Entitlement AND Hardened Runtime Check

Related tags

Miscellaneous EntitlementCheck
Overview

Entitlement AND Hardened Runtime Check

Wrapper around the codesign binary to recursively check installed apps for problematic entitlements and for whether or not Hardened Runtime is enabled.

Currently the scripts check for the following entitlements:

  • com.apple.security.cs.disable-library-validation
  • com.apple.security.cs-allow-dyld-environment-variables
  • com.apple.security.get-task-allow
  • com.apple.security.cs.allow-unsigned-executable-memory
  • com.apple.security.files.downlaods.read-only
  • com.apple.security.files.downloads.read-write
  • com.apple.security.files.all (deprecated...but you never know...)
  • com.apple.security.files.user-selected.read-only
  • com.apple.security.files.user-selected.read-write

NOTE: It is possible that an app can have one or more of the entitlements above while also having hardened runtime enabled (which may mitigate the attack path for abusing the entitlement in question). To check specifically for hardened runtime, run the command below and search for flags in the output:

For Hardened Runtime checks, my script runs the command below and filters based on output:

codesign --display --verbose /Applications/[name]/Contents/MacOS/[name]

The following directories are checked by both the Entitlements and Hardened Runtime Check Scripts:

  • /Applications
  • /usr/local/bin
  • /usr/bin
  • /usr/sbin

Steps

Python Script Instructions:

  1. Entitlements Check: python3 Entitlements_Check.py
  2. Hardened Runtime Check: python3 Hardened_Runtime_Check.py
  3. results will be displayed to stdout. Can simply redirect to an output file as well (ex: python3 Hardened_Runtime_Check.py > outfile.txt)

Sample output from Entitlements_Check.py: Image

Sample output from Hardened_Runtime_Check.py: Image

You might also like...
This tool for beginner and help those people they gather information about Email Header Analysis, Instagram Information, Instagram Username Check, Ip Information, Phone Number Information, Port Scan

This tool for beginner and help those people they gather information about Email Header Analysis, Instagram Information, Instagram Username Check, Ip Information, Phone Number Information, Port Scan. This tool shows your hostname and public IP first, then user give input and according to option this tool work. This tool work diffrent Oprating system.

cb-kali 5 Feb 18, 2022
Arcpy Tool developed for ArcMap 10.x that checks DVOF points against TDS data and creates an output feature class as well as a check database.

DVOF_check_tool Arcpy Tool developed for ArcMap 10.x that checks DVOF points against TDS data and creates an output feature class as well as a check d

null 3 Apr 18, 2022
[x]it! support for working with todo and check list files in Sublime Text
[x]it! support for working with todo and check list files in Sublime Text

[x]it! for Sublime Text This Sublime Package provides syntax-highlighting, shortcuts, and auto-completions for [x]it! files. Features Syntax highlight

Jan Heuermann 18 Sep 19, 2022
Check is a integer is even

Is Even Check if interger is even using isevenapi. https://isevenapi.xyz/ Main features: cache memoization api retry handler hide ads Install pip inst

Rosiney Gomes Pereira 45 Dec 19, 2022
Simple Python tool to check if there is an Office 365 instance linked to a domain.

o365chk.py Simple Python script to check if there is an Office365 instance linked to a particular domain.

Steven Harris 37 Jan 2, 2023
Check COVID locations of interest against Google location history
Check COVID locations of interest against Google location history

Location of Interest Checker Script to compare COVID locations of interest to Google location history. The script produces a map plot (as shown below)

null 9 Mar 30, 2022
An example project that shows how to check if a certain macro is active in a file.

PlatformIO Check Compiler Flags Example Description Demonstrates the usage of an extra script and a special compilter invocation to get the active mac

Maximilian Gerhardt 1 Oct 28, 2021
Check if Python package names are available on PyPI.
Check if Python package names are available on PyPI.

😻 isavailable Can I haz this Python package on PyPI? Check if Python package names are available on PyPI. Usage $ isavailable checks whether your des

Felipe S. S. Schneider 3 May 18, 2022
The purpose of this tool is to check RDP capabilities of a user on specific targets.

RDPChecker The purpose of this tool is to check RDP capabilities of a user on specific targets. Programming concept was taken from RDPassSpray and thu

Hypnoze57 57 Aug 4, 2022
Comments
  • Check also for com.apple.private.security.clear-library-validation

    Check also for com.apple.private.security.clear-library-validation

    Hi,

    You might want to check com.apple.private.security.clear-library-validation as well.

    https://theevilbit.github.io/posts/com.apple.private.security.clear-library-validation/

    Csaba

    opened by theevilbit 1
  • Add python3 shebang

    Add python3 shebang

    Adds the following as the first line of each file so that they can be executed without calling python.

    #!/usr/bin/env python3

    e.g.

    chmod +x Entitlements_Check.py
./Entitlements_Check.py
    opened by 0xmachos 0
Owner
Cedric Owens
offensive security engineer
Cedric Owens
GitHub
Runtime profiler for Streamlit, powered by pyinstrument

streamlit-profiler ???? Runtime profiler for Streamlit, powered by pyinstrument. streamlit-profiler is a Streamlit component that helps you find out w

Johannes Rieke 23 Nov 30, 2022
To check my COVID-19 vaccine appointment, I wrote an infinite loop that sends me a Whatsapp message hourly using Twilio and Selenium. It works on my Raspberry Pi computer.

COVID-19_vaccine_appointment To check my COVID-19 vaccine appointment, I wrote an infinite loop that sends me a Whatsapp message hourly using Twilio a

Ayyuce Demirbas 24 Dec 17, 2022
A one place destination to check whatever is trending on the top social and news websites at present.

UpTrend A one place destination to check whatever is trending on the top social and news websites at present. Explore the docs » View Demo · Report Bu

Google Developer Student Clubs - JGEC 10 Oct 3, 2021
gwcheck is a tool to check .gnu.warning.* sections in ELF object files and display their content.

gwcheck Description gwcheck is a tool to check .gnu.warning.* sections in ELF object files and display their content. For an introduction to .gnu.warn

Frederic Cambus 11 Oct 28, 2022
Check a discord message and give it a percentage of scamminess

scamChecker Check a discord message and give it a percentage of scamminess Run the bot, and run the command !scamCheck and it will return a percentage

null 3 Sep 22, 2022
We want to check several batch of web URLs (1~100 K) and find the phishing website/URL among them.

We want to check several batch of web URLs (1~100 K) and find the phishing website/URL among them. This module is designed to do the URL/web attestation by using the API from NUS-Phishperida-Project.

null 3 Dec 28, 2022
Generates Windows 95 and 95 OEM keys using the modulus 7 check algorithm

w95keygen-python windowskeygen.py - Generates Windows 95 and 95 OEM keys using the modulus 7 check algorithm Just download and drop in the directory y

Joshua Alto 1 Dec 6, 2021
edgetest is a tox-inspired python library that will loop through your project's dependencies, and check if your project is compatible with the latest version of each dependency

Bleeding edge dependency testing Full Documentation edgetest is a tox-inspired python library that will loop through your project's dependencies, and

Capital One 16 Dec 7, 2022
A Python tool to check ASS subtitles for common mistakes and errors.

A Python tool to check ASS subtitles for common mistakes and errors.

null 1 Dec 18, 2021
Birthday program - A program that lookups a birthday txt file and compares to the current date to check for birthdays

Birthday Program This is a program that lookups a birthday txt file and compares

Daquiver 4 Feb 2, 2022