|
+                        puts "    #{k}: #{v}"
+                    end
+                end
+                if File.symlink?("#{plistPath}")
+                    filename = File.readlink("#{plistPath}")
+                    if File.exist?("#{filename}")
+                        plist = CFPropertyList::List.new(:file => "#{$systemLaunchAgentsPath}/#{filename}")
+                        data = CFPropertyList.native_types(plist.value)
+                        data.each do |k,v|
+                            puts "    #{k}: #{v}"
+                        end
+                    end
+                end
             end
-          end
         end
       end

data/lib/macos/artifacts/help.rb CHANGED Viewed

@@ -29,6 +29,7 @@ module Macos
         puts "  Macos::Artifacts::screenlockStatus                  checks screenlock status and time"
         puts "  Macos::Artifacts::lockStatus                        returns Activation Lock Status"
         puts "  Macos::Artifacts::softwareUpdates                   returns machines softwareupate settings"
+        puts "  Macos::Artifacts::airDrop                           returns timestamps of successful airdrops in last 7 days"
         puts ""
         puts "Macos::Artifacts::Files Usage:"
         puts "  Macos::Artifacts::Files::systemLaunchAgents         list output of installed /Library/LaunchAgents"
@@ -62,6 +63,7 @@ module Macos
         puts "  Macos::Artifacts::Apps::packagesReceipts            outputs list of installed packages"
         puts "  Macos::Artifacts::Apps::installHistory              outputs history of installed apps"
         puts "  Macos::Artifacts::Apps::appInstallLocations         outputs list of appliction install paths"
+        puts "  Macos::Artifacts::Apps::userInstalledApplications   outputs list of applictions installed in current users account"
         puts ""
       end
     end

data/lib/macos/artifacts/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module Macos
   module Artifacts
-    VERSION = "0.6.3"
+    VERSION = "0.6.4"
   end
 end

data/lib/macos/artifacts.rb CHANGED Viewed

@@ -6,6 +6,7 @@ require_relative "artifacts/files"
 require_relative "artifacts/apps"
 require_relative "artifacts/help"
 require 'cfpropertylist'
+require 'json'
 $currentUser = ENV['USER']
@@ -142,5 +143,21 @@ module Macos
         puts "  Install Critical Updates: #{criticalUpdateInstall}"
       end
     end
+    def self.airDrop
+      airdropUsage = `log show --style json --last 7d --predicate 'subsystem == "com.apple.sharing" AND category == "AirDrop" AND eventMessage == "Sending Ask response with code OK (200)"'`.strip
+      data = JSON.parse(airdropUsage)
+      puts "Airdrop Activty last 7 Days:"
+      data.each do |item|
+          # puts item
+          puts "  UserID: #{item["userID"]}"
+          puts "  Subsystem: #{item["subsystem"]}"
+          puts "  Category: #{item["category"]}"
+          puts "  Time: #{item["timestamp"]}"
+          puts "  Message: #{item["eventMessage"]}"
+          puts ""
+      end
+    end
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: macos-artifacts
 version: !ruby/object:Gem::Version
-  version: 0.6.3
+  version: 0.6.4
 platform: ruby
 authors:
 - nic scott
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-01-30 00:00:00.000000000 Z
+date: 2024-02-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler