#System infodatecaluptime#show time from startingw#list userswhoami#this userfingerusername#info about useruname-a#sysinfocat/proc/cpuinfo#processorcat/proc/meminfo#memoryfree#check memorydf#check disklaunchctllist#List servicesatq#List "at" tasks for the usersysctl-a#List kernel configurationdiskutillist#List connected hard drivesnettop#Monitor network usage of processes in top stylesystem_profilerSPSoftwareDataType#System infosystem_profilerSPPrintersDataType#Printersystem_profilerSPApplicationsDataType#Installed Appssystem_profilerSPFrameworksDataType#Instaled frameworksystem_profilerSPDeveloperToolsDataType#Developer tools infosystem_profilerSPStartupItemDataType#Startup Itemssystem_profilerSPNetworkDataType#Network Capabilitiessystem_profilerSPFirewallDataType#Firewall Statussystem_profilerSPNetworkLocationDataType#Known Networksystem_profilerSPBluetoothDataType#Bluetooth Infosystem_profilerSPEthernetDataType#Ethernet Infosystem_profilerSPUSBDataType#USB infosystem_profilerSPAirPortDataType#Airport Info#Searchesmdfindpassword#Show all the files that contains the word passwordmfind-namepassword#List all the files containing the word password in the name#Open any appopen-a<ApplicationName>--hide#Open app hiddenopensome.doc-aTextEdit#Open a file in one application#Computer doesn't go to sleepcaffeinate&#Screenshot# This will ask for permission to the userscreencapture-x/tmp/ss.jpg#Save screenshot in that file#Get clipboard infopbpaste#system_profilersystem_profiler--help#This command without arguments take lot of memory and time.system_profiler-listDataTypessystem_profilerSPSoftwareDataTypeSPNetworkDataType#Networkarp-ien0-l-a#Print the macOS device's ARP tablelsof-i-P-n|grepLISTENsmbutilstatshares-a#View smb shares mounted to the hard drive#networksetup - set or view network options: Proxies, FW options and morenetworksetup-listallnetworkservices#List network servicesnetworksetup-listallhardwareports#Hardware portsnetworksetup-getinfoWi-Fi#Wi-Fi infonetworksetup-getautoproxyurlWi-Fi#Get proxy URL for Wifinetworksetup-getwebproxyWi-Fi#Wifi Web proxynetworksetup-getftpproxyWi-Fi#Wifi ftp proxy#Brewbrewlist#List installedbrewsearch<text>#Search packagebrewinfo<formula>brewinstall<formula>brewuninstall<formula>brewcleanup#Remove older versions of installed formulae.brewcleanup<formula>#Remove older versions of specified formula.#Make the machine talksayhello-vdiego#spanish: diego, Jorge, Monica#mexican: Juan, Paulina#french: Thomas, Amelie########### High privileges actionssudopurge#purge RAM#Sharing preferencessudolaunchctlload-w/System/Library/LaunchDaemons/ssh.plist (enable ssh)sudolaunchctlunload/System/Library/LaunchDaemons/ssh.plist (disable ssh)#Start apachesudoapachectl (start|status|restart|stop)##Web folder: /Library/WebServer/Documents/#Remove DNS cachedscacheutil-flushcachesudokillall-HUPmDNSResponder
Встановлене програмне забезпечення та сервіси
Перевірте наявність підозрілих додатків, що встановлені, та привілеїв над встановленими ресурсами:
system_profiler SPApplicationsDataType #Installed Apps
system_profiler SPFrameworksDataType #Instaled framework
lsappinfo list #Installed Apps
launchctl list #Services
Процеси користувача
# will print all the running services under that particular user domain.launchctlprintgui/<usersUID># will print all the running services under rootlaunchctlprintsystem# will print detailed information about the specific launch agent. And if it’s not running or you’ve mistyped, you will get some output with a non-zero exit code: Could not find service “com.company.launchagent.label” in domain for loginlaunchctlprintgui/<user's UID>/com.company.launchagent.label