{"id":13584265,"url":"https://github.com/azenla/MacHack","last_synced_at":"2025-04-07T01:31:44.725Z","repository":{"id":44428048,"uuid":"214838075","full_name":"azenla/MacHack","owner":"azenla","description":"Hidden Tools in macOS","archived":false,"fork":false,"pushed_at":"2021-11-15T17:20:45.000Z","size":60,"stargazers_count":691,"open_issues_count":0,"forks_count":62,"subscribers_count":36,"default_branch":"main","last_synced_at":"2025-04-05T03:11:11.830Z","etag":null,"topics":["cli-tools","macos"],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/azenla.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-10-13T14:48:56.000Z","updated_at":"2025-03-26T12:48:29.000Z","dependencies_parsed_at":"2022-09-24T14:12:45.031Z","dependency_job_id":null,"html_url":"https://github.com/azenla/MacHack","commit_stats":null,"previous_names":["kendfinger/machack"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/azenla%2FMacHack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/azenla%2FMacHack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/azenla%2FMacHack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/azenla%2FMacHack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/azenla","download_url":"https://codeload.github.com/azenla/MacHack/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247577988,"owners_count":20961214,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli-tools","macos"],"created_at":"2024-08-01T15:04:07.758Z","updated_at":"2025-04-07T01:31:44.692Z","avatar_url":"https://github.com/azenla.png","language":null,"readme":"# MacHack\n\nA list of built-in tools in macOS that you probably didn't know about.\n\n## Table of Contents\n\n- [MacHack](#machack)\n - [Table of Contents](#table-of-contents)\n - [Commands](#commands)\n - [java_home](#java_home)\n - [dot_clean](#dot_clean)\n - [SafeEjectGPU](#safeejectgpu)\n - [sharing](#sharing)\n - [remotectl](#remotectl)\n - [brctl](#brctl)\n - [sysadminctl](#sysadminctl)\n - [ckksctl](#ckksctl)\n - [otctl](#otctl)\n - [spctl](#spctl)\n - [networksetup](#networksetup)\n - [systemsetup](#systemsetup)\n - [airport](#airport)\n - [AssetCacheLocatorUtil](#assetcachelocatorutil)\n - [AssetCacheManagerUtil](#assetcachemanagerutil)\n - [seedutil](#seedutil)\n - [kmutil](#kmutil)\n - [profiles](#profiles)\n - [bputil](#bputil)\n - [nscurl](#nscurl)\n - [taskinfo](#taskinfo)\n - [taskpolicy](#taskpolicy)\n - [asr](#asr)\n - [shortcuts](#shortcuts)\n - [networkQuality](#networkquality)\n\n## Commands\n\n### java_home\n\nThis tool queries the available Java Virtual Machines from `/Library/Java/JavaVirtualMachines`.\n\n```text\n$ /usr/libexec/java_home --help\nUsage: java_home [options...]\n Returns the path to a Java home directory from the current user's settings.\n\nOptions:\n [-v/--version \u003cversion\u003e] Filter versions (as if JAVA_VERSION had been set in the environment).\n [-a/--arch \u003carchitecture\u003e] Filter architecture (as if JAVA_ARCH had been set in the environment).\n [-F/--failfast] Fail when filters return no JVMs, do not continue with default.\n [ --exec \u003ccommand\u003e ...] Execute the $JAVA_HOME/bin/\u003ccommand\u003e with the remaining arguments.\n [-X/--xml] Print full JVM list and additional data as XML plist.\n [-V/--verbose] Print full JVM list with architectures.\n [-h/--help] This usage information.\n```\n\nAn example usage of this tool:\n\n```text\n$ /usr/libexec/java_home -v 11 -a x86_64\n/Library/Java/JavaVirtualMachines/adoptopenjdk-11.jdk/Contents/Home\n```\n\n### dot_clean\n\nThis is an extremely useful built-in utility to delete all useless dot files that macOS creates, such as ._MyFile.\n\nJust point it at a folder, and it wipes it free of the cruft!\n\n```text\n$ /usr/sbin/dot_clean\nusage: dot_clean [-fmnpsv] [--keep=[mostrecent|dotbar|native]] [directory ...]\n```\n\nAn example usage of the tool:\n\n```text\n$ /usr/sbin/dot_clean /Volumes/Shared/MyFiles\n```\n\n### SafeEjectGPU\n\nThis is a utility for managing GPUs, especially eGPUs. This is what is behind\nthe safe eject functionality of the eGPU in the System UI.\n\nIt is useful for:\n\n- Listing GPUs on the system.\n- Determining what applications are using a particular GPU.\n- Ejecting an eGPU safely.\n- Launching an application on a specific GPU.\n- Switching an application from one GPU to another.\n\n```text\n$ /usr/bin/SafeEjectGPU\nusage: SafeEjectGPU [Commands...]\n Commands:\n gpuid \u003cgpuid\u003e # specify gpuid of following commands\n gpuids \u003cgpuid1\u003e,\u003cgpuid2\u003e,... # specify list of gpuids for RelaunchPIDOnGPU command\n gpus # show all GPUs and their applicable properties\n apps # show all Apps on specified gpuid\n status # show status of all specified gpuid\n Eject # Eject (full eject sequence) on specified gpuid\n Initiate # Initiate eject sequence on specified gpuid\n Relaunch # Relaunch lingering AppKit apps on specified gpuid\n Finalize # Finalize eject sequence on specified gpuid\n Cancel # Cancel eject sequence on specified gpuid\n RelaunchPID \u003cpid\u003e # RelaunchPID can be used in app testing to send Relaunch stimulus in isolation\n RelaunchPIDOnGPU \u003cpid\u003e # Send Relaunch stimulus to an app with set of limited GPUs to select from, use gpuids\n LaunchOnGPU \u003cpath\u003e # Launch an app from given bundle path with set of limited GPUs, use gpuids\n zombies # show all zombies (apps holding reference to unplugged eGPU)\n zcount # show count of (unhidden) zombies\n Zkill # kill zombies\n Zrelaunch # relaunch zombies\n +fallbackGPUEjectPolicy # allow builtin fallbacks to take effect (default)\n -fallbackGPUEjectPolicy # deny builtin fallbacks\n\n Notes:\n Unspecified gpuid (==0) indicates all \"removable\" GPUs\n Capitalized commands may have system-wide effects\n Non-capitalized commands are informative only\n See description of Info.plist \"SafeEjectGPUPolicy\" key. Use values:\n \"ignore\", \"wait\", \"relaunch\", or \"kill\" for per-app policy\n +/-fallbackGPUEjectPolicy can appear multiple times on the commandline and applies to following commands\n```\n\nExample of the `gpus` command:\n\n```text\n$ /usr/bin/SafeEjectGPU gpus\ngpus\n2020-12-27 15:30:35.949 SafeEjectGPU[55941:9041424] Device PreExisted [00000001000008b2] AMD Radeon RX 570\n2020-12-27 15:30:35.949 SafeEjectGPU[55941:9041424] Device PreExisted [00000001000008b5] AMD Radeon Pro 560X\n2020-12-27 15:30:35.949 SafeEjectGPU[55941:9041424] Device PreExisted [0000000100000876] Intel(R) UHD Graphics 630\ngpuid 0x56ce - Intel® UHD Graphics 630\n registryID=0x0000000100000876 integrated\n location - BuiltIn\n locationNumber - 0\n maxTransferRate - 0\ngpuid 0x9f05 - AMD Radeon Pro 560X\n registryID=0x00000001000008b5 discrete\n location - BuiltIn\n locationNumber - 1\n maxTransferRate - 0\ngpuid 0x5d0e - AMD Radeon RX 570\n registryID=0x00000001000008b2 removable\n Razer Core X - enclosureRegistryID=0x0000000100000472\n location - External\n locationNumber - 1\n maxTransferRate - 5000000000\n```\n\n### sharing\n\nThis command gives information about File Sharing. It should look similar to the File Sharing section in the Sharing preference pane.\n\n```bash\n$ /usr/sbin/sharing\nUsage:\nsharing -a \u003cpath\u003e [options] : create a sharepoint for directory specified by path \u003cpath\u003e\nsharing -e \u003cname\u003e [options] : edit sharepoint named \u003cname\u003e\nsharing -r \u003cname\u003e : remove sharepoint with name \u003cname\u003e\nsharing -l [-f json] : list existing sharepoints\n\noptions:\n -A \u003cname\u003e :use share point name \u003cname\u003e for afp. Obsolete but left in for backwards compatibility.\n -F \u003cname\u003e :use share point name \u003cname\u003e for ftp. Obsolete but left in for backwards compatibility.\n -S \u003cname\u003e :use share point name \u003cname\u003e for smb.\n -s [\u003cflags\u003e] :enable sharing, restricted by flags if specified;\n flags = 000,001,010 ...111; 1 = share, 0 = do not share;\n with digits indicating afp (no longer supported), ftp (no longer supported) and smb in that order;\n default is 001 if -s is specified with no flags.\n -g [\u003cflags\u003e] :enable guest access, restricted by flags if specified;\n flags = 000,001,010 ...111; 1 = enabled, 0 = disabled;\n with digits indicating afp (no longer supported), ftp (no longer supported) and smb in that order;\n default 001 if -g is specified with no flags.\n -i [\u003cflags\u003e] :enable inherit privileges from parent (afp only). Obsolete but left in for backwards compatibility.\n -n \u003cname\u003e :set record name to use (by default this is the directory name of the shared directory)\n -R \u003c0/1\u003e :make share read only for smb. 1 is enable, 0 is disable.\n -E \u003c0/1\u003e :make share encrypted for smb v3 and later. 1 is enable, 0 is disable.\n -f \u003cformat\u003e :when listing shares, outputs in specified format. Formats supported: json\n```\n\n### remotectl\n\nThe Apple T2 security chip (a built-in ARM chip in newer Intel Mac models) communicates with your system with a modified HTTP/2 protocol. There is also a command-line interface for various functions of the chip.\nNote that this chip is merged with the Apple Silicon chips, and remotectl is no longer used on Apple Silicon Macs.\n\n```text\n$ /usr/libexec/remotectl\nusage: remotectl list\nusage: remotectl show (name|uuid)\nusage: remotectl get-property (name|uuid) [service] property\nusage: remotectl dumpstate\nusage: remotectl browse\nusage: remotectl echo [-v service_version] [-d (name|uuid)]\nusage: remotectl echo-file (name|uuid) path\nusage: remotectl eos-echo\nusage: remotectl netcat (name|uuid) service\nusage: remotectl relay (name|uuid) service\nusage: remotectl loopback (attach|connect|detach|suspend|resume)\nusage: remotectl bonjour ((enable|enable-loopback interface_name)|(disable))\nusage: remotectl convert-bridge-version plist-in-path bin-out-path\nusage: remotectl heartbeat (name|uuid)\nusage: remotectl trampoline [-2 fd] service_name command args ... [ -- [-2 fd] service_name command args ... ]\n```\n\nExample of the `list` command:\n\n```text\n$ /usr/libexec/remotectl list\nMY_UUID localbridge iBridge2,3 J680AP 5.1 (18P3030/18.16.13030.0.0,0) -\n```\n\nExample of the `show` command:\n\n```text\n$ /usr/libexec/remotectl show MY_UUID\nFound localbridge (bridge)\n State: connected (connectable)\n UUID: MY_UUID\n Product Type: iBridge2,3\n OS Build: 5.1 (18P3030)\n Messaging Protocol Version: 2\n Heartbeat:\n Last successful heartbeat sent 8.825s ago, received 8.822s ago (took 0.003s)\n 64402 heartbeats sent, 0 received\n Properties: {\n AppleInternal =\u003e false\n CPUArchitecture =\u003e arm64\n ChipID =\u003e 32786\n EffectiveProductionStatusSEP =\u003e true\n HWModel =\u003e J680AP\n HasSEP =\u003e true\n LocationID =\u003e MY_LOCATION_ID\n IsUIBuild =\u003e true\n RegionInfo =\u003e LL/A\n DeviceSupportsLockdown =\u003e false\n EffectiveSecurityModeAp =\u003e true\n SigningFuse =\u003e true\n BuildVersion =\u003e 18P3030\n OSVersion =\u003e 5.1\n BridgeVersion =\u003e 18.16.13030.0.0,0\n SensitivePropertiesVisible =\u003e true\n BoardRevision =\u003e 1\n Image4CryptoHashMethod =\u003e sha2-384\n ProductType =\u003e iBridge2,3\n SerialNumber =\u003e MY_SERIAL_NUMBER\n BootSessionUUID =\u003e MY_BOOT_SESSION_ID\n BoardId =\u003e 11\n DeviceColor =\u003e black\n EffectiveProductionStatusAp =\u003e true\n EffectiveSecurityModeSEP =\u003e true\n UniqueChipID =\u003e MY_UNIQUE_CHIP_ID\n UniqueDeviceID =\u003e MY_UNIQUE_DEVICE_ID\n RemoteXPCVersionFlags =\u003e MY_XPC_VERSION_FLAGS\n CertificateProductionStatus =\u003e true\n CertificateSecurityMode =\u003e true\n DeviceEnclosureColor =\u003e black\n ModelNumber =\u003e Z0V16LL/A\n RegionCode =\u003e LL\n SecurityDomain =\u003e 1\n OSInstallEnvironment =\u003e false\n InterfaceIndex =\u003e 4\n HardwarePlatform =\u003e t8012\n Image4Supported =\u003e true\n }\n Services:\n com.apple.nfcd.relay.uart\n com.apple.bridgeOSUpdated\n com.apple.videoprocessingd.encode.remote\n com.apple.corespeech.xpc.remote.record\n com.apple.bootpolicyd.remote.internal\n com.apple.icloud.findmydeviced.bridge\n com.apple.xpc.remote.mobile_obliteration\n com.apple.bootpolicyd.remote\n com.apple.eos.BiometricKit\n com.apple.osanalytics.logTransfer\n com.apple.internal.xpc.remote.kext_audit\n com.apple.xpc.remote.multiboot\n com.apple.powerchime.remote\n com.apple.aveservice\n com.apple.recoverylogd.bridge\n com.apple.sysdiagnose.stackshot.remote\n com.apple.corespeech.xpc.remote.control\n com.apple.RestoreRemoteServices.restoreserviced\n com.apple.corecaptured.remoteservice\n com.apple.nfcd.relay.control\n com.apple.mobileactivationd.bridge\n com.apple.sysdiagnose.remote\n com.apple.CoreKDL.remoteXPC\n com.apple.eos.LASecureIO\n com.apple.multiverse.remote.bridgetime\n com.apple.lskdd\n com.apple.private.avvc.xpc.remote\n```\n\n### brctl\n\nThis is a utility related to \"CloudDocs\", also know as iCloud Drive.\n\n```text\n$ /usr/bin/brctl\nUsage: brctl \u003ccommand\u003e [command-options and arguments]\n\n -h,--help show this help\n\nCOMMANDS\n\ndiagnose [options] [--doc|-d \u003cdocument-path\u003e] [\u003cdiagnosis-output-path\u003e]\n diagnose and collect logs\n\n -M,--collect-mobile-documents[=\u003ccontainer\u003e] (default: all containers)\n -s,--sysdiagnose Do not collect what's already part of sysdiagnose\n -t,--uitest Collect logs for UI tests\n -n,--name=\u003cname\u003e Change the device name\n -f,--full Do a full diagnose, including server checks\n -d,--doc=\u003cdocument-path\u003e\n Collect additional information about the document at that path.\n Helps when investigating an issue impacting a specific document.\n -e,--no-reveal Do not reveal diagnose in the Finder when done\n [\u003cdiagnosis-output-path\u003e]\n Specifies the output path of the diagnosis; -n becomes useless.\n\nlog [options] [\u003ccommand\u003e]\n\n -a,--all Show all system logs\n -p,--predicate Additional predicate (see `log help predicates`)\n -x,--process \u003cname\u003e Filter events from the specified process\n -d,--path=\u003clogs-dir\u003e Use \u003clogs-dir\u003e instead of default\n -S,--start=\"YYYY-MM-DD HH:MM:SS\" Start log dump from a specified date\n -E,--end=\"YYYY-MM-DD HH:MM:SS\" Stop log dump after a specified date\n -b     Only show CloudDocs logs\n -f     Only show FileProvider related logs\n -F Only show FruitBasket related logs\n -g     Only show Genstore related logs\n -i Only show SQL and CloudDocs logs\n -z,--local-timezone Display timestamps within local timezone\n\ndump [options] [\u003ccontainer\u003e]\n dump the CloudDocs database\n\n -o,--output=\u003cfile-path\u003e\n redirect output to \u003cfile-path\u003e\n -d,--database-path=\u003cdb-path\u003e\n Use the database at \u003cdb-path\u003e\n -i,--itemless\n Don't dump items from the db\n -u,--upgrade\n Upgrade the db if necessary before dumping\n\n [\u003ccontainer\u003e] the container to be dumped\n\nstatus [\u003ccontainers\u003e]\n Prints items which haven't been completely synced up / applied to disk\n\n [\u003ccontainer\u003e] the container to be dumped\n\nquota\n Displays the available quota in the account\n\nmonitor [options] [\u003ccontainer\u003e ...]\n monitor activity\n -g dump global activity of the iCloud Drive\n -i dump changes incrementally\n -S,--scope=\u003cscope\u003e\n restrict the NSMetadataQuery scope to docs, data, external or a combination\n\n [\u003ccontainer\u003e ...] list of containers to monitor, ignored when -g is used\n```\n\nA pretty cool command here is a utility to get the quota left on your iCloud Drive:\n\n```text\n$ /usr/bin/brctl quota\n2098962726220 bytes of quota remaining\n```\n\n### sysadminctl\n\nBasically an all around useful tool for managing users, as well as manage full-disk encryption (FileVault).\n\n```text\n$ /usr/sbin/sysadminctl\nUsage: sysadminctl\n -deleteUser \u003cuser name\u003e [-secure || -keepHome] (interactive || -adminUser \u003cadministrator user name\u003e -adminPassword \u003cadministrator password\u003e)\n -newPassword \u003cnew password\u003e -oldPassword \u003cold password\u003e [-passwordHint \u003cpassword hint\u003e]\n -resetPasswordFor \u003clocal user name\u003e -newPassword \u003cnew password\u003e [-passwordHint \u003cpassword hint\u003e] (interactive] || -adminUser \u003cadministrator user name\u003e -adminPassword \u003cadministrator password\u003e)\n -addUser \u003cuser name\u003e [-fullName \u003cfull name\u003e] [-UID \u003cuser ID\u003e] [-GID \u003cgroup ID\u003e] [-shell \u003cpath to shell\u003e] [-password \u003cuser password\u003e] [-hint \u003cuser hint\u003e] [-home \u003cfull path to home\u003e] [-admin] [-roleAccount] [-picture \u003cfull path to user image\u003e] (interactive] || -adminUser \u003cadministrator user name\u003e -adminPassword \u003cadministrator password\u003e)\n -secureTokenStatus \u003cuser name\u003e\n -secureTokenOn \u003cuser name\u003e -password \u003cpassword\u003e (interactive || -adminUser \u003cadministrator user name\u003e -adminPassword \u003cadministrator password\u003e)\n -secureTokenOff \u003cuser name\u003e -password \u003cpassword\u003e (interactive || -adminUser \u003cadministrator user name\u003e -adminPassword \u003cadministrator password\u003e)\n -guestAccount \u003con || off || status\u003e\n -afpGuestAccess \u003con || off || status\u003e\n -smbGuestAccess \u003con || off || status\u003e\n -automaticTime \u003con || off || status\u003e\n -filesystem status\n -screenLock \u003cstatus || immediate || off || seconds\u003e -password \u003cpassword\u003e\n\nPass '-' instead of password in commands above to request prompt.\n'-adminPassword' used mostly for scripted operation. Use '-' or 'interactive' to get the authentication string interactively. This preferred for security reasons\n\n *Role accounts require name starting with _ and UID in 200-400 range.\n```\n\nA pretty useful command in this tool is to check if FileVault is enabled:\n\n```text\n$ sudo sysadminctl -filesystem status\n2019-10-13 10:16:41.266 sysadminctl[61797:3404423] Boot volume CS FDE: NO\n2019-10-13 10:16:41.298 sysadminctl[61797:3404423] Boot volume APFS FDE: YES\n```\n\n### ckksctl\n\nCloudKit controls, probably useful for some advanced users.\n\n```text\n$ /usr/sbin/ckksctl\nusage: ckksctl [-p] [-j] [-s] [-v arg] [status] [fetch] [push] [resync] [reset] [reset-cloudkit] [ckmetric]\n\nControl and report on CKKS\n\npositional arguments:\n\noptional arguments:\n -p, --perfcounters Print CKKS performance counters\n -j, --json Output in JSON format\n -s, --short Output a short format\n -v arg, --view arg Operate on a single view\n\noptional commands:\n status Report status on CKKS views\n fetch Fetch all new changes in CloudKit and attempt to process them\n push Push all pending local changes to CloudKit\n resync Resync all data with what's in CloudKit\n reset All local data will be wiped, and data refetched from CloudKit\n reset-cloudkit All data in CloudKit will be removed and replaced with what's local\n ckmetric Push CloudKit metric\n```\n\n### otctl\n\nThis is the Octagon Trust utility. It's a pretty neat view of the underlying trust network being used by your Apple Devices.\n\n```text\n$ /usr/sbin/otctl\nusage: otctl [-s arg] [-e arg] [-r arg] [-j] [-i arg] [-E] [-P] [--altDSID arg] [--entropy arg] [--appleID arg] [--dsid arg] [--container arg] [--radar arg] [start] [sign-in] [sign-out] [status] [resetoctagon] [resetProtectedData] [user-controllable-views] [allBottles] [recover] [depart] [er-trigger] [er-status] [er-reset] [er-store] [health] [ckks-policy] [taptoradar] [fetchEscrowRecords] [fetchAllEscrowRecords] [recover-record] [recover-record-silent]\n\nControl and report on Octagon Trust\n\npositional arguments:\n\noptional arguments:\n -s arg, --secret arg escrow secret\n -e arg, --bottleID arg bottle record id\n -r arg, --skipRateLimiting arg enter values YES or NO, option defaults to NO, This gives you the opportunity to skip the rate limiting check when performing the cuttlefish health check\n -j, --json Output in JSON\n -i arg, --recordID arg recordID\n -E, --enable Enable something (pair with a modification command)\n -P, --pause Pause something (pair with a modification command)\n --altDSID arg altDSID (for sign-in/out)\n --entropy arg escrowed entropy in JSON\n --appleID arg AppleID\n --dsid arg DSID\n --container arg CloudKit container name\n --radar arg Radar number\n\noptional commands:\n start Start Octagon state machine\n sign-in Inform Cuttlefish container of sign in\n sign-out Inform Cuttlefish container of sign out\n status Report Octagon status\n resetoctagon Reset and establish new Octagon trust\n resetProtectedData Reset ProtectedData\n user-controllable-views Modify or view user-controllable views status (If one of --enable or --pause is passed, will modify status)\n allBottles Fetch all viable bottles\n recover Recover using this bottle\n depart Depart from Octagon Trust\n er-trigger Trigger an Escrow Request request\n er-status Report status on any pending Escrow Request requests\n er-reset Delete all Escrow Request requests\n er-store Store any pending Escrow Request prerecords\n health Check Octagon Health status\n ckks-policy Trigger a refetch of the CKKS policy\n taptoradar Trigger a TapToRadar\n fetchEscrowRecords Fetch Escrow Records\n fetchAllEscrowRecords Fetch All Escrow Records\n recover-record Recover record\n recover-record-silent Silent record recovery\n```\n\nRun the following command to list your peers:\n\n```text\n$ /usr/sbin/otctl status\n... Lots of Useful Output ...\n```\n\n### spctl\n\nThis is the System Policy management utility. You can enable and disable Gatekeeper and other code-signing features this way.\n\n```text\n$ /usr/sbin/spctl\nSystem Policy Basic Usage:\n spctl --assess [--type type] [-v] path ... # assessment\n spctl --add [--type type] [--path|--requirement|--anchor|--hash] spec ... # add rule(s)\n spctl [--enable|--disable|--remove] [--type type] [--path|--requirement|--anchor|--hash|--rule] spec # change rule(s)\n spctl --status | --master-enable | --master-disable # system master switch\n\nDeveloper Mode Usage:\n spctl developer-mode \u003caction\u003e\n enable-terminal\n Add Terminal as a developer tool.\nKernel Extension User Consent Usage:\n spctl kext-consent \u003caction\u003e ** Modifications only available in Recovery OS **\n status\n Print whether kernel extension user consent is enabled or disabled.\n enable\n Enable requiring user consent for kernel extensions.\n disable\n Disable requiring user consent for kernel extensions.\n add \u003cteam-id\u003e\n Insert a new Team Identifier into the list allowed to load kernel extensions without user consent.\n list\n Print the list of Team Identifiers allowed to load without user consent.\n remove \u003cteam-id\u003e\n Remove a Team Identifier from the list allowed to load kernel extensions without user consent.\n```\n\nA useful command is to view the status of the system policy assesments:\n\n```text\n$ /usr/sbin/spctl --status\nassessments enabled\n```\n\n### networksetup\n\nNetwork setup is pretty much everything network-related minus some wireless stuff.\n\n```text\n$ /usr/sbin/networksetup\nnetworksetup Help Information\n-------------------------------\nUsage: networksetup -listnetworkserviceorder\n Display services with corresponding port and device in order they are tried for connecting\n to a network. An asterisk (*) denotes that a service is disabled.\n\nUsage: networksetup -listallnetworkservices\n Display list of services. An asterisk (*) denotes that a network service is disabled.\n\nUsage: networksetup -listallhardwareports\n Display list of hardware ports with corresponding device name and ethernet address.\n\nUsage: networksetup -detectnewhardware\n Detect new network hardware and create a default network service on the hardware.\n\nUsage: networksetup -getmacaddress \u003chardwareport or device name\u003e\n Display ethernet (or Wi-Fi) address for hardwareport or device specified.\n\nUsage: networksetup -getcomputername\n Display the computer name.\n\nUsage: networksetup -setcomputername \u003cname\u003e\n Set the computer's name (if valid) to \u003cname\u003e.\n\nUsage: networksetup -getinfo \u003cnetworkservice\u003e\n Display IPv4 address, IPv6 address, subnet mask,\n router address, ethernet address for \u003cnetworkservice\u003e.\n\nUsage: networksetup -setmanual \u003cnetworkservice\u003e \u003cip\u003e \u003csubnet\u003e \u003crouter\u003e\n Set the \u003cnetworkservice\u003e TCP/IP configuration to manual with IP address set to ip,\n Subnet Mask set to subnet, and Router address set to router.\n\nUsage: networksetup -setdhcp \u003cnetworkservice\u003e [clientid]\n Set the \u003cnetworkservice\u003e TCP/IP configuration to DHCP. You can set the\n DHCP client id to the optional [clientid]. Specify \"Empty\" for [clientid]\n to clear the DHCP client id.\n\nUsage: networksetup -setbootp \u003cnetworkservice\u003e\n Set the \u003cnetworkservice\u003e TCP/IP configuration to BOOTP.\n\nUsage: networksetup -setmanualwithdhcprouter \u003cnetworkservice\u003e \u003cip\u003e\n Set the \u003cnetworkservice\u003e TCP/IP configuration to manual with DHCP router with IP address set\n to ip.\n\nUsage: networksetup -getadditionalroutes \u003cnetworkservice\u003e\n Get additional IPv4 routes associated with \u003cnetworkservice\u003e\nUsage: networksetup -setadditionalroutes \u003cnetworkservice\u003e [ \u003cdest\u003e \u003cmask\u003e \u003cgateway\u003e ]*\n Set additional IPv4 routes associated with \u003cnetworkservice\u003e\n by specifying one or more [ \u003cdest\u003e \u003cmask\u003e \u003cgateway\u003e ] tuples.\n Remove additional routes by specifying no arguments.\n If \u003cgateway\u003e is \"\", the route is direct to the interface\nUsage: networksetup -setv4off \u003cnetworkservice\u003e\n Turn IPv4 off on \u003cnetworkservice\u003e.\n\nUsage: networksetup -setv6off \u003cnetworkservice\u003e\n Turn IPv6 off on \u003cnetworkservice\u003e.\n\nUsage: networksetup -setv6automatic \u003cnetworkservice\u003e\n Set the service to get its IPv6 info automatically.\n\nUsage: networksetup -setv6LinkLocal \u003cnetworkservice\u003e\n Set the service to use its IPv6 only for link local.\n\nUsage: networksetup -setv6manual \u003cnetworkservice\u003e \u003caddress\u003e \u003cprefixlength\u003e \u003crouter\u003e\n Set the service to get its IPv6 info manually.\n Specify \u003caddress\u003e \u003cprefixLength\u003e and \u003crouter\u003e.\n\nUsage: networksetup -getv6additionalroutes \u003cnetworkservice\u003e\n Get additional IPv6 routes associated with \u003cnetworkservice\u003e\nUsage: networksetup -setv6additionalroutes \u003cnetworkservice\u003e [ \u003cdest\u003e \u003cprefixlength\u003e \u003cgateway\u003e ]*\n Set additional IPv6 routes associated with \u003cnetworkservice\u003e\n by specifying one or more [ \u003cdest\u003e \u003cprefixlength\u003e \u003cgateway\u003e ] tuples.\n Remove additional routes by specifying no arguments.