Help

Incorporating Knockknock.py functionality into an Extension Attribute

Go to solution
MarkMelaccio
Contributor II
Contributor II

Posted on ‎12-11-2014 07:47 AM

All,

I've been tasked to come up with a quick way to get the same functionality of KnockKnock.py https://github.com/synack/knockknock into an extension attribute.

Knockknock.py is a script that has a "Who's There" output that contains a list of cron jobs, login items, startup items, KeXT files, launchD items, Launch Agents. login/out hooks, and browser extensions. I need a way to get these items into Casper for quick reporting.

In the past, Casper collected the unix binaries but it doesn't seem to gather that in 9. i'm sure with some work, i could use system_profiler to pull this info an EA, but was wondering if anyone had a suggestion on making this work?

I'd rather not push this script out to each device and have it create a local file.

Thoughts?

Labels:
0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
MarkMelaccio
Contributor II
Contributor II

Posted on ‎12-12-2014 10:57 AM

I handed this off to one of my former interns @michaeldornisch, who builds robots on the weekends and once etched a company logo into the metal casing of a USB drive with a laser of his own design and he came up with the following to get this to work. 

#!/bin/sh
cd /tmp
mkdir knockknock
cd knockknock
curl -o k.zip -L https://github.com/synack/knockknock/archive/master.zip; unzip k.zip
cd knockknock-master
echo "<result>$(python knockknock.py -j)</result>"
cd /tmp
rm -rf knockknock

To make it a little more human readable, you can lose the -j in the python command between the results tags.

Don't know if anyone has a need for this, but if you do, here you go.

--M

View solution in original post

0 Kudos
Reply
1 REPLY 1

Go to solution
MarkMelaccio
Contributor II
Contributor II

Posted on ‎12-12-2014 10:57 AM

I handed this off to one of my former interns @michaeldornisch, who builds robots on the weekends and once etched a company logo into the metal casing of a USB drive with a laser of his own design and he came up with the following to get this to work. 

#!/bin/sh
cd /tmp
mkdir knockknock
cd knockknock
curl -o k.zip -L https://github.com/synack/knockknock/archive/master.zip; unzip k.zip
cd knockknock-master
echo "<result>$(python knockknock.py -j)</result>"
cd /tmp
rm -rf knockknock

To make it a little more human readable, you can lose the -j in the python command between the results tags.

Don't know if anyone has a need for this, but if you do, here you go.

--M

0 Kudos
Reply