Syntella macOS Forensics Tool

DownloadSyntella.app.dmg

Syntella (Download v0.2.2) is an open-source macOS forensics tool that creates a text file report that tells you about exactly whats running on your system, open connections, services, network connectivity, disks, USB, global ping time network checks. It takes about 5 minutes to run and gives you a text file with a timestamp that you can "diff" against earlier files to see changes easily.

It's designed for advanced mac users to check there system is safe, and for regular users peruse and give to an expert for help with. View the example report.

It is licensed as open source via the Apache 2.0 license, source code (click Syntella.sh to see what it's doing behind the scenes).

I capture a copy of all the reports via encrypted link to tomachi.co

In exchange for your use of the software I am collecting it's output presently, this can be disabled for a fee.

At this time I do not have automatic deletion of reports setup, but they are at difficult to guess web URLs only reported in the app and not linked from any places online. If the app becomes popular I'll begin deleting reports on a daily rotation to ensure privacy but still give time to download.

Privacy Sensitive Categories Collected:

The labels but not the contents of:

Wifi names, machine name, hardware serials (no software is checked at all), Mac addresses, processes, programs, ports, servers, services, disk free, network connections, open files, router tables, users logged in, tunnels, mounted volume names,

We don't capture any user files or filenames, unless they are open. So consider which websites you were visited just before running it. Netstat will still show closed connections for at least 2 minutes after closing, due to the the CLOSEWAIT and TIMEWAIT states of TCP/IP.

This app collects a bunch of output from these OS tools and compiles them into a single text file you can diff from time to time to see changes.

Run from compiled Application (easy)

Download the app at  https://tomachi.co/downloads/Syntella_v0.2.1.dmg

Run from source code (advanced)

Since this is security software, it's open source. You can read it and see everything it does. But you will need to also install:

  • homebrew
  • git
  • curl
  • nmap

This shell script will run a range of diagnostic tools against your machine. To install it enter at the terminal:

git clone https://github.com/tomachinz/syntella/ ~/syntella

Then to run it use:

~/syntella/syntella.sh

Or just double click the syntella.sh file icon.

To receive updates type:

cd ~/syntella/

git pull