forked from drduh/macOS-Security-and-Privacy-Guide
-
Notifications
You must be signed in to change notification settings - Fork 1
/
read_launch_plists.py
executable file
·107 lines (83 loc) · 2.4 KB
/
read_launch_plists.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
#!/usr/bin/env python
#
# This script reads system launch daemon and agent plists.
import glob
import hashlib
import os
import plistlib
import subprocess
import csv
header ='filename,label,program,sha256,runatload,comment'
location = '/System/Library/Launch%s/*.plist'
comments = {}
def LoadPlist(filename):
"""Plists can be read with plistlib."""
# creating our own data
data = None
try:
p = subprocess.Popen(
['/usr/bin/plutil', '-convert', 'xml1', '-o', '-', filename],
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
out_data, err_data = p.communicate()
except IOError as e:
# file could not be found
print e
if(p.returncode == 0):
data = plistlib.readPlistFromString(out_data)
return data
def GetStatus(plist):
"""Plists may have a RunAtLoad key."""
try:
return plist['RunAtLoad']
except KeyError:
return 'False'
def GetLabel(plist):
"""Plists have a label."""
try:
return plist['Label']
except KeyError:
return 'False'
def GetProgram(plist):
"""Plists have either a Program or ProgramArguments key,
if the executable requires command line options.
"""
try:
return "['%s']" % plist['Program'], HashFile(plist['Program'])
except KeyError:
return plist['ProgramArguments'], HashFile(plist['ProgramArguments'])
def HashFile(f):
"""Returns SHA-256 hash of a given file."""
if type(f) is list:
f = f[0]
try:
return hashlib.sha256(open(f,'rb').read()).hexdigest()
except:
return 'UNKNOWN'
def GetComment(plist):
"""docstring for GetComment"""
global comments
label = plist['Label']
comment = None
if label in comments:
comment = comments[label]
return comment
def main():
"""Main function."""
print(header)
global comments
csvfile = os.path.join(os.path.dirname(
os.path.realpath(__file__)), 'comments.csv')
with open(csvfile, 'rb') as f:
reader = csv.reader(f)
comments = {rows[0]:rows[1] for rows in reader}
for kind in ['Daemons', 'Agents']:
for filename in glob.glob(location % kind):
if not filename.endswith('com.apple.jetsamproperties.Mac.plist'):
p = LoadPlist(filename)
if p:
e = (filename, GetLabel(p), '"%s",%s' % GetProgram(p), GetStatus(p), '"%s"' % GetComment(p))
print('%s,%s,%s,%s,%s' % e)
else:
print('Could not load %s' % filename)
if __name__ == '__main__':
main()