\n If \u003cgateway\u003e is \"\", the route is direct to the interface\nUsage: networksetup -getdnsservers \u003cnetworkservice\u003e\n Display DNS info for \u003cnetworkservice\u003e.\n\nUsage: networksetup -setdnsservers \u003cnetworkservice\u003e \u003cdns1\u003e [dns2] [...]\n Set the \u003cnetworkservice\u003e DNS servers to \u003cdns1\u003e [dns2] [...]. Any number of dns servers can be\n specified. Specify \"Empty\" for \u003cdns1\u003e to clear all DNS entries.\n\nUsage: networksetup -getsearchdomains \u003cnetworkservice\u003e\n Display Domain Name info for \u003cnetworkservice\u003e.\n\nUsage: networksetup -setsearchdomains \u003cnetworkservice\u003e \u003cdomain1\u003e [domain2] [...]\n Set the \u003cnetworkservice\u003e Domain Name servers to \u003cdomain1\u003e [domain2] [...]. Any number of Domain Name\n servers can be specified. Specify \"Empty\" for \u003cdomain1\u003e to clear all Domain Name entries.\n\nUsage: networksetup -create6to4service \u003cnewnetworkservicename\u003e\n Create a 6 to 4 service with name \u003cnewnetworkservicename\u003e.\n\nUsage: networksetup -set6to4automatic \u003cnetworkservice\u003e\n Set the service to get its 6 to 4 info automatically.\n\nUsage: networksetup -set6to4manual \u003cnetworkservice\u003e \u003crelayaddress\u003e\n Set the service to get its 6 to 4 info manually.\n Specify \u003crelayaddress\u003e for the relay address.\n\nUsage: networksetup -getftpproxy \u003cnetworkservice\u003e\n Display FTP proxy (server, port, enabled value) info for \u003cnetworkservice\u003e.\n\nUsage: networksetup -setftpproxy \u003cnetworkservice\u003e \u003cdomain\u003e \u003cport number\u003e \u003cauthenticated\u003e \u003cusername\u003e \u003cpassword\u003e\n Set FTP proxy for \u003cnetworkservice\u003e with \u003cdomain\u003e and \u003cport number\u003e. Turns proxy on. Optionally, specify \u003con\u003e or \u003coff\u003e for \u003cauthenticated\u003e to enable and disable authenticated proxy support. Specify \u003cusername\u003e and \u003cpassword\u003e if you turn authenticated proxy support on.\n\nUsage: networksetup -setftpproxystate \u003cnetworkservice\u003e \u003con off\u003e\n Set FTP proxy to either \u003con\u003e or \u003coff\u003e.\n\nUsage: networksetup -getwebproxy \u003cnetworkservice\u003e\n Display Web proxy (server, port, enabled value) info for \u003cnetworkservice\u003e.\n\nUsage: networksetup -setwebproxy \u003cnetworkservice\u003e \u003cdomain\u003e \u003cport number\u003e \u003cauthenticated\u003e \u003cusername\u003e \u003cpassword\u003e\n Set Web proxy for \u003cnetworkservice\u003e with \u003cdomain\u003e and \u003cport number\u003e. Turns proxy on. Optionally, specify \u003con\u003e or \u003coff\u003e for \u003cauthenticated\u003e to enable and disable authenticated proxy support. Specify \u003cusername\u003e and \u003cpassword\u003e if you turn authenticated proxy support on.\n\nUsage: networksetup -setwebproxystate \u003cnetworkservice\u003e \u003con off\u003e\n Set Web proxy to either \u003con\u003e or \u003coff\u003e.\n\nUsage: networksetup -getsecurewebproxy \u003cnetworkservice\u003e\n Display Secure Web proxy (server, port, enabled value) info for \u003cnetworkservice\u003e.\n\nUsage: networksetup -setsecurewebproxy \u003cnetworkservice\u003e \u003cdomain\u003e \u003cport number\u003e \u003cauthenticated\u003e \u003cusername\u003e \u003cpassword\u003e\n Set Secure Web proxy for \u003cnetworkservice\u003e with \u003cdomain\u003e and \u003cport number\u003e. Turns proxy on. Optionally, specify \u003con\u003e or \u003coff\u003e for \u003cauthenticated\u003e to enable and disable authenticated proxy support. Specify \u003cusername\u003e and \u003cpassword\u003e if you turn authenticated proxy support on.\n\nUsage: networksetup -setsecurewebproxystate \u003cnetworkservice\u003e \u003con off\u003e\n Set SecureWeb proxy to either \u003con\u003e or \u003coff\u003e.\n\nUsage: networksetup -getstreamingproxy \u003cnetworkservice\u003e\n Display Streaming proxy (server, port, enabled value) info for \u003cnetworkservice\u003e.\n\nUsage: networksetup -setstreamingproxy \u003cnetworkservice\u003e \u003cdomain\u003e \u003cport number\u003e \u003cauthenticated\u003e \u003cusername\u003e \u003cpassword\u003e\n Set Streaming proxy for \u003cnetworkservice\u003e with \u003cdomain\u003e and \u003cport number\u003e. Turns proxy on. Optionally, specify \u003con\u003e or \u003coff\u003e for \u003cauthenticated\u003e to enable and disable authenticated proxy support. Specify \u003cusername\u003e and \u003cpassword\u003e if you turn authenticated proxy support on.\n\nUsage: networksetup -setstreamingproxystate \u003cnetworkservice\u003e \u003con off\u003e\n Set Streaming proxy to either \u003con\u003e or \u003coff\u003e.\n\nUsage: networksetup -getgopherproxy \u003cnetworkservice\u003e\n Display Gopher proxy (server, port, enabled value) info for \u003cnetworkservice\u003e.\n\nUsage: networksetup -setgopherproxy \u003cnetworkservice\u003e \u003cdomain\u003e \u003cport number\u003e \u003cauthenticated\u003e \u003cusername\u003e \u003cpassword\u003e\n Set Gopher proxy for \u003cnetworkservice\u003e with \u003cdomain\u003e and \u003cport number\u003e. Turns proxy on. Optionally, specify \u003con\u003e or \u003coff\u003e for \u003cauthenticated\u003e to enable and disable authenticated proxy support. Specify \u003cusername\u003e and \u003cpassword\u003e if you turn authenticated proxy support on.\n\nUsage: networksetup -setgopherproxystate \u003cnetworkservice\u003e \u003con off\u003e\n Set Gopher proxy to either \u003con\u003e or \u003coff\u003e.\n\nUsage: networksetup -getsocksfirewallproxy \u003cnetworkservice\u003e\n Display SOCKS Firewall proxy (server, port, enabled value) info for \u003cnetworkservice\u003e.\n\nUsage: networksetup -setsocksfirewallproxy \u003cnetworkservice\u003e \u003cdomain\u003e \u003cport number\u003e \u003cauthenticated\u003e \u003cusername\u003e \u003cpassword\u003e\n Set SOCKS Firewall proxy for \u003cnetworkservice\u003e with \u003cdomain\u003e and \u003cport number\u003e. Turns proxy on. Optionally, specify \u003con\u003e or \u003coff\u003e for \u003cauthenticated\u003e to enable and disable authenticated proxy support. Specify \u003cusername\u003e and \u003cpassword\u003e if you turn authenticated proxy support on.\n\nUsage: networksetup -setsocksfirewallproxystate \u003cnetworkservice\u003e \u003con off\u003e\n Set SOCKS Firewall proxy to either \u003con\u003e or \u003coff\u003e.\n\nUsage: networksetup -getproxybypassdomains \u003cnetworkservice\u003e\n Display Bypass Domain Names for \u003cnetworkservice\u003e.\n\nUsage: networksetup -setproxybypassdomains \u003cnetworkservice\u003e \u003cdomain1\u003e [domain2] [...]\n Set the Bypass Domain Name Servers for \u003cnetworkservice\u003e to \u003cdomain1\u003e [domain2] [...]. Any number of\n Domain Name servers can be specified. Specify \"Empty\" for \u003cdomain1\u003e to clear all\n Domain Name entries.\n\nUsage: networksetup -getproxyautodiscovery \u003cnetworkservice\u003e\n Display whether Proxy Auto Discover is on or off for \u003cnetwork service\u003e.\n\nUsage: networksetup -setproxyautodiscovery \u003cnetworkservice\u003e \u003con off\u003e\n Set Proxy Auto Discovery to either \u003con\u003e or \u003coff\u003e.\n\nUsage: networksetup -getpassiveftp \u003cnetworkservice\u003e\n Display whether Passive FTP is on or off for \u003cnetworkservice\u003e.\n\nUsage: networksetup -setpassiveftp \u003cnetworkservice\u003e \u003con off\u003e\n Set Passive FTP to either \u003con\u003e or \u003coff\u003e.\n\nUsage: networksetup -setautoproxyurl \u003cnetworkservice\u003e \u003curl\u003e\n Set proxy auto-config to url for \u003cnetworkservice\u003e and enable it.\n\nUsage: networksetup -getautoproxyurl \u003cnetworkservice\u003e\n Display proxy auto-config (url, enabled) info for \u003cnetworkservice\u003e.\n\nUsage: networksetup -setautoproxystate \u003cnetworkservice\u003e \u003con off\u003e\n Set proxy auto-config to either \u003con\u003e or \u003coff\u003e.\n\nUsage: networksetup -getairportnetwork \u003cdevice name\u003e\n Display current Wi-Fi Network for \u003cdevice name\u003e.\n\nUsage: networksetup -setairportnetwork \u003cdevice name\u003e \u003cnetwork\u003e [password]\n Set Wi-Fi Network to \u003cnetwork\u003e for \u003cdevice name\u003e.\n If a password is included, it gets stored in the keychain.\n\nUsage: networksetup -getairportpower \u003cdevice name\u003e\n Display whether Wi-Fi power is on or off for \u003cdevice name\u003e.\n\nUsage: networksetup -setairportpower \u003cdevice name\u003e \u003con off\u003e\n Set Wi-Fi power for \u003cdevice name\u003e to either \u003con\u003e or \u003coff\u003e.\n\nUsage: networksetup -listpreferredwirelessnetworks \u003cdevice name\u003e\n List the preferred wireless networks for \u003cdevice name\u003e.\n\nUsage: networksetup -addpreferredwirelessnetworkatindex \u003cdevice name\u003e \u003cnetwork\u003e \u003cindex\u003e \u003csecurity type\u003e [password]\n Add wireless network named \u003cnetwork\u003e to preferred list for \u003cdevice name\u003e at \u003cindex\u003e.\n For security type, use OPEN for none, WPA for WPA Personal, WPAE for WPA Enterprise,\n WPA2 for WPA2 Personal, WPA2E for WPA2 Enterprise, WEP for plain WEP, and 8021XWEP for 802.1X WEP.\n If a password is included, it gets stored in the keychain.\n\nUsage: networksetup -removepreferredwirelessnetwork \u003cdevice name\u003e \u003cnetwork\u003e\n Remove \u003cnetwork\u003e from the preferred wireless network list for \u003cdevice name\u003e.\n\nUsage: networksetup -removeallpreferredwirelessnetworks \u003cdevice name\u003e\n Remove all networks from the preferred wireless network list for \u003cdevice name\u003e.\n\nUsage: networksetup -getnetworkserviceenabled \u003cnetworkservice\u003e\n Display whether a service is on or off (enabled or disabled).\n\nUsage: networksetup -setnetworkserviceenabled \u003cnetworkservice\u003e \u003con off\u003e\n Set \u003cnetworkservice\u003e to either \u003con\u003e or \u003coff\u003e (enabled or disabled).\n\nUsage: networksetup -createnetworkservice \u003cnewnetworkservicename\u003e \u003chardwareport\u003e\n Create a service named \u003cnetworkservice\u003e on port \u003chardwareport\u003e. The new service will be enabled by default.\n\nUsage: networksetup -renamenetworkservice \u003cnetworkservice\u003e \u003cnewnetworkservicename\u003e\n Rename \u003cnetworkservice\u003e to \u003cnewnetworkservicename\u003e.\n\nUsage: networksetup -duplicatenetworkservice \u003cnetworkservice\u003e \u003cnewnetworkservicename\u003e\n Duplicate \u003cnetworkservice\u003e and name it with \u003cnewnetworkservicename\u003e.\n\nUsage: networksetup -removenetworkservice \u003cnetworkservice\u003e\n Remove the service named \u003cnetworkservice\u003e. Will fail if this is the only service on the hardware port that \u003cnetworkservice\u003e is on.\n\nUsage: networksetup -ordernetworkservices \u003cservice1\u003e \u003cservice2\u003e \u003cservice3\u003e \u003c...\u003e\n Order the services in order specified. Use \"-listnetworkserviceorder\" to view service order.\n Note: use quotes around service names which contain spaces (ie. \"Built-in Ethernet\").\n\nUsage: networksetup -setMTUAndMediaAutomatically \u003chardwareport or device name\u003e\n Set hardwareport or device specified back to automatically setting the MTU and Media.\n\nUsage: networksetup -getMTU \u003chardwareport or device name\u003e\n Get the MTU value for hardwareport or device specified.\n\nUsage: networksetup -setMTU \u003chardwareport or device name\u003e \u003cvalue\u003e\n Set MTU for hardwareport or device specified.\n\nUsage: networksetup -listvalidMTUrange \u003chardwareport or device name\u003e\n List the valid MTU range for hardwareport or device specified.\n\nUsage: networksetup -getmedia \u003chardwareport or device name\u003e\n Show both the current setting for media and the active media on hardwareport or device specified.\n\nUsage: networksetup -setmedia \u003chardwareport or device name\u003e \u003csubtype\u003e [option1] [option2] [...]\n Set media for hardwareport or device specified to subtype. Specify optional [option1] and additional options depending on subtype. Any number of valid options can be specified.\n\nUsage: networksetup -listvalidmedia \u003chardwareport or device name\u003e\n List valid media options for hardwareport or device name. Enumerates available subtypes and options per subtype.\n\nUsage: networksetup -createVLAN \u003cVLAN name\u003e \u003cdevice name\u003e \u003ctag\u003e\n Create a VLAN with name \u003cVLAN name\u003e over device \u003cdevice name\u003e with unique tag \u003ctag\u003e. A default network service will be created over the VLAN.\n\nUsage: networksetup -deleteVLAN \u003cVLAN name\u003e \u003cdevice name\u003e \u003ctag\u003e\n Delete the VLAN with name \u003cVLAN name\u003e over the parent device \u003cdevice name\u003e with unique tag \u003ctag\u003e. If there are network services running over the VLAN they will be deleted.\n\nUsage: networksetup -listVLANs\n List the VLANs that have been created.\n\nUsage: networksetup -listdevicesthatsupportVLAN\n List the devices that support VLANs.\n\nUsage: networksetup -isBondSupported \u003cdevice name ie., en0\u003e\n Return YES if the specified device can be added to a bond. NO if it cannot.\n\nUsage: networksetup -createBond \u003cuser defined name\u003e \u003cdevice name 1\u003e \u003cdevice name 2\u003e \u003c...\u003e\n Create a new bond and give it the user defined name. Add the specified devices, if any, to the bond.\n\nUsage: networksetup -deleteBond \u003cbond name ie., bond0\u003e\n Delete the bond with the specified device-name.\n\nUsage: networksetup -addDeviceToBond \u003cdevice name\u003e \u003cbond name\u003e\n Add the specified device to the specified bond.\n\nUsage: networksetup -removeDeviceFromBond \u003cdevice name\u003e \u003cbond name\u003e\n Remove the specified device from the specified bond\n\nUsage: networksetup -listBonds\n List all of the bonds.\n\nUsage: networksetup -showBondStatus \u003cbond name ie., bond0\u003e\n Display the status of the specified bond.\n\nUsage: networksetup -listpppoeservices\n List all of the PPPoE services in the current set.\n\nUsage: networksetup -showpppoestatus \u003cservice name ie., MyPPPoEService\u003e\n Display the status of the specified PPPoE service.\n\nUsage: networksetup -createpppoeservice \u003cdevice name ie., en0\u003e \u003cservice name\u003e \u003caccount name\u003e \u003cpassword\u003e [pppoe service name]\n Create a PPPoE service on the specified device with the service name specified.\n The \"pppoe service name\" is optional and may not be supported by the service provider.\n\nUsage: networksetup -deletepppoeservice \u003cservice name\u003e\n Delete the PPPoE service.\n\nUsage: networksetup -setpppoeaccountname \u003cservice name\u003e \u003caccount name\u003e\n Sets the account name for the specified service.\n\nUsage: networksetup -setpppoepassword \u003cservice name\u003e \u003cpassword\u003e\n Sets the password stored in the keychain for the specified service.\n\nUsage: networksetup -connectpppoeservice \u003cservice name\u003e\n Connect the PPPoE service.\n\nUsage: networksetup -disconnectpppoeservice \u003cservice name\u003e\n Disconnect the PPPoE service.\n\nUsage: networksetup -getcurrentlocation\n Display the name of the current location.\n\nUsage: networksetup -listlocations\n List all of the locations.\n\nUsage: networksetup -createlocation \u003clocation name\u003e [populate]\n Create a new network location with the spcified name.\n If the optional term \"populate\" is included, the location will be populated with the default services.\n\nUsage: networksetup -deletelocation \u003clocation name\u003e\n Delete the location.\n\nUsage: networksetup -switchtolocation \u003clocation name\u003e\n Make the specified location the current location.\n\nUsage: networksetup -version\n Display version of networksetup tool.\n\nUsage: networksetup -help\n Display these help listings.\n\nUsage: networksetup -printcommands\n Displays a quick listing of commands (without explanations).\n\nAny command that takes a password, will accept - to indicate the password should be read from stdin.\n\nThe networksetup tool requires at least admin privileges to change network settings. If the \"Require an administrator password to access system-wide preferences\" option is selected in System Preferences \u003e Security \u0026 Privacy, then root privileges are required to change network settings.\n```\n\n### systemsetup\n\nThis utility provides a lot of simpler system setup options.\n\n```text\n$ sudo /usr/sbin/systemsetup\nsystemsetup Help Information\n-------------------------------------\nUsage: systemsetup -getdate\n Display current date.\n\nUsage: systemsetup -setdate \u003cmm:dd:yy\u003e\n Set current date to \u003cmm:dd:yy\u003e.\n\nUsage: systemsetup -gettime\n Display current time.\n\nUsage: systemsetup -settime \u003chh:mm:ss\u003e\n Set current time to \u003chh:mm:ss\u003e.\n\nUsage: systemsetup -gettimezone\n Display current time zone.\n\nUsage: systemsetup -settimezone \u003ctimezone\u003e\n Set current time zone to \u003ctimezone\u003e. Use \"-listtimezones\" to list time zones.\n\nUsage: systemsetup -listtimezones\n List time zones supported by this machine.\n\nUsage: systemsetup -getusingnetworktime\n Display whether network time is on or off.\n\nUsage: systemsetup -setusingnetworktime \u003con off\u003e\n Set using network time to either \u003con\u003e or \u003coff\u003e.\n\nUsage: systemsetup -getnetworktimeserver\n Display network time server.\n\nUsage: systemsetup -setnetworktimeserver \u003ctimeserver\u003e\n Set network time server to \u003ctimeserver\u003e.\n\nUsage: systemsetup -getsleep\n Display amount of idle time until computer, display and hard disk sleep.