Specialised security analysis tool for macOS software packages: DMG, PKG, and APP bundles.
Inspired on the Norwegian verb "å mase" (to nag) because it is annoying having to write a bunch of commands to statically analyse a file, so instead now it is an actual python code!
The What's Your Sign by Objective See is a way better tool! My tool MAS is just a humble POC. PS: I'm struggling with checking if a bundle is sandboxed or not :´)
.dmgDisk images (installers).pkgmacOS installer packages.appApplication bundles
- Checks if files are properly signed
- Verifies Apple notarisation status
- Checks if macOS will allow execution
- Extracts download source, time, and downloading app
- Can see what permissions the app request (optional)
- Parses the Info.plist for app metadata
Note
Three are no external dependencies needed, but that means it can only run on macOS. Tested on macOS 15, Silicon/ARM.
- Python 3.6+
- Permissions: read access to files being analysed
# Make MAS executable
chmod +x mas.py
# Ready to use!
python3 mas.py file.dmg
# OR use directly:
./mas.py file.dmg# Full security analysis with hashes
python3 mas.py -v ~/Downloads/app.dmg
# Check entitlements (permissions)
python3 mas.py --entitlements App.app
# Scan all DMGs in Downloads
python3 mas.py ~/Downloads/*.dmg
- Under entitlements, if you see:
Details: xcode-select: error: tool 'stapler' requires Xcode, but active developer directory '/Library/Developer/CommandLineTools' is a command line tools instancethen you will need to install Command Line Tools if you haven't already and enable them:
xcode-select --install
sudo xcode-select --switch /Library/Developer/CommandLineToolsIf the error persists, change the path of your installed Xcode:
sudo xcode-select -s /Applications/Xcode.app/Contents/Developer🔐 Stay safe! Always verify your downloads.