{"id":51255236,"url":"https://github.com/thousandflowers/Raccoon","last_synced_at":"2026-06-30T18:00:37.451Z","repository":{"id":354166581,"uuid":"1222452390","full_name":"thousandflowers/Raccoon","owner":"thousandflowers","description":"macOS companion toolkit for power users","archived":false,"fork":false,"pushed_at":"2026-06-25T09:59:31.000Z","size":83688,"stargazers_count":103,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-06-25T10:22:53.066Z","etag":null,"topics":["bash","cli","developer-tools","macos","shell","tui"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/thousandflowers.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-27T11:32:38.000Z","updated_at":"2026-06-25T09:59:35.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/thousandflowers/Raccoon","commit_stats":null,"previous_names":["thousandflowers/raccoon"],"tags_count":22,"template":false,"template_full_name":null,"purl":"pkg:github/thousandflowers/Raccoon","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thousandflowers%2FRaccoon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thousandflowers%2FRaccoon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thousandflowers%2FRaccoon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thousandflowers%2FRaccoon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/thousandflowers","download_url":"https://codeload.github.com/thousandflowers/Raccoon/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thousandflowers%2FRaccoon/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34977672,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-30T02:00:05.919Z","response_time":92,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bash","cli","developer-tools","macos","shell","tui"],"created_at":"2026-06-29T10:00:25.880Z","updated_at":"2026-06-30T18:00:37.445Z","avatar_url":"https://github.com/thousandflowers.png","language":"Shell","funding_links":[],"categories":["Security"],"sub_categories":["macOS 10.15 Catalina Setup"],"readme":"\n\u003cp align=\"center\"\u003e\n \u003cimg src=\"docs/gifs/hero.gif\" alt=\"Raccoon β€” rcc audit running\" width=\"800\"\u003e\n\u003c/p\u003e\n\n# 🦝 Raccoon\n\n\u003e **Security audits, system info \u0026 SSH fleet management for macOS.**\n\u003e *For the people who maintain Macs they don't sit in front of β€” and need to show their work.*\n\n[![CI](https://github.com/thousandflowers/Raccoon/actions/workflows/ci.yml/badge.svg)](https://github.com/thousandflowers/Raccoon/actions/workflows/ci.yml)\n[![Release](https://img.shields.io/github/v/release/thousandflowers/Raccoon?sort=semver\u0026color=blue)](https://github.com/thousandflowers/Raccoon/releases/latest)\n[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)\n![macOS](https://img.shields.io/badge/platform-macOS-000000?logo=apple\u0026logoColor=white)\n![Bash](https://img.shields.io/badge/shell-bash%203.2%2B-4EAA25?logo=gnubash\u0026logoColor=white)\n![ShellCheck](https://img.shields.io/badge/shellcheck-passing-brightgreen)\n![Tests](https://img.shields.io/badge/tests-bats-blue)\n[![Last commit](https://img.shields.io/github/last-commit/thousandflowers/Raccoon)](https://github.com/thousandflowers/Raccoon/commits/main)\n[![git clones](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/thousandflowers/Raccoon/main/.github/traffic/clones.json\u0026cacheSeconds=1800)](https://github.com/thousandflowers/Raccoon/graphs/traffic)\n[![Homebrew tap](https://img.shields.io/badge/brew%20tap-thousandflowers%2Fraccoon-FBB040?logo=homebrew\u0026logoColor=white)](https://github.com/thousandflowers/homebrew-raccoon)\n[![Mentioned in Awesome macOS](https://awesome.re/mentioned-badge.svg)](https://github.com/iCHAIT/awesome-macOS)\n\nZero dependencies beyond macOS + git. ~1500 lines of shellcheck-clean Bash, covered by a comprehensive bats suite. Runs on the system Bash (3.2 β†’ 5.x) β€” no Homebrew required.\n\n---\n\n## Why I built this\n\nIt started as a PR to [Mole](https://github.com/tw93/Mole): a `mo update` that bumped brew, pip, npm, and gem in one shot. The maintainer liked it but declined it as out of scope.\n\nSo I merged it with the script I already ran on my sisters' Macs β€” disk space, open ports, startup items β€” and kept adding commands. It now writes client reports and audits a room of Macs over SSH, but it's still the same tool: just the things I needed.\n\n---\n\n## Contents\n\n- [Install](#install)\n- [What you can do](#what-you-can-do)\n- [Fleet management](#️-fleet-management)\n- [All commands](#all-commands)\n- [Why Raccoon is different](#why-raccoon-is-different)\n- [Is it safe to pipe to `bash`?](#is-it-safe-to-pipe-to-bash)\n- [Go TUI](#go-tui)\n- [Shell completion](#shell-completion) Β· [Man page](#man-page) Β· [Project structure](#project-structure) Β· [Contributing](#contributing)\n\n---\n\n## Install\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/thousandflowers/Raccoon/main/install.sh | bash\n```\n\nOr via Homebrew:\n\n```bash\nbrew install thousandflowers/raccoon/rcc\n```\n\nOr grab the single self-contained file β€” no git, no clone (CLI only; the\ninteractive TUI still needs one of the installs above):\n\n```bash\ncurl -fsSL https://github.com/thousandflowers/Raccoon/releases/latest/download/rcc -o rcc\nchmod +x rcc\n./rcc audit\n```\n\nRun `rcc` to launch the interactive [menu](#go-tui), or `rcc \u003ccommand\u003e` for direct access.\n\n\u003cdetails\u003e\n\u003csummary\u003eUpdate \u0026amp; uninstall\u003c/summary\u003e\n\n**Update:**\n\n```bash\nbrew upgrade rcc # Homebrew\ncurl -fsSL https://raw.githubusercontent.com/thousandflowers/Raccoon/main/install.sh | bash # curl install\n```\n\n**Uninstall:**\n\n```bash\nbrew uninstall rcc # Homebrew\nrm -rf ~/.raccoon \u0026\u0026 rm \"$(which rcc)\" # curl install\n```\n\u003c/details\u003e\n\n---\n\n## Requirements\n\n- **macOS** on Apple Silicon or Intel, with the built-in `bash` (3.2+) β€” nothing extra to install for the core commands.\n- **git** β€” used by the curl installer and by `rcc git`.\n- **Optional, per command:** `mas` (App Store updates in `rcc apps`), `gpg` (`rcc ssh --export-gpg`), `docker` (`rcc docker`), Homebrew (`rcc upgrade` / `apps`), and Go (only to build the TUI).\n\n---\n\n## What you can do\n\n### πŸ”’ Security audit\n\n```bash\nrcc audit # 30+ security checks (Gatekeeper, firewall, SIP, sharing…)\nrcc audit --fix # apply safe fixes β€” every change is backed up first\nrcc audit --deep # add slower, deeper checks\nrcc audit --json # machine-readable output (also: --csv, --report file.md)\nrcc audit --baseline # snapshot now; later runs diff against it\nrcc audit --verbose # show the exact command + raw output behind each check\nrcc audit --cis # map checks to the CIS Apple macOS Benchmark + coverage\nrcc audit --only core,network # run only some check groups (--list-checks to list)\nrcc audit --report out.html # auditor-ready self-contained HTML report\n```\n\nPer-client reports with `--client`, `--shop`, `--tech` and reusable profiles\n(`rcc audit --profile mario-bianchi`). `--fix` backs every change up to\n`~/.raccoon/fix-backups/\u003ctimestamp\u003e/` first, and schedules itself with\n`rcc audit schedule weekly` (LaunchAgent).\n\n**Exit codes** (for CI/automation, on both `rcc audit` and `rcc fleet audit`):\n`0` all passed Β· `1` at least one failure Β· `2` warnings only (or a usage\nerror). `--verbose` re-runs each check's documented command live so an auditor\ncan verify findings instead of trusting the summary; the same command is shown\nin `--json` (the `command` field) and the HTML report.\n\n```\n$ rcc audit\n Security Audit Β· 2026-06-26 14:30\n\n βœ“ FileVault Enabled\n βœ“ Gatekeeper Enabled\n βœ“ SIP Enabled\n ⚠ Firewall On β€” stealth mode off\n βœ“ Screen Lock Locks immediately\n ⚠ Sharing Remote Login (SSH) enabled\n βœ— Software Updates 3 updates pending\n …\n ────────────────────────────────────────────\n 28 passed Β· 3 warnings Β· 1 failed\n Run `rcc audit --explain` for the why behind each finding\n```\n\n![audit](docs/gifs/rcc-audit.gif)\n\n\u003cdetails\u003e\n\u003csummary\u003eWhat gets checked (30+)\u003c/summary\u003e\n\n- **System:** FileVault, SIP, Gatekeeper, XProtect, Firewall, Stealth Mode, Software Updates, Screen Lock, Auto-Login\n- **Network:** Sharing, Open Ports, SSH Daemon, DNS Servers, DNS-over-HTTPS, VPN, Bluetooth\n- **Auth \u0026 keys:** Keychain, SSH Keys, `.ssh` permissions, Authorized Keys, Sudo Access, Sudoers\n- **Persistence:** Login Items, Cron Jobs, At Jobs, LaunchDaemons, System \u0026 User LaunchAgents, Kernel Extensions\n- **Privacy:** Location Services, Analytics, Quarantined Files\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eClient-facing report (\u003ccode\u003e--report report.md\u003c/code\u003e)\u003c/summary\u003e\n\n`rcc audit --client \"Jane Doe\" --shop \"MacFix Pro\" --tech \"Mario Rossi\" --report report.md`\nproduces a branded intervention sheet (also `--report report.rtf` for Pages/Word):\n\n```markdown\n# Intervention Sheet\n\n**Date:** 2026-06-26\n**Technician:** Mario Rossi\n**Client:** Jane Doe β€” MacFix Pro\n\n## Issues found and resolved\n\n| Check | Before | After |\n|------------------|-------------|------------|\n| Firewall | Off | On |\n| Software Updates | 3 pending | Installed |\n| Remote Login | Enabled | Disabled |\n\n**Hours worked:** 0.5\n\n_Generated by Raccoon_\n```\n\u003c/details\u003e\n\n### πŸ›°οΈ Fleet management\n\nDiscover, group, run commands on, and audit every Mac you manage β€” from one\nmachine, over SSH, in parallel:\n\n```bash\nrcc fleet scan # discover Macs on the LAN (Bonjour + ping-sweep)\nrcc fleet add mario@192.168.1.10 # ...or add hosts by hand\nrcc fleet group add office mario@192.168.1.10 luca@192.168.1.11 # organize into groups\nrcc fleet run --group office -- softwareupdate -l # run a command in bulk\nrcc fleet audit # security-audit every host, one aggregate report\nrcc fleet audit --group office --report office.md\nrcc fleet status # quick reachability check\n```\n\n`rcc fleet scan` classifies each host it finds as **ready** (key auth works),\n**setup-needed** (SSH up, needs `ssh-copy-id`), or **non-Mac**, and can append the\nready ones to your host list. Hosts live in `~/.raccoon/fleet.conf` (one\n`user@host[:port]` per line, key auth only). **Remote Macs don't need Raccoon\ninstalled** β€” the audit script is streamed over SSH stdin to `bash`, so they need\nonly bash, macOS, and an SSH server.\n\n### πŸ–₯️ System information\n\n```bash\nrcc disk # internal, external \u0026 network drives, SMART\nrcc disk large # biggest files (--min SIZE, --top N)\nrcc network # interfaces, Wi-Fi, DNS, routing\nrcc wifi # active network, known SSIDs, Keychain passwords\nrcc memory # system stats + processes sorted by RAM\nrcc ports # open ports \u0026 listening services\nrcc battery # health %, cycles, temperature\nrcc backup # Time Machine status\n```\n\n### 🧹 Maintenance\n\n```bash\nrcc env # shell environment \u0026 PATH breakdown\nrcc startup # launch agents \u0026 login items\nrcc startup clean # remove orphaned launch agents (interactive)\nrcc trash # trash size \u0026 empty\nrcc fonts # find duplicates \u0026 corrupted fonts\nrcc history # shell history analysis\nrcc certs # SSL certificate expiry report\n```\n\n### πŸ› οΈ Developer tools\n\n```bash\nrcc upgrade # update brew, pip, npm, gem… at once (--dry-run to preview)\nrcc apps # update GUI apps in 4 layers (see below)\nrcc ssh # inspect keys, --export, --export-gpg\nrcc git # status, branches, stash, cleanup\nrcc docker # images, containers, volumes\nrcc xcode # simulators, derived data, SPM caches\n```\n\n`rcc apps` updates in four layers, in order: Mac App Store (`mas`), Homebrew\ncasks (`--greedy`), the Homebrew cask catalog (7000+ apps matched to\n`/Applications` by name β€” no install required, parsed with pure awk), and\nSparkle feeds (apps with a `SUFeedURL` in their plist). Apps with built-in\nauto-updaters are detected and skipped by default; `--auto-launch` opens them\nto trigger their own updater. Skip a layer with `--no-catalog` / `--no-sparkle`.\n\n\u003cdetails\u003e\n\u003csummary\u003eπŸ“Έ More command demos\u003c/summary\u003e\n\n**System info**\n\n![disk](docs/gifs/rcc-disk.gif)\n![network](docs/gifs/rcc-network.gif)\n![memory](docs/gifs/rcc-memory.gif)\n![ports](docs/gifs/rcc-ports.gif)\n![battery](docs/gifs/rcc-battery.gif)\n![backup](docs/gifs/rcc-backup.gif)\n\n**Developer tools**\n\n![upgrade](docs/gifs/rcc-upgrade.gif)\n![docker](docs/gifs/rcc-docker.gif)\n![git](docs/gifs/rcc-git.gif)\n![xcode](docs/gifs/rcc-xcode.gif)\n![certs](docs/gifs/rcc-certs.gif)\n\n**Maintenance**\n\n![env](docs/gifs/rcc-env.gif)\n![startup](docs/gifs/rcc-startup.gif)\n![trash](docs/gifs/rcc-trash.gif)\n![fonts](docs/gifs/rcc-fonts.gif)\n![history](docs/gifs/rcc-history.gif)\n\n\u003c/details\u003e\n\n---\n\n## All commands\n\n\u003cdetails\u003e\n\u003csummary\u003eFull command reference\u003c/summary\u003e\n\n| Command | What it does |\n|---------|--------------|\n| `audit` | 30+ security checks; `--fix`, `--deep`, `--json`/`--csv`, `--report`, `--baseline`, `--profile`, `schedule` |\n| `fleet` | `scan`, `add`/`remove`/`list`, `group`, `run`, `audit`, `status` across many Macs over SSH |\n| `disk` | Internal/external/network drives, SMART; `disk large` for biggest files |\n| `network` | Interfaces, Wi-Fi, DNS, routing |\n| `wifi` | Active network, known SSIDs, Keychain passwords |\n| `memory` | System memory + processes by RAM |\n| `ports` | Open ports \u0026 listening services |\n| `battery` | Health %, cycles, temperature |\n| `backup` | Time Machine status |\n| `env` | Shell environment \u0026 PATH breakdown |\n| `startup` | Launch agents \u0026 login items; `startup clean` |\n| `trash` | Trash size \u0026 empty |\n| `fonts` | Duplicate \u0026 corrupted fonts |\n| `history` | Shell history analysis |\n| `certs` | SSL certificate expiry report |\n| `upgrade` | Update brew/pip/npm/gem…; `--dry-run` |\n| `apps` | Update GUI apps in 4 layers |\n| `ssh` | Inspect/export keys |\n| `git` | Status, branches, stash, cleanup |\n| `docker` | Images, containers, volumes |\n| `xcode` | Simulators, derived data, SPM caches |\n\n\u003c/details\u003e\n\n---\n\n## Why Raccoon is different\n\n- **Safe by default, not silent by default.** `--fix` backs up every destructive change to `~/.raccoon/fix-backups/\u003ctimestamp\u003e/` before touching anything β€” a wrong fix is always recoverable.\n- **No install on the remote Macs.** Fleet mode streams the audit over SSH stdin; remote machines need only bash, macOS, and an open SSH server.\n- **Auditable, not opinionated.** It never sets a public DNS resolver or strips Gatekeeper quarantine flags β€” both would silently weaken a working setup.\n- **One data model.** Text, JSON, CSV, Markdown, RTF, and the fleet aggregate all render from the same `AUDIT_RESULTS` array, so a new check shows up everywhere automatically.\n\n---\n\n## Is it safe to pipe to `bash`?\n\nFair question for a tool that audits security and runs `sudo`. The honest answer:\n\n- **Read it first.** The installer is one file β€” [`install.sh`](install.sh). It clones the repo to `~/.raccoon` and symlinks `rcc`; nothing else. Prefer Homebrew (`brew install thousandflowers/raccoon/rcc`) if you'd rather not pipe to a shell.\n- **No telemetry.** Raccoon makes no analytics or \"phone-home\" calls. Ever.\n- **Network calls are only the obvious ones:** `apps` fetches the Homebrew cask catalog and Sparkle appcasts to update apps; `audit --share` (opt-in only) uploads a report to GitHub; `fleet` connects over SSH to *your* hosts and uses Bonjour/ping on *your* LAN for `scan`; `upgrade` talks to the package managers you already use. Nothing leaves your machine unless you run one of those.\n- **`sudo` only when it's doing the work** β€” applying `audit --fix` changes or installing a cask β€” never just to look around.\n- **Reports can contain sensitive data** β€” open ports, hostnames, SSH keys, and (via `rcc wifi`) Keychain Wi-Fi passwords. Review any report before you share it.\n- **Auditable.** ~1500 lines of plain Bash, `shellcheck -S warning` clean, covered by a comprehensive bats suite. Read any command in [`bin/`](bin/).\n\n---\n\n## Go TUI\n\nRaccoon ships an optional terminal UI built with [Bubble Tea](https://github.com/charmbracelet/bubbletea):\n\n```\nβ”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”\nβ”‚ Raccoon β”‚\nβ”‚ macOS companion toolkit β”‚\nβ”‚ β”‚\nβ”‚ upgrade audit network β”‚\nβ”‚ fleet scan fleet audit fleet status β”‚\nβ”‚ fleet list fleet groups β”‚\nβ”‚ disk memory ssh git β”‚\nβ”‚ ports battery backup env β”‚\nβ”‚ startup trash fonts history β”‚\nβ”‚ certs docker xcode β”‚\nβ”‚ β”‚\nβ”‚ ←→ Navigate Β· ↑↓ Rows Β· / Search Β· Enter Run β”‚\nβ””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜\n```\n\nCompile with `cd ui \u0026\u0026 ./build.sh`. The binary lands in `bin/rcc-ui` and is\nauto-detected by `rcc`. Argument-heavy fleet subcommands (`run`, `group add`,\n`audit --group`) stay on the CLI, where you can pass them.\n\n---\n\n## Shell completion\n\n```bash\nrcc completion bash \u003e\u003e ~/.bashrc # or: rcc completion zsh \u003e\u003e ~/.zshrc\n```\n\n## Man page\n\n```bash\nman rcc # every command, flag, and example\n```\n\n## Project structure\n\n```\nRaccoon/\nβ”œβ”€β”€ rcc # Entry point + dispatcher\nβ”œβ”€β”€ install.sh # curl | bash installer\nβ”œβ”€β”€ lib/core/ # Shared shell library (common.sh, commands.sh)\nβ”œβ”€β”€ bin/ # Command scripts (audit, fleet, disk, …)\nβ”œβ”€β”€ ui/ # Go Bubble Tea TUI\nβ”œβ”€β”€ completions/ # bash + zsh autocompletions\nβ”œβ”€β”€ man/man1/rcc.1 # Man page\nβ”œβ”€β”€ tests/ # Bats test suite\n└── docs/ # Images, GIFs, guides\n```\n\n## Contributing\n\nBug reports and PRs welcome β€” use the templates.\n\n```bash\nbrew install bats-core shellcheck\nbats tests/ # run tests\nshellcheck rcc bin/*.sh lib/core/*.sh # lint\n```\n\n---\n\n## License\n\nMIT β€” see [LICENSE](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthousandflowers%2FRaccoon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthousandflowers%2FRaccoon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthousandflowers%2FRaccoon/lists"}