\n\nUsage: systemsetup -setsleep \u003cminutes\u003e\n Set amount of idle time until computer, display and hard disk sleep to \u003cminutes\u003e.\n Specify \"Never\" or \"Off\" for never.\n\nUsage: systemsetup -getcomputersleep\n Display amount of idle time until computer sleeps.\n\nUsage: systemsetup -setcomputersleep \u003cminutes\u003e\n Set amount of idle time until compputer sleeps to \u003cminutes\u003e.\n Specify \"Never\" or \"Off\" for never.\n\nUsage: systemsetup -getdisplaysleep\n Display amount of idle time until display sleeps.\n\nUsage: systemsetup -setdisplaysleep \u003cminutes\u003e\n Set amount of idle time until display sleeps to \u003cminutes\u003e.\n Specify \"Never\" or \"Off\" for never.\n\nUsage: systemsetup -getharddisksleep\n Display amount of idle time until hard disk sleeps.\n\nUsage: systemsetup -setharddisksleep \u003cminutes\u003e\n Set amount of idle time until hard disk sleeps to \u003cminutes\u003e.\n Specify \"Never\" or \"Off\" for never.\n\nUsage: systemsetup -getwakeonmodem\n Display whether wake on modem is on or off.\n\nUsage: systemsetup -setwakeonmodem \u003con off\u003e\n Set wake on modem to either \u003con\u003e or \u003coff\u003e.\n\nUsage: systemsetup -getwakeonnetworkaccess\n Display whether wake on network access is on or off.\n\nUsage: systemsetup -setwakeonnetworkaccess \u003con off\u003e\n Set wake on network access to either \u003con\u003e or \u003coff\u003e.\n\nUsage: systemsetup -getrestartpowerfailure\n Display whether restart on power failure is on or off.\n\nUsage: systemsetup -setrestartpowerfailure \u003con off\u003e\n Set restart on power failure to either \u003con\u003e or \u003coff\u003e.\n\nUsage: systemsetup -getrestartfreeze\n Display whether restart on freeze is on or off.\n\nUsage: systemsetup -setrestartfreeze \u003con off\u003e\n Set restart on freeze to either \u003con\u003e or \u003coff\u003e.\n\nUsage: systemsetup -getallowpowerbuttontosleepcomputer\n Display whether the power button is able to sleep the computer.\n\nUsage: systemsetup -setallowpowerbuttontosleepcomputer \u003con off\u003e\n Enable or disable whether the power button can sleep the computer.\n\nUsage: systemsetup -getremotelogin\n Display whether remote login is on or off.\n\nUsage: systemsetup -setremotelogin \u003con off\u003e\n Set remote login to either \u003con\u003e or \u003coff\u003e. Use \"systemsetup -f -setremotelogin off\" to suppress prompting when turning remote login off. Requires Full Disk Access privileges.\n\nUsage: systemsetup -getremoteappleevents\n Display whether remote apple events are on or off.\n\nUsage: systemsetup -setremoteappleevents \u003con off\u003e\n Set remote apple events to either \u003con\u003e or \u003coff\u003e. Requires Full Disk Access privileges.\n\nUsage: systemsetup -getcomputername\n Display computer name.\n\nUsage: systemsetup -setcomputername \u003ccomputername\u003e\n Set computer name to \u003ccomputername\u003e.\n\nUsage: systemsetup -getlocalsubnetname\n Display local subnet name.\n\nUsage: systemsetup -setlocalsubnetname \u003cname\u003e\n Set local subnet name to \u003cname\u003e.\n\nUsage: systemsetup -getstartupdisk\n Display current startup disk.\n\nUsage: systemsetup -setstartupdisk \u003cdisk\u003e\n Set current startup disk to \u003cdisk\u003e.\n\nUsage: systemsetup -liststartupdisks\n List startup disks on this machine.\n\nUsage: systemsetup -getwaitforstartupafterpowerfailure\n Get the number of seconds after which the computer will start up after a power failure.\n\nUsage: systemsetup -setwaitforstartupafterpowerfailure \u003cseconds\u003e\n Set the number of seconds after which the computer will start up after a power failure. The \u003cseconds\u003e value must be a multiple of 30 seconds.\n\nUsage: systemsetup -getdisablekeyboardwhenenclosurelockisengaged\n Get whether or not the keyboard should be disabled when the X Serve enclosure lock is engaged.\n\nUsage: systemsetup -setdisablekeyboardwhenenclosurelockisengaged \u003cyes no\u003e\n Set whether or not the keyboard should be disabled when the X Serve enclosure lock is engaged.\n\nUsage: systemsetup -version\n Display version of systemsetup tool.\n\nUsage: systemsetup -help\n Display help.\n\nUsage: systemsetup -printCommands\n Display commands.\n```\n\n### airport\n\nThe Airport command-line utility can yield a lot of useful Wi-Fi info.\n\n```text\n$ /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport\nUsage: airport \u003cinterface\u003e \u003cverb\u003e \u003coptions\u003e\n\n \u003cinterface\u003e\n If an interface is not specified, airport will use the first AirPort interface on the system.\n\n \u003cverb is one of the following:\n prefs If specified with no key value pairs, displays a subset of AirPort preferences for\n the specified interface.\n\n Preferences may be configured using key=value syntax. Keys and possible values are specified below.\n Boolean settings may be configured using 'YES' and 'NO'.\n\n DisconnectOnLogout (Boolean)\n JoinMode (String)\n Automatic\n Preferred\n Ranked\n Recent\n Strongest\n JoinModeFallback (String)\n Prompt\n JoinOpen\n KeepLooking\n DoNothing\n RememberRecentNetworks (Boolean)\n RequireAdmin (Boolean)\n RequireAdminIBSS (Boolean)\n RequireAdminNetworkChange (Boolean)\n RequireAdminPowerToggle (Boolean)\n AllowLegacyNetworks (Boolean)\n WoWEnabled (Boolean)\n\n logger Monitor the driver's logging facility.\n\n sniff If a channel number is specified, airportd will attempt to configure the interface\n to use that channel before it begins sniffing 802.11 frames. Captures files are saved to /tmp.\n Requires super user privileges.\n\n debug Enable debug logging. A debug log setting may be enabled by prefixing it with a '+', and disabled\n by prefixing it with a '-'.\n\n AirPort Userland Debug Flags\n DriverDiscovery\n DriverEvent\n Info\n SystemConfiguration\n UserEvent\n PreferredNetworks\n AutoJoin\n IPC\n Scan\n 802.1x\n Assoc\n Keychain\n RSNAuth\n WoW\n P2P\n Roam\n BTCoex\n AllUserland - Enable/Disable all userland debug flags\n\n AirPort Driver Common Flags\n DriverInfo\n DriverError\n DriverWPA\n DriverScan\n AllDriver - Enable/Disable all driver debug flags\n\n AirPort Driver Vendor Flags\n VendorAssoc\n VendorConnection\n AllVendor - Enable/Disable all vendor debug flags\n\n AirPort Global Flags\n LogFile - Save all AirPort logs to /var/log/wifi.log\n\n\u003coptions\u003e is one of the following:\n No options currently defined.\n\nExamples:\n\nConfiguring preferences (requires admin privileges)\n sudo airport en1 prefs JoinMode=Preferred RememberRecentNetworks=NO RequireAdmin=YES\n\nSniffing on channel 1:\n airport en1 sniff 1\n\n\nLEGACY COMMANDS:\nSupported arguments:\n -c[\u003carg\u003e] --channel=[\u003carg\u003e] Set arbitrary channel on the card\n -z --disassociate Disassociate from any network\n -I --getinfo Print current wireless status, e.g. signal info, BSSID, port type etc.\n -s[\u003carg\u003e] --scan=[\u003carg\u003e] Perform a wireless broadcast scan.\n Will perform a directed scan if the optional \u003carg\u003e is provided\n -x --xml Print info as XML\n -P --psk Create PSK from specified pass phrase and SSID.\n The following additional arguments must be specified with this command:\n --password=\u003carg\u003e Specify a WPA password\n --ssid=\u003carg\u003e Specify SSID when creating a PSK\n -h --help Show this help\n```\n\nProbably my favorite use of this command is getting the current network:\n\n```text\n$ /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -I\n agrCtlRSSI: -40\n agrExtRSSI: 0\n agrCtlNoise: -91\n agrExtNoise: 0\n state: running\n op mode: station\n lastTxRate: 351\n maxRate: 1300\nlastAssocStatus: 0\n 802.11 auth: open\n link auth: wpa2-psk\n BSSID: MY_BSSID\n SSID: MY_SSID\n MCS: 7\n channel: 44,80\n```\n\nAlso, you can scan your local Wi-Fi networks by running:\n\n```text\n$ /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s\n... Networks Here ...\n```\n\n### AssetCacheLocatorUtil\n\nThis tool fetches the available Content Caches available to your machine, and other Apple devices on the network.\nContent Cache is available in Sharing inside System Preferences and allows you to cache System Updates and iCloud content on local machines for bandwidth reduction.\n\n```text\n$ /usr/bin/AssetCacheLocatorUtil\n2020-12-26 20:35:24.351 AssetCacheLocatorUtil[39485:7741115] AssetCacheLocatorUtil version 116, framework version 116\n2020-12-26 20:35:24.351 AssetCacheLocatorUtil[39485:7741115] Determining public IP address...\n2020-12-26 20:35:24.494 AssetCacheLocatorUtil[39485:7741115] This computer's public IP address is 8.30.97.117.\n2020-12-26 20:35:24.494 AssetCacheLocatorUtil[39485:7741115] --- Information for system services:\n.... More Output\n```\n\nThe output from this command is pretty large but it will allow you to diagnose access to content cache.\n\n### AssetCacheManagerUtil\n\nThis tool manages the Content Cache service on your machine.