Skip to content

Instantly share code, notes, and snippets.

@pwnsdx
Last active Sep 7, 2021
Embed
What would you like to do?
#!/bin/bash
echo "Please wait..."
# Look for suspect files
/usr/bin/find -E /Applications -iregex '.*\.app\/(.*\.DS_Store|Icon.{1})$' > /tmp/.suspectfiles
# Check suspect files
appsCounter=0
while read path; do
pathWithNoCRLF="$(echo -e "${path}" | /usr/bin/tr -d '[\r\n]')"
appName="$(echo -e "${path}" | /usr/bin/sed -e "s/^.*\/\(.*\)\.app.*$/\1/").app"
# Check if the file contains datas
if [ -s "$path" ]
then
appsCounter=$[$appsCounter +1]
echo "[${appName}] Contains hidden datas (see ${pathWithNoCRLF})"
fi
# Check if the file contains a ResourceFork attribute
{
/usr/bin/xattr -pv com.apple.ResourceFork "${path//Icon*//Icon$(printf "\r")}"
result=$?
} &> /dev/null
if [[ $result == 0 ]]
then
appsCounter=$[$appsCounter +1]
echo "[${appName}] Contains a ResourceFork attribute (see ${pathWithNoCRLF})"
fi
done </tmp/.suspectfiles
if [ $appsCounter -eq 0 ]
then
echo "No applications with hidden files/datas found."
fi
# Remove the tmp file
rm -f /tmp/.suspectfiles
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment