🍎

Executing Apple Script

Learn how to execute Apple Script using various methods

This project provides multiple ways to execute Apple Script. You can execute it via CLI, osascript, Swift, Applet, or run the binary directly.

The GitHub releases page provides all of these different files for each test.

get_user_using_system_info.scpt
get_user_using_system_info.swift
get_user_using_system_info.app.zip
get_user_using_system_info

If you would like to compile the files yourself, install uv and then use the following commands:

git clone https://github.com/cyberbuff/loas.git
cd loas
uv sync
uv run main.py build

Each of these methods generate different set of logs based on the execution tool.

The below sample Endpoint Security logs are gathered using Red Canary Mac Monitor for each of the execution methods for getting the clipboard content.

osascript CLI

This is the simplest way to execute commands from this repository.

osascript -e "the clipboard"
CLI

Script

Download the script from the releases page and execute it with osascript.

osascript get_clipboard_content_using_applescript_defaults.scpt
File

Swift

Download the Swift file from the releases page and execute it with Swift.

Note: You might need to install XCode Developer Tools to run Swift files.

swift get_clipboard_content_using_applescript_defaults.swift
Swift

Applet

Download the .app file from the releases page and execute it.

open -n get_clipboard_content_using_applescript_defaults.app
App

Binary

Download the binary from the releases page and execute it.

./get_clipboard_content_using_applescript_defaults
Binary

What is LOAS?

LOAS is a collection of scripts that are used to perform various offensive operations on macOS

T1005

Data from Local System

On this page

osascript CLI
Script
Swift
Applet
Binary