A Casper extension attribute to detect OSX/Keydnap

Transmission Vulnerability.xml

<?xml version="1.0" encoding="UTF-8"?>
<extensionAttribute>
<displayName>Transmission Vulnerability</displayName>
<description>Detects the existence of OSX/Keydnap. Returns "VULNERABLE" if found and "NOT VULNERABLE" if not.</description>
<dataType>string</dataType>
<scriptContentsMac>#!/bin/bash&#13;
&#13;
#################&#13;
### Variables ###&#13;
#################&#13;
&#13;
# Items at the system level to be checked&#13;
systemItems=(&#13;
  /Applications/Transmission.app/Contents/Resources/License.rtf&#13;
  /Volumes/Transmission/Transmission.app/Contents/Resources/License.rtf&#13;
  /Library/Application\ Support/com.apple.iCloud.sync.daemon/&#13;
)&#13;
&#13;
# Items at the user level to be checked&#13;
userItems=(&#13;
  Library/Application\ Support/com.apple.iCloud.sync.daemon/icloudsyncd&#13;
  Library/Application\ Support/com.apple.iCloud.sync.daemon/process.id&#13;
  Library/LaunchAgents/com.apple.iCloud.sync.daemon.plist&#13;
  Library/LaunchAgents/com.geticloud.icloud.photo.plist&#13;
)&#13;
&#13;
#################&#13;
### Functions ###&#13;
#################&#13;
&#13;
function checkItems()&#13;
{&#13;
	declare -a toCheck=("${!1}")&#13;
&#13;
	for item in "${toCheck[@]}"&#13;
		do&#13;
			if [[ ! -z "${2}" ]]&#13;
				then&#13;
					item=("${2}""${item}")&#13;
			fi&#13;
&#13;
			if [ -e "${item}" ]&#13;
				then&#13;
					echo "&lt;result&gt;VULNERABLE&lt;/result&gt;"&#13;
                    exit 0&#13;
			fi&#13;
		done&#13;
}&#13;
&#13;
####################&#13;
### Main Program ###&#13;
####################&#13;
&#13;
# Check system level items&#13;
checkItems systemItems[@]&#13;
&#13;
# Check user level items&#13;
for dirs in /Users/*/&#13;
		do&#13;
			checkItems userItems[@] "${dirs}"&#13;
		done&#13;
&#13;
echo "&lt;result&gt;NOT VULNERABLE&lt;/result&gt;"&#13;
&#13;
exit 0&#13;
</scriptContentsMac>
<scriptContentsWindows/>
</extensionAttribute>