macOS Utilities#
Table of Contents#
asitop#
csrutil#
[ d ] csrutil - configure system security policies
csrutil status
csrutil disable
csrutil enable
resources
defaults#
[ d ] defaults – access the Mac OS X user defaults system
[examples]
defaults domains | tr , '\n' # list domains
defaults write com.apple.LaunchServices/com.apple.launchservices.secure LSHandlers -array-add '{LSHandlerContentType=public.plain-text;LSHandlerRoleAll=com.microsoft.vscode;}' # set the default text editor to Visual Studio Code (`open -t file` open `file` in Visual Studio Code)
resources
diskutil#
[ d ] diskutil - modify, verify and repair local disks
diskutil list
dscacheutil#
[ d ] dscacheutil - directory service cache
[examples]
dscacheutil -q user` # lookup all users
dscacheutil -q user -a name <user>` # lookup a single user
dscl#
dscl Directory Service Command Line
[example] [ y ] 01-28-2023. Embrace The Red. “Grabbing and cracking macOS password hashes (with dscl and hashcat)”.
dscl . -list /Users
sudo dscl . -read /Users/alice | less
sudo dscl . -read /Users/alice dsAttrTypeNative:ShadowHashData > alice.hashdata
cat alice.hashdata | tail -n1 | xxd -p -r | plutil -convert xml1 - -o alice.plist
#echo salt | base64 -d | xxd -p -c256 # base64-decode the salt
#echo data | base64 -d | xxd -p -c256 # base64-decode the data
echo '$ml$iteration$'$(echo salt | base64 -d | xxd -p -c256)'$'$(echo data | base64 -d | xxd -p -c256) > hash # file `hash`: $ml$iteration$salt$data
hashcat --help | grep -i macos
hashcat -a 0 -m 7100 hash wordlist
du#
du - display disk usage statistics
du -chs .* *-sis equivalent to-d 0du -chd 1 .* *Depth of 1du -chd 2 .* *Depth of 2
fdisk#
[ d ] fdisk - DOS partition maintenance program
fs_usage#
[ d ] fs_usage
halt#
[ d ] halt, reboot - stopping and restarting the system
id#
[ d ] id - return user identity
man idHow do I use commandid?id -P bobShow information for the user ‘bob’ as a password file entry.id -Gn rootSame output as groups(1) for the root user.id -p aliceShow human readable information about ‘alice’.id -uPrint the effective UID.id -unPrint the effective user name. Equivalent towhoami.
launchctl#
launchctl – Interfaces with launchd
log#
log – access system wide log messages created by os_log, os_trace and other logging systems
[examples]
log show --predicate 'process == "Safari"' --last 2d
mdutil#
mdutil manage the metadata stores for mounted volumes used by spotlight
sudo mdutil -E / # erase the local stores mounted at `/` (the stores will be rebuilt, if appropriate)
networkQuality#
[ d ] networkQuality - network quality testing tool
[examples]
networkQuality -s -v # down/up sequential + verbose
networkQuality -v # down/up parallel + verbose
networksetup#
[ d ] networksetup - configuration tool for network settings in System Preferences
[examples]
networksetup -listnetworkserviceorder
networksetup -listallnetworkservices
nvram#
nvram – manipulate firmware NVRAM variables
nvram SystemAudioVolume=" " # disable the sound effects on boot (not tested) https://github.com/kevinSuttle/macOS-Defaults/blob/master/.macos
open#
[ d ] open - open files and directories
open '/Volumes/Macintosh HD/foo.txt'opens the document in the default application for its type (as determined by LaunchServices).open '/Volumes/Macintosh HD/Applications/'opens that directory in the Finder.open -a /Applications/TextEdit.app '/Volumes/Macintosh HD/foo.txt'opens the document in the application specified (in this case, TextEdit).open -b com.apple.TextEdit '/Volumes/Macintosh HD/foo.txt'opens the document in the application specified (in this case, TextEdit).open -e '/Volumes/Macintosh HD/foo.txt'opens the document in TextEdit.ls | open -fwrites the output of the ‘ls’ command to a file in /tmp and opens the file in the default text editor (as determined by LaunchServices).open http://www.apple.com/opens the URL in the default browser.open 'file://localhost/Volumes/Macintosh HD/foo.txt'opens the document in the default application for its type (as determined by LaunchServices).open 'file://localhost/Volumes/Macintosh HD/Applications/'opens that directory in the Finder.open -h NSViewlists headers whose names contain NSView and allows you to choose which ones to open.open -h NSView.himmediately opens NSView.h.open --env MallocStackLogging=YES -b com.apple.TextEditlaunches TextEdit with the environment variable “MallocStackLogging” set to “YES”open -h NSView -s OSX10.12lists headers whose names contain NSView in the MacOSX 10.12 SDK and allows you to choose which ones to open.
