So the nice thing about having a Mac is that you can get all the power of ‘nix without all the chaos of something that isn’t centrally managed; it’s similar to RedHat in that regard. With it’s BSD underbelly, the Mac has similar commands to gather data about installed software as well as having some Apple provided tools.
Lets start off with pkgutil. This useful command will, among other things, list all installed packages on the system. All Apple provided software is distributed this way, as is some (or most depending on who you ask) third party software.
$ pkgutil --pkgs com.apple.pkg.BaseSystem com.apple.pkg.Essentials com.apple.pkg.BootCamp com.apple.pkg.BSD ...
You can get more information about each installed package with the –pkg-info flag.
$ pkgutil --pkg-info com.apple.pkg.BSD package-id: com.apple.pkg.BSD version: 10.5.0.1.1.1192168948 volume: / location: ./ install-time: 1193695821 groups: com.apple.repair-permissions.pkg-group com.apple.FindSystemFiles.pkg-group
If you’re really crazy, you can get all the possible info about the package with the following command. It throws it into a standard .plist/XML format and is pretty verbose. As a warning, this will generate a LOT of data, even for small packages. You’ve been warned.
$ pkgutil --export-plist com.apple.pkg.BSD <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>groups</key> <array> <string>com.apple.repair-permissions.pkg-group</string> <string>com.apple.FindSystemFiles.pkg-group</string> </array> <key>install-location</key> <string>./</string> ...
There are lots of other useful options with pkgutil. Take a peek at the man page to see them all.
Next up is our good friend system_profiler. While this tool, we can gather information from just about every single installed application, regardless of the type of install, though the information is more limited than pkgutil.
$ system_profiler SPApplicationsDataType | less Applications: Address Book: Version: 4.1.2 Last Modified: 8/5/09 10:03 PM Kind: Universal Get Info String: 4.1, Copyright Apple Inc. 2002-2007 Location: /Applications/Address Book.app Adium: Version: 1.4b17 Last Modified: 3/18/10 10:00 PM Kind: Universal Get Info String: 1.4b17, Copyright 2001-2009 The Adium Team Location: /Applications/Adium.app ...
Piping the output to less will make it a bit easier to read; or you can throw it into a file to read through later if you’re in a hurry. Usually you’ll get the Version, Last Modified date, what kind of app it is, and where it lives. Depending on the application, you may get more or less data; but it’s usually enough to get you started.
This will also list Apple provided applications and user installed applications; it’ll go through the file system alphabetically from /Applications to /Users. For example you may see:
$ system_profiler SPApplicationsDataType
...
SecureDownloadAgent:
Version: 1.1
Last Modified: 6/4/09 1:11 AM
Kind: Universal
Location: /System/Library/CoreServices/VerifiedDownloadAgent.app
Portal:
Version: 1.0
Last Modified: 5/12/10 5:16 PM
Location: /Users/johnsonk/Applications/Portal.app
Hey, it looks like Kevin has Portal installed locally. Good to know. Wonder how’s he’s doing with the rest of the Steam titles…
$ system_profiler SPExtensionsDataType
Extensions:
ACPI_SMC_PlatformPlugin:
Version: 3.4.0
Last Modified: 10/19/06 1:21 AM
Location: /System/Library/Extensions/IOPlatformPluginFamily.kext/Contents/PlugIns/ACPI_SMC_PlatformPlugin.kext
kext Version: 3.4.0a17
Load Address: 0x479a0000
Valid: Yes
Authentic: Yes
Dependencies: Satisfied
Integrity: Kext has no receipt
...
System_profiler can also list loaded kernel extensions (among other things). This can be all sorts of useful in troubleshooting and in pen testing.
Happy package hunting!
This was written in response to the Command Line Kung Fu post here. Check it out for CLI management options for installed applications using cmd.exe, Windows PowerShell and Linux/Unix!