Automatically audit your Mac for basic security hygiene.

Overview

Automatically audit your Mac for basic security hygiene

The simplest security is the most important. 80% of hacks are caused by 20% of common preventable mistakes. Pareto Security is a Menu Bar app that quietly runs in the background and reminds you if you forget to enable your firewall, turn on disk encryption and perform similar basic security hygiene tasks.

More info and newsletter signup at https://paretosecurity.app/.

image

Other checks that you want to be implemented? Let us know at https://github.com/ParetoSecurity/pareto-mac/discussions/3

Download the latest release from https://github.com/ParetoSecurity/pareto-mac/releases

Comments
  • Redesign of the menu bar

    Redesign of the menu bar

    ref: https://github.com/niteoweb/pareto/issues/83 ref: https://github.com/niteoweb/pareto/issues/82 ref: https://github.com/niteoweb/pareto/issues/88 ref: https://github.com/niteoweb/pareto/issues/89 ref: https://github.com/niteoweb/pareto/issues/75

    opened by dz0ny 17
  • Add new update UI

    Add new update UI

    https://user-images.githubusercontent.com/239513/131977528-ee91623a-0ca9-42f1-aeb7-07f1844a2016.mov

    Closes https://github.com/ParetoSecurity/pareto-mac/issues/43

    opened by dz0ny 13
  • Add support for running custom checks

    Add support for running custom checks

    ref: https://github.com/ParetoSecurity/pareto-mac/issues/128 ref: https://github.com/teamniteo/pareto/issues/396

    Custom checks are shown under My Checks claim image and they follow usnistgov yaml spec, they need to be enabled under Preferences (disabled by default as there are two Security prompts issued by macOS) image

    opened by dz0ny 9
  • [Bug]: Version 1.6.15 crashes when running checks

    [Bug]: Version 1.6.15 crashes when running checks

    What happened?

    App crashes when running checks

    Version

    HW: MacBook Pro 16" Intel macOS: 11.6.1 App Version: 1.6.15 Build: 3626

    Relevant log output

    Process:               Pareto Security [29927]
    Path:                  /Applications/Pareto Security.app/Contents/MacOS/Pareto Security
    Identifier:            niteo.co.Pareto
    Version:               1.6.15 (3626)
    Code Type:             X86-64 (Native)
    Parent Process:        ??? [1]
    Responsible:           Pareto Security [29927]
    User ID:               501
    
    Date/Time:             2021-12-13 16:18:58.548 +0100
    OS Version:            macOS 11.6.1 (20G224)
    Report Version:        12
    Bridge OS Version:     6.0 (19P549)
    Anonymous UUID:        C01133AD-0FE4-7607-73F8-06C78E701A3E
    
    Sleep/Wake UUID:       0CE03438-9F19-40CB-8CC5-2A86EF609C54
    
    Time Awake Since Boot: 220000 seconds
    Time Since Wake:       2400 seconds
    
    System Integrity Protection: enabled
    
    Crashed Thread:        0  Dispatch queue: com.apple.main-thread
    
    Exception Type:        EXC_BAD_INSTRUCTION (SIGILL)
    Exception Codes:       0x0000000000000001, 0x0000000000000000
    Exception Note:        EXC_CORPSE_NOTIFY
    
    Termination Signal:    Illegal instruction: 4
    Termination Reason:    Namespace SIGNAL, Code 0x4
    Terminating Process:   exc handler [29927]
    
    Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
    0   niteo.co.Pareto               	0x0000000104a3bf76 0x1049df000 + 380790
    1   niteo.co.Pareto               	0x00000001049e4f81 0x1049df000 + 24449
    2   niteo.co.Pareto               	0x00000001049f0887 0x1049df000 + 71815
    3   niteo.co.Pareto               	0x00000001049fa6ee 0x1049df000 + 112366
    4   libdispatch.dylib             	0x00007fff2018619e _dispatch_block_async_invoke2 + 83
    5   libdispatch.dylib             	0x00007fff20179806 _dispatch_client_callout + 8
    6   libdispatch.dylib             	0x00007fff20185b4f _dispatch_main_queue_callback_4CF + 940
    7   com.apple.CoreFoundation      	0x00007fff20457f18 __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ + 9
    8   com.apple.CoreFoundation      	0x00007fff2041a112 __CFRunLoopRun + 2755
    9   com.apple.CoreFoundation      	0x00007fff20418f8c CFRunLoopRunSpecific + 563
    10  com.apple.HIToolbox           	0x00007fff28660a83 RunCurrentEventLoopInMode + 292
    11  com.apple.HIToolbox           	0x00007fff286607e5 ReceiveNextEventCommon + 587
    12  com.apple.HIToolbox           	0x00007fff28660583 _BlockUntilNextEventMatchingListInModeWithFilter + 70
    13  com.apple.AppKit              	0x00007fff22c22172 _DPSNextEvent + 864
    14  com.apple.AppKit              	0x00007fff22c20945 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1364
    15  com.apple.AppKit              	0x00007fff22c12c69 -[NSApplication run] + 586
    16  com.apple.AppKit              	0x00007fff22be6e6c NSApplicationMain + 816
    17  com.apple.SwiftUI             	0x00007fff41c2594d specialized runApp(_:) + 100
    18  com.apple.SwiftUI             	0x00007fff4245715c runApp<A>(_:) + 162
    19  com.apple.SwiftUI             	0x00007fff42040d31 static App.main() + 61
    20  niteo.co.Pareto               	0x00000001049e2601 0x1049df000 + 13825
    21  libdyld.dylib                 	0x00007fff2033ef3d start + 1
    
    bug 
    opened by buchi 6
  • [Bug]: Failing

    [Bug]: Failing "AirPlay receiver is off"

    What happened?

    The AirPlay receiver is off check fails on my machine. But in the sharing control panel I have nothing activated. I'm not sure what I have to do now. Bildschirmfoto 2021-11-07 um 13 02 38

    Version

    HW: MacBookPro14,1 macOS: 11.6.0 App Version: 1.4.1 Build: 2736

    Relevant log output

    No response

    bug 
    opened by jone 6
  • [Bug]: Auditor and Updater disagree on whether Zoom is up-to-date

    [Bug]: Auditor and Updater disagree on whether Zoom is up-to-date

    What happened?

    Auditor says Zoom is out-of-date. Updater says everything is good.

    Screenshot 2022-11-02 at 12 05 12

    Version

    Auditor version 1.7.36 Updater version 1.1.24

    Relevant log output

    No response

    bug 
    opened by zupo 2
  • Make sure no ports are open

    Make sure no ports are open

    What happened?

    @jcerjak had an idea to also check that no ports are open. I.e. maybe a developer runs ngrok or a local Apache server and forgets to turn it off. Maybe even installs Postgres and doesn't configure it properly and now data leaks are possible.

    Version

    /

    Relevant log output

    No response

    bug 
    opened by zupo 1
  • Please create a Homebrew manuscript.

    Please create a Homebrew manuscript.

    Homebrew is widely used Package Manager for macOS. Many macOS applications provide with Homebrew installation.

    Could you please create a PR for Homebrew Cask?

    opened by ivaquero 8
  • Screen saver time should be configurable

    Screen saver time should be configurable

    What happened?

    Checking for screen saver time (actually screen lock time!) is good security. However, everyone's threat model is different and 5 minutes may not be appropriate for everyone

    The screen saver time should be configurable, at least to a point. Perhaps the check could default to 5 minutes, but allow the user to specify a acceptable time up to 10 minutes, or some other reasonable maximum.

    Version

    1.6.29 - 3941 (setapp subscription)

    Relevant log output

    No response

    enhancement 
    opened by zcutlip 1
Releases(1.7.53)
Oversecured Vulnerable iOS App is an iOS app that aggregates all the platform's known and popular security vulnerabilities.

Description Oversecured Vulnerable iOS App is an iOS app that aggregates all the platform's known and popular security vulnerabilities. List of vulner

Oversecured Inc 135 Dec 15, 2022
Virgil Core SDK allows developers to get up and running with Virgil Cards Service API quickly and add end-to-end security to their new or existing digital solutions to become HIPAA and GDPR compliant and more.

