-
Notifications
You must be signed in to change notification settings - Fork 13
Standalone Usage
Jesse edited this page May 22, 2020
·
1 revision
boko.py [-h] (-r | -i | -p /path/to/app) (-A | -P | -b) [-oS outputfile | -oC outputfile | -oA outputfile] [-s] [-v]| Argument | Description |
|---|---|
| -h, --help | Show this help message and exit |
| -r, --running | Check currently running processes |
| -i, --installed | Check all installed applications |
| -p /file.app | Check a specific application i.e. /Application/Safari.app |
| -A, --active | Executes executable binaries discovered to actively identify hijackable dylibs |
| -P, --passive | Performs checks only by viewing file headers (Default) |
| -b, --both | Performs both methods of vulnerability testing |
| -oS outputfile | Outputs standard output to a .log file |
| -oC outputfile | Outputs results to a .csv file |
| -oA outputfile | Outputs results to a .csv file and standard log |
| -s, --sipdisabled | Use if SIP is disabled on the system to search typically read-only paths |
| -v, --verbose | Output all results in verbose mode while script runs, without this only Definite certainty vulnerabilities are displayed to the console |
It is recommended only to use active mode with the -p flag and selecting a specific program. Also, it's a good idea to use -v with -oS or -oA, unless you are only looking for definite certainty vulnerabilities.
It is highly discouraged to run this tool with the -i and (-A or -b) flags together. This will open every executable on your system for 3 seconds at a time. I do not take any responsibility for your system crashing or slowing down because you ran that. Additionally, if you have dormant malware on your system, this will execute it.