\n\n```text\n$ /usr/bin/AssetCacheManagerUtil \n2020-07-04 01:26:37.394 AssetCacheManagerUtil[2835:949425] Usage: AssetCacheManagerUtil [options] command\n2020-07-04 01:26:37.394 AssetCacheManagerUtil[2835:949425] Options are:\n -a|--all show all events\n -j|--json print results in JSON\n -l|--linger don't exit\n2020-07-04 01:26:37.394 AssetCacheManagerUtil[2835:949425] Commands are:\n activate\n deactivate\n isActivated\n canActivate\n flushCache\n flushPersonalCache\n flushSharedCache\n status\n settings\n reloadSettings\n moveCacheTo path\n absorbCacheFrom path read-only|and-destroy\n```\n\nAn example usage of this command is:\n\n```text\n$ /usr/bin/AssetCacheManagerUtil status \n2020-07-04 01:29:24.546 AssetCacheManagerUtil[3572:955073] Content caching status:\n Activated: false\n Active: false\n CacheDetails: (none)\n CacheFree: 293.24 GB\n CacheLimit: unlimited\n CacheStatus: OK\n CacheUsed: Zero KB\n Parents: (none)\n Peers: (none)\n PersonalCacheFree: 293.24 GB\n PersonalCacheLimit: unlimited\n PersonalCacheUsed: Zero KB\n Port: 0\n RegistrationError: NOT_ACTIVATED\n RegistrationResponseCode: 403\n RegistrationStatus: -1\n RestrictedMedia: false\n ServerGUID: [GUID HERE]\n StartupStatus: FAILED\n TetheratorStatus: 0\n TotalBytesAreSince: 2020-07-03 17:22:37\n TotalBytesDropped: Zero KB\n TotalBytesImported: Zero KB\n TotalBytesReturnedToChildren: Zero KB\n TotalBytesReturnedToClients: Zero KB\n TotalBytesReturnedToPeers: Zero KB\n TotalBytesStoredFromOrigin: Zero KB\n TotalBytesStoredFromParents: Zero KB\n TotalBytesStoredFromPeers: Zero KB\n```\n\n### seedutil\n\nseedutil allows you to enroll and un-enroll from AppleSeed programs, such as Public Betas.\n\n```text\n$ sudo /System/Library/PrivateFrameworks/Seeding.framework/Resources/seedutil\nusage: seedutil enroll SEED_PROGRAM\n seedutil unenroll\n seedutil current\n seedutil migrate OLD_VERSION NEW_VERSION\n seedutil fixup\n```\n\nAn example usage of this command is:\n\n```text\n$ sudo /System/Library/PrivateFrameworks/Seeding.framework/Resources/seedutil current\nCurrently enrolled in: (null)\n\nProgram: 0\nBuild is seed: NO\nCatalogURL: (null)\nNSShowFeedbackMenu: NO\nDisableSeedOptOut: NO\nAsset Audience: c80fd46d-7cc7-487e-993c-3876697879dc\n```\n\n### kmutil\n\nkmutil is a tool for managing Kernel Extensions.\n\n```text\n$ /usr/bin/kmutil\nOVERVIEW: kmutil: KernelManagement Utility (KernelManagement_executables-102.60.20)\n\nUSAGE: kmutil \u003csubcommand\u003e\n\nOPTIONS:\n -h, --help Show help information.\n\nSUBCOMMANDS:\n create Create one or more new artifacts based on the arguments provided.\n load Load one or more extensions based on the arguments provided.\n unload Unload the named kexts and all personalities.\n log Display logging information about the KernelManagement subsystem.\n libraries Search for library kexts that define symbols needed for linking by a a kernel extension.\n dumpstate Dumps kernelmanagerd(8) state for debugging\n inspect Inspect \u0026 display a kext collection's contents according to the options provided.\n clear-staging Clears all contents of the kext staging locations on the system\n find Find kexts available on the operating system.\n showloaded Show the loaded state of the extensions on the system, according to the options provided.\n trigger-panic-medic Delete and disable loading of third party kexts in order to safely boot into a target volume. (can only be triggered in Recovery mode)\n eg usage: `kmutil trigger-panic-medic --volume-root /Volumes/\u003cVolumeName\u003e`\n check Check the consistency of kext collections against each other and/or load information in-kernel.\n print-diagnostics Perform all possible tests on a specified kext, and indicate whether the kext is loadable.\n\n See 'kmutil help \u003csubcommand\u003e' for detailed help.\n```\n\nAn example of using kmutil is to list loaded kexts:\n\n```text\n$ /usr/bin/kmutil showloaded\nNo variant specified, falling back to release\nIndex Refs Address Size Wired Name (Version) UUID \u003cLinked Against\u003e\n 1 139 0 0 0 com.apple.kpi.bsd (20.2.0) 82E2050C-5936-3D24-AD3B-EC4EC5C09E11 \u003c\u003e\n 2 11 0 0 0 com.apple.kpi.dsep (20.2.0) 82E2050C-5936-3D24-AD3B-EC4EC5C09E11 \u003c\u003e\n 3 168 0 0 0 com.apple.kpi.iokit (20.2.0) 82E2050C-5936-3D24-AD3B-EC4EC5C09E11 \u003c\u003e\n 4 0 0 0 0 com.apple.kpi.kasan (20.2.0) 82E2050C-5936-3D24-AD3B-EC4EC5C09E11 \u003c\u003e\n```\n\n### profiles\n\nprofiles allows you to manage and inspect macOS profiles. This is most commonly used for MDM.\n\n```text\n$ /usr/bin/profiles help\nprofiles allows you access configuration or application provisioning profiles on macOS.\n Use 'profiles help' for this help section, or use the man page for expanded instructions.\n Basic usage is in the form: 'profiles \u003ccommand verb\u003e [\u003coptions and parameters\u003e]'\n\n Clients should use the Profiles System Preferences pane to install configuration profiles.\n\n Command Verbs:\n status - indicates if profiles are installed\n list - list profile information\n show - show expanded profile information\n remove - remove profile\n sync - synchronize installed configuration profiles with known users\n renew - renew configuration profile installed certificate\n validate - validation of provisioning profile or DEP server enrollment information\n version - display tool version number\n\n Options: (not all options are meaningful for a command)\n -type=\u003cstring\u003e - type of profile; either 'configuration', 'provisioning', 'enrollment', or 'bootstraptoken'\n -user=\u003cstring\u003e - short user name\n -password=\u003cstring\u003e - password\n -identifier=\u003cstring\u003e - profile identifier\n -path=\u003cstring\u003e - file path\n -uuid=\u003cstring\u003e - profile UUID\n -enrolledUser=\u003cstring\u003e - enrolled user name\n -verbose - enable verbose mode\n -forced - when removing profiles, automatically confirms requests\n -all - select all profiles\n -quiet - enable quiet mode\n```\n\nAn example usage of profiles is viewing the status of profile enrollment:\n\n```text\n$ /usr/bin/profiles status -type enrollment\nEnrolled via DEP: No\nMDM enrollment: No\n```\n\n### bputil\n\nbputil is a tool for managing Boot Policy. This tool is only available on Apple Silicon. If you run this tool on x86_64, it will output: `bputil is not yet supported on this platform.`\n\n```text\n$ /usr/bin/bputil\n\nThis utility is not meant for normal users or even sysadmins.\nIt provides unabstracted access to capabilities which are normally handled for the user automatically when changing the security policy through GUIs such as Startup Disk in macOS Recovery.\nIt is possible to make your system security much weaker and therefore easier to compromise using this tool.\nThis tool is not to be used in production environments.\nIt is possible to render your system unbootable with this tool.\nIt should only be used to understand how the security of Apple Silicon Macs works.\nUse at your own risk!\n\nbputil v0.1.3 - a tool to modify boot policies\n bputil \u003coptional arguments\u003e ...\n\n Optional arguments:\n -u, --username \u003cusername\u003e\n Used to specify the username for a user with access to the signing key to authenticate the change\n If this is specified, the below password option is required too\n If this is not specified, an interactive prompt will request the username\n -p, --password \u003cpassword\u003e\n Used to specify the password for a user with access to the signing key to authenticate the change\n If this is specified, the above username option is required too\n If this is not specified, an interactive prompt will request the password\n -v, --vuid \u003cAABBCCDD-EEFF-0011-2233-445566778899\u003e\n Set the Volume Group UUID value\n If no option is specified, the default value of Volume Group UUID will be set to the APFS volume group UUID of the running OS\n Volume Group UUID for a given OS can be found with 'diskutil apfs listVolumeGroups'\n -l, --debug-logging\n Enables verbose logging to assist in debugging any issues associated with changing the policy\n -d, --display-policy\n Display the local policy. If the system has multiple bootable volumes, an interactive prompt will ask you to specify a volume\n -f, --full-security\n Changes security mode to Full Security. This option is mutually exclusive with all options below which cause security downgrades\n -g, --reduced-security\n Changes security mode to Reduced Security\n Passing this option will explicitly recreate the LocalPolicy, only the options specified via this tool will exist in the output local policy\n -n, --permissive-security\n Changes security mode to Permissive Security\n Passing this option will explicitly recreate the LocalPolicy, only the options specified via this tool will exist in the output local policy\n -m, --enable-mdm\n Enables MDM management of software updates \u0026 kernel extensions\n Automatically downgrades to Reduced Security mode if not already true\n -k, --enable-kexts\n Enables trust in locally SEP-signed AuxilaryKernelCache that contains 3rd party kexts\n Automatically downgrades to Reduced Security mode if not already true\n -c, --disable-kernel-ctrr\n Disables the enforcement of the Configurable Text Read-only Region that protects Kernel code\n Automatically downgrades to Permissive Security mode if not already true\n -a, --disable-boot-args-restriction\n Enables sending custom boot args to the kernel\n Automatically downgrades to Permissive Security mode if not already true\n -s, --disable-ssv\n Disables Signed System Volume integrity checks\n Automatically downgrades to Permissive Security mode if not already true\n NOTE: SSV cannot be disabled while FileVault is enabled\n```\n\n### nscurl\n\nnscurl is similar to curl but using macOS APIs.\n\n```text\n$ /usr/bin/nscurl -h\nUsage: nscurl [options...] \u003cURL\u003e\nOptions:\n -h --help Display help message\n -bg --background Use the background transfer\n API to execute the request\n --discretionary Marks the transfer as\n discretionary (only has an\n effect if --background is\n passed)\n -D --dump-header [ARG] Write the response headers to\n the specified file (pass '-'\n for stdout)\n -o --output [ARG] Write the response data to\n the specified file (pass '-'\n for stdout)\n -i --include Include response headers in\n output\n -L --location Instruct nscurl to follow\n redirects (this is the\n default behavior)\n --ignore-location Instruct nscurl to ignore\n redirects\n -H --header [ARG] Specify an additional HTTP\n Header (\"X-Header-Name:\n Value\")\n -A --user-agent [ARG] Specify the User-Agent string\n -u --user [ARG] Specify a username and\n password \u003cuser:password\u003e\n -dl --download Download the resource using a\n download task\n -dir --download-directory [ARG] Download the resource into\n the specified directory\n -T --upload [ARG] Upload the specified file\n (with HTTP PUT request\n -SU --streamed Use a streamed upload instead\n of a file upload, when\n --upload is passed\n -k --insecure Disable cert checking when\n using TLS\n -ld --large-download Use 'large-download'\n properties\n --bg-traffic-class Use SO_TC_BK traffic class\n -m --max-time [ARG] Timeout in seconds for the\n entire request\n --window-delay [ARG] Conditional connection window\n delay for request\n --window-duration [ARG] Conditional connection window\n duration for request\n -M --method [ARG] Set the HTTP method for the\n request\n -G --get Send a GET request\n -I --head Send a HEAD request\n --post Send a POST request\n --put Send a PUT request\n -r --range [ARG] Specify a byte range\n --no-expensive Disallow the use of expensive\n networks\n --no-constrained Disallow the use of\n constrained networks\n --start-timeout [ARG] Sets a timeout on starting\n the request (expressed in\n seconds from now)\n --fast-connect-timeout Fail quickly if the server is\n unreachable\n --payload-transmission-timeout [ARG] Sets a timeout on payload\n transmission\n\n post-connection-establishment\n -v --verbose Verbose output\n --ats-diagnostics Display ATS diagnostic\n information for URL\n --fingerprint Display fingerprint of URL\n TLS configuration\n --ats-tls-version [ARG] Minimum TLS version used for\n ATS configuration. Allowed\n values: TLSv1.0, TLSv1.1,\n TLSv1.2, or TLSv1.3\n --ats-disable-pfs Do not require Perfect\n Forward Secrecy for ATS\n configuration\n -ec --effective-configuration Exercise effective\n configuration\n --effective-configuration-dump [ARG] Write effective configuration\n to plist\n --effective-configuration-read [ARG] Read effective configuration\n from plist\n --http3 Enable HTTP/3\n --http3-prior-knowledge Enable HTTP/3 racing without\n service discovery\n```\n\nAn example of using nscurl is fetching your external IP from ipify.org:\n\n```text\n$ /usr/bin/nscurl 'https://api.ipify.org?format=json'\n{\"ip\":\"10.25.0.1\"}\n```\n\n### taskinfo\n\ntaskinfo is a tool for viewing detailed information about a process.\n\n```text\n$ /usr/bin/taskinfo -h\nusage:\n taskinfo [-h|--help] [--threads] [--dq] [--boosts] [process-name|pid]\n```\n\nAn example of using taskinfo is fetching information about the taskinfo process itself.\n\n```text\n$ sudo /usr/bin/taskinfo taskinfo\nprocess: \"taskinfo\" [76355] [unique ID: 773167]\narchitecture: arm64e\ncoalition (type 0) ID: 30994\ncoalition (type 1) ID: 30995\nsuspend count: 0\nvirtual bytes: 389.20 GB; phys_footprint bytes: 832.69 kB; phys_footprint lifetime maximum bytes: 832.69 kB\nrun time: 0 s\nuser/system time (current threads): 0.000781 s / 0.011651 s\nuser/system time (terminated threads): 0.000000 s / 0.000000 s\ninterrupt wakeups: 0 (0 / nan% from platform idle)\ndefault sched policy: POLICY_TIMESHARE\nCPU usage monitor: none\nCPU wakes monitor: 150 wakes per second (over system-default time period)\ndirty tracking: untracked dirty\nboosts: 0 (0 externalized)\nrequested policy\n req apptype: TASK_APPTYPE_DAEMON_INTERACTIVE\n req role: TASK_UNSPECIFIED (PRIO_DARWIN_ROLE_DEFAULT)\n req qos clamp: THREAD_QOS_UNSPECIFIED\n req base/override latency qos: LATENCY_QOS_TIER_UNSPECIFIED / LATENCY_QOS_TIER_UNSPECIFIED\n req base/override thruput qos: THROUGHPUT_QOS_TIER_UNSPECIFIED / THROUGHPUT_QOS_TIER_UNSPECIFIED\n req darwin BG: NO\n req internal/external iotier: THROTTLE_LEVEL_TIER0 (IMPORTANT) / THROTTLE_LEVEL_TIER0 (IMPORTANT)\n req darwin BG iotier: THROTTLE_LEVEL_TIER2 (UTILITY)\n req managed: NO\n req other:\n req suppression (App Nap) behaviors:\neffective policy\n eff role: TASK_UNSPECIFIED (PRIO_DARWIN_ROLE_DEFAULT)\n eff latency qos: LATENCY_QOS_TIER_UNSPECIFIED\n eff thruput qos: THROUGHPUT_QOS_TIER_UNSPECIFIED\n eff darwin BG: NO\n eff iotier: THROTTLE_LEVEL_TIER0 (IMPORTANT)\n eff managed: NO\n eff qos ceiling: THREAD_QOS_USER_INITIATED\n eff qos clamp: THREAD_QOS_UNSPECIFIED\n eff other:\nimp_donor: YES\nimp_receiver: NO\npid suspended: NO\nadaptive daemon: NO (boosted: NO)\n```\n\n### taskpolicy\n\ntaskpolicy can be used to adjust certain policies for running programs, and can additionally be used for running programs with a particular policy.\n\n```$text\n$ /usr/sbin/taskpolicy\nUsage: taskpolicy [-x|-X] [-d \u003cpolicy\u003e] [-g policy] [-c clamp] [-b] [-t \u003ctier\u003e]\n [-l \u003ctier\u003e] [-a] \u003cprogram\u003e [\u003cpargs\u003e [...]]\n taskpolicy [-b|-B] [-t \u003ctier\u003e] [-l \u003ctier\u003e] -p pid\n```\n\nAn example of using taskpolicy is clamping a command to a particular task QoS:\n\n```text\n$ /usr/sbin/taskpolicy -c background sw_vers\nProductName: macOS\nProductVersion: 11.0\nBuildVersion: 20A2411\n```\n\n### asr\n\nasr stands for Apple Software Restore. It is used for copying volume content.\n\n```text\n$ /usr/sbin/asr\nUsage: asr \u003cverb\u003e \u003coptions\u003e\n \u003cverb\u003e is one of the following:\n asr help | version\n asr restore --source \u003csource\u003e --target \u003ctarget\u003e [\u003coptions\u003e]\n asr restore --source asr://\u003chost\u003e/ --file \u003cfile\u003e [\u003coptions\u003e]\n asr server --source \u003csource\u003e --config \u003cplist\u003e [\u003coptions\u003e]\n asr imagescan --source \u003csource\u003e [--filechecksum] [--nostream]\n asr info --source \u003csource\u003e [--plist]\n```\n\nThere is a [great WWDC talk](https://developer.apple.com/videos/play/wwdc2019/710/) which dives into ASR around the eleven minute mark.\n\n### shortcuts\n\nshortcuts allows you to run and list your shortcuts from the Shortcuts app.\n\n```text\n$ /usr/bin/shortcuts\nOVERVIEW: Command-line utility for running shortcuts.\n\nUSAGE: shortcuts \u003csubcommand\u003e\n\nOPTIONS:\n -h, --help Show help information.\n\nSUBCOMMANDS:\n run Run a shortcut.\n list List your shortcuts.\n view View a shortcut in Shortcuts.\n sign Sign a shortcut file.\n\n See 'shortcuts help \u003csubcommand\u003e' for detailed help.\n```\n\nAn example of using shortcuts is the list command to list your shortcuts:\n\n```text\n$ /usr/bin/shortcuts list\nAccessibility Assistant\nShow me my Doorbell Camera\nShow me my Front Camera\n```\n\n### networkQuality\n\nnetworkQuality measures the quality of the network you are connected to.\n\n```text\n$ /usr/bin/networkQuality -h\nUSAGE: networkQuality [-C \u003cconfiguration_url\u003e] [-c] [-h] [-I \u003cinterfaceName\u003e] [-s] [-v]\n -C: override Configuration URL\n -c: Produce computer-readable output\n -h: Show help (this message)\n -I: Bind test to interface (e.g., en0, pdp_ip0,...)\n -s: Run tests sequentially instead of parallel upload/download\n -v: Verbose output\n```\n\nRunning without any arguments will give you an assessment of your network.\n\n```text\n$ /usr/bin/networkQuality\n==== SUMMARY ====\nUpload capacity: 24.494 Mbps\nDownload capacity: 262.640 Mbps\nUpload flows: 16\nDownload flows: 12\nResponsiveness: Medium (677 RPM)\n```\n","funding_links":[],"categories":["Others"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fazenla%2FMacHack","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fazenla%2FMacHack","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fazenla%2FMacHack/lists"}