Virgil Core SDK Objective-C/Swift Introduction | SDK Features | Installation | Configure SDK | Usage Examples | Docs | Support Introduction Virgil Sec

Virgil Security, Inc. 27 Jul 26, 2022
Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers

Frida Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. Learn more at frida.re. Two ways to install 1. Inst

Frida 11.4k Jan 9, 2023
CCCryptor (AES encryption) wrappers for iOS and Mac in Swift. -- For ObjC, see RNCryptor/RNCryptor-objc

RNCryptor Cross-language AES Encryptor/Decryptor data format. The primary targets are Swift and Objective-C, but implementations are available in C, C

null 3.3k Dec 30, 2022
Simple Objective-C wrapper for the keychain that works on Mac and iOS

SAMKeychain SAMKeychain is a simple wrapper for accessing accounts, getting passwords, setting passwords, and deleting passwords using the system Keyc

Sam Soffes 5.4k Dec 29, 2022
TouchEncryptedJson - Simple project that accepts an input and encrypts it with the TouchID on a Mac

TouchEncryptedJson Simple project that accepts an input and encrypts it with the

Charles Edge 2 Aug 29, 2022
PGPro can encrypt and decrypt messages as well as manage all your OpenPGP keys. It is free, simple and lightweight. Everything stays on your device. PGPro is made in Switzerland.

PGPro can encrypt and decrypt messages as well as manage all your OpenPGP keys. It is free, simple and lightweight. Everything stays on your device. P

Luca Näf 250 Jan 4, 2023
Helps you define secure storages for your properties using Swift property wrappers.

?? Secure Property Storage Helps you define secure storages for your properties using Swift property wrappers. ?? Features All keys are hashed using S

Alex Rupérez 443 Jan 4, 2023
TouchID used easy on one line in your ViewController.

TouchIDExtension TouchID used easy on one line in your ViewController. ##Installation At this moment, You can install only a way, manually. For instal

Joan Molinas 65 Feb 26, 2020
Obfuscate your strings in Swift easily

TPObfuscatedString TPObfuscatedString is a simple extension for String in Swift. It allows you to obfuscate hardcoded Strings in your compiled binary.

techprimate 18 Jan 9, 2020
Framework for biometric authentication (via TouchID) in your application

Features Requirements Communication Installation Usage Intro Biometric authentication availability Feature enabled/disabled for biometric authenticati

Igor Vasilenko 29 Sep 16, 2022
Use Apple FaceID or TouchID authentication in your app using BiometricAuthentication.

BiometricAuthentication Use Apple FaceID or TouchID authentication in your app using BiometricAuthentication. It's very simple and easy to use that ha

Rushi Sangani 804 Dec 30, 2022
Find who executes a target binary inside your MacOS.

whoexec Whoexec is a tool that will monitor every exec call inside MacOS by using the latest Endpoint Security Framework, with this it's able to detec

Anderson 17 Nov 9, 2022
A wrapper to make it really easy to deal with iOS, macOS, watchOS and Linux Keychain and store your user's credentials securely.

A wrapper (written only in Swift) to make it really easy to deal with iOS, macOS, watchOS and Linux Keychain and store your user's credentials securely.

Ezequiel Aceto 2 Mar 29, 2022
Automatically set your keyboard's backlight based on your Mac's ambient light sensor.

QMK Ambient Backlight Automatically set your keyboard's backlight based on your Mac's ambient light sensor. Compatibility macOS Big Sur or later, a Ma

Karl Shea 29 Aug 6, 2022
Tutanota is an email service with a strong focus on security and privacy that lets you encrypt emails, contacts and calendar entries on all your devices.

Tutanota makes encryption easy Tutanota is the secure email service with built-in end-to-end encryption that enables you to communicate securely with

Tutao GmbH 5k Dec 26, 2022
Secure your app by obfuscating all the hard-coded security-sensitive strings.

App Obfuscator for iOS Apps Secure your app by obfuscating all the hard-coded security-sensitive strings. Security Sensitive strings can be: REST API

pj 601 Dec 16, 2022
VidyoPlatform Basic CustomLayouts Reference App for iOS (Swift)VidyoPlatform Basic CustomLayouts Reference App for iOS (Swift)

VidyoPlatform Basic CustomLayouts Reference App for iOS (Swift) VidyoPlatform reference application highlighting how to integrate video chat into a na

Taras Melko 0 Nov 19, 2021
A Mac command-line tool that automatically downloads macOS Installers / Firmwares.

MIST - macOS Installer Super Tool A Mac command-line tool that automatically downloads macOS Installers / Firmwares: Features List all available macOS

Nindi Gill 483 Jan 8, 2023
Sideload iOS apps regardless of security settings

m1-ios-sideloader Sideload iOS apps regardless of security settings Notes Does not support encrypted IPAs at this time - you can grab decrypted IPAs w

Eric Rabil 20 Dec 4, 2022