Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]

atomics/Indexes/Indexes-CSV/index.csv

@@ -765,6 +765,7 @@ discovery,T1217,Browser Bookmark Discovery,4,List Google Chrome / Opera Bookmark
 discovery,T1217,Browser Bookmark Discovery,5,List Google Chrome / Edge Chromium Bookmarks on Windows with command prompt,76f71e2f-480e-4bed-b61e-398fe17499d5,command_prompt
 discovery,T1217,Browser Bookmark Discovery,6,List Mozilla Firefox bookmarks on Windows with command prompt,4312cdbc-79fc-4a9c-becc-53d49c734bc5,command_prompt
 discovery,T1217,Browser Bookmark Discovery,7,List Internet Explorer Bookmarks using the command prompt,727dbcdb-e495-4ab1-a6c4-80c7f77aef85,command_prompt
+discovery,T1217,Browser Bookmark Discovery,8,List Safari Bookmarks on MacOS,5fc528dd-79de-47f5-8188-25572b7fafe0,sh
 discovery,T1087.002,Domain Account,1,Enumerate all accounts (Domain),6fbc9e68-5ad7-444a-bd11-8bf3136c477e,command_prompt
 discovery,T1087.002,Domain Account,2,Enumerate all accounts via PowerShell (Domain),8b8a6449-be98-4f42-afd2-dedddc7453b2,powershell
 discovery,T1087.002,Domain Account,3,Enumerate logged on users via CMD (Domain),161dcd85-d014-4f5e-900c-d3eaae82a0f7,command_prompt

atomics/Indexes/Indexes-CSV/macos-index.csv

@@ -107,6 +107,7 @@ impact,T1529,System Shutdown/Reboot,4,Shutdown System via `shutdown` - macOS/Lin
 impact,T1529,System Shutdown/Reboot,5,Restart System via `reboot` - macOS/Linux,47d0b042-a918-40ab-8cf9-150ffe919027,bash
 discovery,T1217,Browser Bookmark Discovery,2,List Mozilla Firefox Bookmark Database Files on macOS,1ca1f9c7-44bc-46bb-8c85-c50e2e94267b,sh
 discovery,T1217,Browser Bookmark Discovery,3,List Google Chrome Bookmark JSON Files on macOS,b789d341-154b-4a42-a071-9111588be9bc,sh
+discovery,T1217,Browser Bookmark Discovery,8,List Safari Bookmarks on MacOS,5fc528dd-79de-47f5-8188-25572b7fafe0,sh
 discovery,T1083,File and Directory Discovery,3,Nix File and Directory Discovery,ffc8b249-372a-4b74-adcd-e4c0430842de,sh
 discovery,T1083,File and Directory Discovery,4,Nix File and Directory Discovery 2,13c5e1ae-605b-46c4-a79f-db28c77ff24e,sh
 discovery,T1087.001,Local Account,2,View sudoers access,fed9be70-0186-4bde-9f8a-20945f9370c2,sh

atomics/Indexes/Indexes-Markdown/index.md

@@ -1259,6 +1259,7 @@
   - Atomic Test #5: List Google Chrome / Edge Chromium Bookmarks on Windows with command prompt [windows]
   - Atomic Test #6: List Mozilla Firefox bookmarks on Windows with command prompt [windows]
   - Atomic Test #7: List Internet Explorer Bookmarks using the command prompt [windows]
+  - Atomic Test #8: List Safari Bookmarks on MacOS [macos]
 - T1087.004 Cloud Account [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1069.003 Cloud Groups [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1580 Cloud Infrastructure Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)

atomics/Indexes/Indexes-Markdown/macos-index.md

@@ -294,6 +294,7 @@
 - [T1217 Browser Bookmark Discovery](../../T1217/T1217.md)
   - Atomic Test #2: List Mozilla Firefox Bookmark Database Files on macOS [macos]
   - Atomic Test #3: List Google Chrome Bookmark JSON Files on macOS [macos]
+  - Atomic Test #8: List Safari Bookmarks on MacOS [macos]
 - T1087.002 Domain Account [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1069.002 Domain Groups [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1083 File and Directory Discovery](../../T1083/T1083.md)

atomics/Indexes/index.yaml

@@ -54232,6 +54232,26 @@ discovery:
 
 '
         name: command_prompt
+    - name: List Safari Bookmarks on MacOS
+      auto_generated_guid: 5fc528dd-79de-47f5-8188-25572b7fafe0
+      description: 'This test searches for Safari''s Bookmarks file (on macOS) and
+        lists any found instances to a text file.
+
+'
+      supported_platforms:
+      - macos
+      input_arguments:
+        output_file:
+          description: Path where captured results will be placed.
+          type: Path
+          default: "/tmp/T1217-Safari.txt"
+      executor:
+        command: "find / -path \"*/Safari/Bookmarks.plist\" 2>/dev/null >> #{output_file}
+          \ncat #{output_file} \n"
+        cleanup_command: 'rm -f #{output_file} 2>/dev/null
+
+'
+        name: sh
   T1087.004:
     technique:
       external_references:

atomics/T1217/T1217.md

@@ -22,6 +22,8 @@ Specific storage locations vary based on platform and/or application, but browse
 
 - [Atomic Test #7 - List Internet Explorer Bookmarks using the command prompt](#atomic-test-7---list-internet-explorer-bookmarks-using-the-command-prompt)
 
+- [Atomic Test #8 - List Safari Bookmarks on MacOS](#atomic-test-8---list-safari-bookmarks-on-macos)
+
 
 <br/>
 
@@ -251,4 +253,42 @@ dir /s /b %USERPROFILE%\Favorites
 
 
 
+<br/>
+<br/>
+
+## Atomic Test #8 - List Safari Bookmarks on MacOS
+This test searches for Safari's Bookmarks file (on macOS) and lists any found instances to a text file.
+
+**Supported Platforms:** macOS
+
+
+**auto_generated_guid:** 5fc528dd-79de-47f5-8188-25572b7fafe0
+
+
+
+
+
+#### Inputs:
+| Name | Description | Type | Default Value |
+|------|-------------|------|---------------|
+| output_file | Path where captured results will be placed. | Path | /tmp/T1217-Safari.txt|
+
+
+#### Attack Commands: Run with `sh`! 
+
+
+```sh
+find / -path "*/Safari/Bookmarks.plist" 2>/dev/null >> #{output_file} 
+cat #{output_file}
+```
+
+#### Cleanup Commands:
+```sh
+rm -f #{output_file} 2>/dev/null
+```
+
+
+
+
+
 <br/>