Osx-Password-Dumper - A Tool To Dump Users'S .Plist On A Mac OS System And To Convert Them Into A Crackable Hash

  OSX Password Dumper Script

Overview

A bash script to retrieve user's .plist files on a macOS system and to convert the data inside it to a crackable hash format. (to use with John The Ripper or Hashcat)

Useful for CTFs/Pentesting/Red Teaming on macOS systems.

Prerequisites

• The script must be run as a root user (sudo)
• macOS environment (tested on a macOS VM Ventura beta 13.0 (22A5266r))

Usage

sudo ./osx_password_cracker.sh OUTPUT_FILE /path/to/save/.plist

MacOSThreatTrack - Bash Tool Used For Proactive Detection Of Malicious Activity On macOS Systems

The tool is being tested in the beta phase, and it only gathers MacOS system information at this time.

The code is poorly organized and requires significant improvements.

Description

Bash tool used for proactive detection of malicious activity on macOS systems.

I was inspired by Venator-Swift and decided to create a bash version of the tool.

OneLiner command

curl https://raw.githubusercontent.com/ab2pentest/MacOSThreatTrack/main/MacOSThreatTrack.sh | bash

Gathered information

[+] System info
[+] Users list
[+] Environment variables
[+] Process list
[+] Active network connections
[+] SIP status
[+] GateKeeper status
[+] Zsh history
[+] Bash history
[+] Shell startup scripts
[+] PF rules
[+] Periodic scripts
[+] CronJobs list
[+] LaunchDaemons data
[+] Kernel extensions
[+] Installed applications
[+] Installation history
[+] Chrome extensions

Todo

1. Saving output as JSON instead of printing out the result.