Documentation Index
Fetch the complete documentation index at: https://docs.specterops.io/llms.txt
Use this file to discover all available pages before exploring further.
Summary
This uses AppleEvents to read information about open instances of Apple’s Terminal.app.
The contents flag allows you to see exactly what the user can see at that moment on the screen.
The history flag allows you to see everything that’s in that tab’s scroll history. This can be a lot of information, so keep that in mind.
This function will also give you the window/tab information for each open session and a bunch of other information.
- Needs Admin: False
- Version: 1
- Author: @its_a_feature_
Arguments
level
- Description: How much data to retrive - what’s viewable or all history
- Required Value: True
- Default Value: None
Usage
MITRE ATT&CK Mapping
Detailed Summary
This sends AppleEvents to the Terminal.app to read information about the windows/tabs:
let term = Application("Terminal");
if(term.running()){
let windows = term.windows;
for(let i = 0; i < windows.length; i++){
let win_info = {
"Name": windows[i].name(),
"Visible": windows[i].visible(),
"Frontmost": windows[i].frontmost(),
"tabs": []
};
let all_tabs = [];
// store the windows information in id_win in all_data
all_data["window_" + i] = win_info;
for(let j = 0; j < windows[i].tabs.length; j++){
let tab_info = {
"tab": j,
"Busy": windows[i].tabs[j].busy(),
"Processes": windows[i].tabs[j].processes(),
"Selected": windows[i].tabs[j].selected(),
"TTY": windows[i].tabs[j].tty()
};
if(windows[i].tabs[j].titleDisplaysCustomTitle()){
tab_info["CustomTitle"] = windows[i].tabs[j].customTitle();
}
if(split_params['level'] === 'history'){
tab_info["History"] = windows[i].tabs[j].history();
}
if(split_params['level'] === 'contents'){
tab_info["Contents"] = windows[i].tabs[j].contents();
}
all_tabs.push(tab_info);
}
// store all of the tab information corresponding to that window id at id_tabs
win_info['tabs'] = all_tabs;
}
