many are discovered by scouring the manpages apropos -s 1/8/? .
- nettop
- nscurl
- (arp)
- textutil
- wish, tcl/tk etc.
- last
- wdutil
- systemsetup
- scutil (--dns, --proxy)
- sysctl (what is that kernel PATH?)
- file: /usr/libexec/upsshutdown
- logger
- taskinfo //not intended to be run directly by users
- mg (emacs like)
- locate
- procsystime (dtrace family) (dtrace execsnoop hangs the kernel exec()) because dtrace is actually long removed
- pwd_mkdb
- openssl
- machine
- lsvfs
- lskq (kqueue)
- lsmp
- lwp-download (perl family)
- mdfind mdls mdutil (SpotLight)
- pstopdf,ps2ascii,ps2pdf,etc.
- profiles
- syslog
- zprint
- netstat (does not seem to work very like FreeBSD)
- lsappinfo
- cu(also FreeBSD)
- powermetrics
- what (e.g. PROGRAM:what PROJECT:shell_cmds-302.0.1, PROGRAM:purge PROJECT:system_cmds-970.0.4)
- httpd
- DIR: CRASHREPORTS: ~/Library/Logs/DiagnosticReports/
- asr
- route
- iostat
- hostinfo
- systemstats(8)
- system_profiler
- systemextensionsctl (undocumented but used by sysdiagnose verb : diagnose)
- SafeEjectGPU
- dirs_cleaner
- kextstat
- networksetup (e.g. -getinfo Wi-Fi)
- mtree (also BSD)
- brctl
- symbols
- wait4path
- sdiff (also freebsd)
- hpmdiagnose
- latency
- heap (
heap -addresses allcan dump all heap non-objects content!!! e.g. bash command history is in it!!!) - iperf3-darwin
- say
- memory_pressure : can force set the memory pressture to yellow/red
- mdls
- pbcopy / pbpaste
- ?(recovery) system-override
- bioutil(1) (change TouchID settings, delete fingerprints etc.)
- bputil(1) Utility to precisely modify the security settings on Apple Silicon Macs
- A lot more can be found in sysdiagnose output and log!
- sw_vers (/System/Library/CoreServices/SystemVersion.plist)
- dmc
- xartutil
- psm
- umtool
- afktool
- sample, filtercalltree
- various .app in /System/Library
- nvram
- /System/Library/CoreServices/Applications/*.app
- // don't forget to check the logs like ecleticlight!
- ndp (debug ipv6 neighbor discovery)
- /usr/libexec/ like remotectl dumpstate
- kmutilo
- /System/Library/CoreServices/Applications/Folder Actions Setup.app
- open -R (cannot reveal icloud containers)
- lipo(1) create or operate on universal files
- segedit(1) - extract and replace sections from object files
- dyld_info(1)
- dyld_usage(1)
- systemstats(8)
- /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs_stats
- apfs.util(8)
- /usr/libexec/PlistBuddy (no man page)
- plutil & pl (ascii property list util)
- /usr/sbin/repairHomePermissions
- banner(also BSD)
- (does not work) fuser(also BSD)
- sysadminctl (no man page)
- caffeinate
- tidy(1)
- tsort (also BSD)
- leave (also BSD)
- assetutil
- pagesize
- sc_usage (works)
- vm_stat
- (sonoma) /System/Library//ExtensionKit/Extensions/TrackpadExtension.appex/Contents/Resources/tplog
- dsymutil (can print basically the debug link (to the dSYM compiler produces) in the symtab)
- mdls
- afplay
- ktrace
- tailspin (enable, then shift+ctrl+option+command+,)(like spindump)
- sips (scriptable image processing system)
- hidutil
- dwarfdump
- security (
security authorizationdb read system.privilege.taskportfrom IDA tutorials) - //some utils under CoreServices are codesigned and running them will killed:9 and report code signature invalid. man pages exist, not in PATH.
- /usr/libexec/security-sysdiagnose
- avmediainfo avconvert afinfo ifconvert ifida afplay
- installer(8) install pkg
- appdiagnose util in Safari.app folder
- chflags (like hiding files in GUI finder)
- /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister
- atos(1) – convert numeric addresses to symbols of binary images or processes (symbolication, offset to function name & source line)
- FUNNY HIDDEN OPEN SOURCE TOOL DON'T KNOW WHAT FOR: /usr/lib/system/wordexp-helper
- more binary toolchain: pagestuff(1) vtool(1)
- /usr/libexec/productutil PROGRAM:productutil PROJECT:pkgbuild-830.1