| { | |
| echo "Loaded kernel extensions:"; | |
| kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'; | |
| echo $'\n'"Loaded user agents:"; | |
| launchctl list | sed 1d | awk '!/0x|com\.apple|org\.(x|openbsd)|\.[0-9]+$/{print $3}'; | |
| echo $'\n'"Inserted libraries:"; | |
| launchctl getenv DYLD_INSERT_LIBRARIES; | |
| echo $'\n'"User cron tasks:"; | |
| crontab -l; | |
| echo $'\n'"System launchd configuration:"; | |
| cat /e*/lau*; | |
| echo $'\n'"User launchd configuration:"; | |
| cat .lau*; | |
| echo $'\n'"Login items:"; | |
| osascript -e 'tell application "System Events" to get name of login items'; | |
| echo $'\n'"Extrinsic loadable bundles:"; | |
| cd; | |
| find -L /S*/L*/E* {,/}L*/{Ad,Compon,Ex,In,Keyb,Mail/Bu,P*P,Qu,Scripti,Servi,Spo}* -type d -name Contents -prune | while read d; | |
| do /usr/libexec/PlistBuddy -c 'Print :CFBundleIdentifier' "$d/Info.plist" | egrep -qv "^com\.apple\.[^x]|Accusys|ArcMSR|ATTO|HDPro|HighPoint|driver\.stex|hp-fax|JMicron|print|SoftRAID" && echo ${d%/Contents}; | |
| done; | |
| # echo $'\n'"Unsigned shared libraries:"; | |
| # find /u*/{,*/}lib -type f -exec sh -c 'file -b $1 | grep -qw shared && ! codesign -v $1' {} {} \; | |
| -print; | |
| echo; | |
| ls -A {,/}L*/{Launch,Priv,Sta}*; | |
| } 2> /dev/null | |
| { | |
| echo "Loaded system agents:"; | |
| sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix\.cron)|org\.(amav|apac|cups|isc|ntp|postf|x)/{print $3}'; | |
| echo $'\n'"Login hook:"; | |
| sudo defaults read com.apple.loginwindow LoginHook; | |
| echo $'\n'"Root cron tasks:"; | |
| sudo crontab -l; | |
| echo $'\n'"Log check:"; | |
| syslog -k Sender kernel -k Message CReq 'GPU |hfs: Ru|I/O e|find tok|n Cause: -|NVDA\(|pagin|timed? ?o' | tail; | |
| } 2> /dev/null |
zshbleaker
commented
Apr 2, 2022
Loaded kernel extensions:
Loaded user agents:
com.nssurge.surge-mac.helper
com.docker.helper
fans
org.cups.cupsd
com.openssh.sshd
org.wireshark.ChmodBPF
com.vix.cron
com.daisydiskapp.DaisyDiskStandAlone.AdminHelper
com.bjango.istatmenus.daemon
com.bjango.istatmenus.installerhelper
com.intuitibits.airtool2.airtool-bpf
com.microsoft.autoupdate.helper
Inserted libraries:
User cron tasks:
System launchd configuration:
User launchd configuration:
Login items:
FigmaAgent, Elpass, Dash, Alfred 4, Spark, iTerm, Keyboard Maestro Engine, Surge, Dropbox, Stickies, Rectangle
Extrinsic loadable bundles:
/Library/Input Methods/SogouInput.app
/Library/QuickLook/SogouSkinFileQuickLook.qlgenerator
/Library/LaunchAgents:
com.bjango.istatmenus.agent.plist com.sogou.SogouServices.plist
com.bjango.istatmenus.status.plist com.sogou.SogouTaskManager.plist
com.microsoft.update.agent.plist
/Library/LaunchDaemons:
com.apple.installer.osmessagetracing.plist
com.bjango.istatmenus.daemon.plist
com.bjango.istatmenus.fans.plist
com.bjango.istatmenus.installerhelper.plist
com.daisydiskapp.DaisyDiskStandAlone.AdminHelper.plist
com.intuitibits.airtool2.airtool-bpf.plist
com.microsoft.autoupdate.helper.plist
com.nssurge.surge-mac.helper.plist
org.wireshark.ChmodBPF.plist
com.docker.vmnetd.plist
/Library/PrivilegedHelperTools:
com.bjango.istatmenus.installerhelper
com.daisydiskapp.DaisyDiskStandAlone.AdminHelper
com.microsoft.autoupdate.helper
com.nssurge.surge-mac.helper
com.docker.vmnetd
/Library/StagedDriverExtensions:
/Library/StagedExtensions:
/Library/StartupItems:
Library/LaunchAgents:
com.DigiDNA.iMazing2Mac.Mini.plist com.nuebling.mac-mouse-fix.helper.plist
com.dropbox.DropboxMacUpdate.agent.plist com.valvesoftware.steamclean.plist
com.google.keystone.agent.plist io.fig.launcher.plist
com.google.keystone.xpcservice.plist io.fig.uninstall.plist
Library/Private Documents:
CTGlobalCache
Library/Staging:
Library/StatusKit:
database
Loaded system agents:
com.nssurge.surge-mac.helper
fans
org.wireshark.ChmodBPF
com.daisydiskapp.DaisyDiskStandAlone.AdminHelper
com.bjango.istatmenus.daemon
com.bjango.istatmenus.installerhelper
com.intuitibits.airtool2.airtool-bpf
com.microsoft.autoupdate.helper
com.docker.vmnetd
Login hook:
Root cron tasks:
Log check: