Open Source Mac Command Line Tools

ccrypt is a command-line tool for encrypting and decrypting files and streams. It provides strong encryption based on the Rijndael cipher, a version of which is also used in the Advanced Encryption Standard.

testssl.sh is a free command-line tool that checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more. testssl.sh is free and open-source software. You can use it under the terms of GPLv2, please review the License before using it. Works for Linux, Mac OSX, FreeBSD, NetBSD and WSL/MSYS2/Cygwin out of the box, no need to install or configure something, no gems, CPAN, pip or the like. OpenBSD only needs bash to be postinstalled. You can test any SSL/TLS enabled and STARTTLS service, not only webservers at port 443. Several command line options help you to run your test and configure your output. If a particular check cannot be performed because of a missing capability on your client side, you'll get a warning. You can look at the code, see what's going on and you can change it.

Prowler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening, and forensics readiness. It contains more than 200 controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks. Prowler is a command-line tool that helps you with AWS security assessment, auditing, hardening, and incident response. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark (49 checks) and has more than 100 additional checks related to GDPR, HIPAA, PCI-DSS, ISO-27001, FFIEC, SOC2, and others. +200 checks covering security best practices across all AWS regions and most AWS services. Get a direct colorful or monochrome report. Get an HTML, CSV, JUNIT, JSON, or JSON ASFF (Security Hub) format report.

This command line tool can be used to encrypt and decrypt files and directories using the AWS Encryption SDK. If you have not already installed cryptography, you might need to install additional prerequisites as detailed in the cryptography installation guide for your operating system. Installation using a python virtual environment is recommended to avoid conflicts between system packages and user-installed packages. For the most part, the behavior of aws-encryption-cli in handling files is based on that of GNU CLIs such as cp. A qualifier to this is that when encrypting a file, if a directory is provided as the destination, rather than creating the source filename in the destination directory, a suffix is appended to the destination filename. By default the suffix is .encrypted when encrypting and .decrypted when decrypting, but a custom suffix can be provided by the caller if desired.

AntiDef is written in order to handle with defacement attacks. This tool written in Java in a fast-and-dirty manner; However is works. This tool is working straight forward. Server administrator should run the application with the following specific parameters: path to the copy of the web site (source), path to the application directory, path to log directory and few more optional parameters. This tool compares the source and the destination files, then copies the "defaced" files if any change occurs. The comparison occurs by default every 60 seconds, but can be defined differently. Developer: Nir Valtman Blog: http://valtman-nir.blogspot.com

Cherrybomb is an CLI tool written in Rust that helps prevent incorrect code implementation early in development. It works by validating and testing your API using an OpenAPI file. Its main goal is to reduce security errors and ensure your API functions as intended. Cherrybomb makes sure your API is working correctly. It checks your API's spec file (OpenAPI Specification) for good practices and makes sure it follows the OAS rules. Then, it tests your API for common issues and vulnerabilities. If any problems are found, Cherrybomb gives you a detailed report with the exact location of the problem so you can fix it easily. With a configuration file, you can easily edit, view, Cherrybomb's options. The config file allows you to set the running profile, location of the oas file, the verbosity and ignore the TLS error. Config also allows you to override the server's URL with an array of servers, and add security to the request.

The JCRYPT client make it easy and convenience to consume JCRYPT Web Service which enables encryption/decryption of your data with intuitive command line tool or Java API both packed as single very small jar file.

A cryptographically verifiable code review system for the cargo (Rust) package manager. cargo-crev is an implementation of Crev as a command-line tool integrated with cargo. This tool helps Rust users evaluate the quality and trustworthiness of their package dependencies. Crev is a language and ecosystem agnostic, distributed code review system. Use reviews produced by other users. Increase the trustworthiness of your own code. Build a web of trust of other reputable users to help verify the code you use. Static binaries are available from the releases page. Crev is a system for verifying the security and reliability of dependencies based on collaborative code reviews. Crev users review the source code of packages/libraries/crates and share their findings with others. Crev then uses Web of Trust to select trusted reviews and judge the reputation of projects' dependencies.

terminal-notifier is a command-line tool to send macOS User Notifications, which are available on macOS 10.10 and higher. alerter features were merged in terminal-notifier 1.7. This led to some issues and even more issues in the 1.8 release. From now on terminal-notifier won't have the sticky notification feature nor the actions buttons. If you need them please use alerter. Sticking to two smaller specialized tools will hopefully make them easier to maintain and less error prone. It is currently packaged as an application bundle, because NSUserNotification does not work from a ‘Foundation tool’. radar://11956694. If you intend to package terminal-notifier with your app to distribute it on the Mac App Store, please use 1.5.2; version 1.6.0+ uses a private method override, which is not allowed in the App Store Guidelines.