osascript#
osascript – execute OSA scripts (AppleScript, JavaScript, etc.)
osascript -e 'tell application "System Preferences" to quit' # close System Preferences
plutil#
plutil – property list utility
pmset#
pmset – manipulate power management settings
pmset -g sched # view the current schedule
powermetrics#
[ unix/osx ] powermetrics
quota#
[ d ] quota - display disk usage and limits
scutil#
scutil – Manage system configuration parameters
scutil --dnsscutil --getscutil --get ComputerNamescutil --get HostNamescutil --get LocalHostName
scutil --set
security#
[ d ] security - command line interface to keychains and Security framework
softwareupdate#
[ d ] softwareupdate - system software update tool
[examples]
softwareupdate --help # How do I use command `softwareupdate`?
softwareupdate -l # Are there any available updates?
split#
[ d ] split - split a file into pieces
sw_vers#
[ d ] sw_vers - print macOS version information
sw_vers -h # How do I use command `sw_vers`?
sw_vers # Print macOS version information.
sysctl#
[ d ] sysctl - get or set kernel state
sysctl -a # List all the currently available non-opaque values. This option is ignored if one or more variable names are specified on the command line.
system_profiler#
[ d ] system_profiler - reports system hardware and software configuration
system_profiler -h # How do I use command `system_profiler`?
system_profiler # Report the system hardware and software configuration.
systemsetup#
[ d ] systemsetup – configuration tool for certain machine settings in System Preferences.
systemsetup -getallowpowerbuttontosleepcomputer # getAllowPowerButtonToSleepComputer: On
systemsetup -getcomputername # Computer Name: Automaton
systemsetup -getcomputersleep # Computer Sleep: Never
systemsetup -getdate #
systemsetup -getdisablekeyboardwhenenclosurelockisengaged # getdisablekeyboardwhenenclosurelockisengaged: No
systemsetup -getdisplaysleep # Display Sleep: after 60 minutes
systemsetup -getharddisksleep # Hard Disk Sleep: after 10 minutes
systemsetup -getkernelbootarchitecturesetting # kernel architecture is set to default
systemsetup -getlocalsubnetname # Local Subnet Name: Automaton
systemsetup -getnetworktimeserver # Network Time Server: time.apple.com
systemsetup -getremoteappleevents # Remote Apple Events: Off
systemsetup -getremotelogin # Remote Login: On
systemsetup -getrestartfreeze # Restart After Freeze: On
systemsetup -getrestartpowerfailure # Restart After Power Failure: Not supported on this machine.
systemsetup -getsleep # Sleep: Computer sleeps Never \n Sleep: Display sleeps after 60 minutes \n Sleep: Disk sleeps after 10 minutes
systemsetup -getstartupdisk # (null)
systemsetup -gettime #
systemsetup -gettimezone # Time Zone: America/New_York
systemsetup -getusingnetworktime # Network Time: On
systemsetup -getwaitforstartupafterpowerfailure # getwaitforstartupafterpowerfailure: 0 seconds
systemsetup -getwakeonmodem # Wake On Modem: Not supported on this machine.
systemsetup -getwakeonnetworkaccess # Wake On Network Access: On
systemsetup -liststartupdisks #
systemsetup -listtimezones #
systemsetup -help #
systemsetup -printCommands #
systemsetup -version # systemsetup, Version 1.5.1 \n Copyright Apple Inc. 2002-2020
tiptop#
[ g ] tiptop
trash#
[ g ] trash
vm_stat#
[ w ] vm_stat - show Mach virtual memory statistics
xattr#
xattr - display and manipulate extended attributes
xcode-select#
[ d ] xcode-select - manages the active developer directory for Xcode and BSD tools
xcode-select -hHow do I use commandxcode-select?xcode-select -vWhat is the version?xcode-select -pWhere is the active developer directory located in the filesystem?