Table of Contents
- Check for Software Updates
- Download iTerm2
- Download Nerd Fonts
- Install macOS Command Line Tools
- Install Homebrew
- Install Zsh
- Install Oh My Zsh
- Install Git
- Setup GPG Keys
- Install Powerlevel10K
- Setup Message of the Day
- Generate SSH Keys
- Useful Aliases
- Install Homebrew Packages
- Install Python
- Install Virtualenv
- Install Pipenv
- Install Ruby
- Update RubyGems and Bundler
- Install Rails
- Install MySQL
- Install MySQL Workbench
- Install PostgreSQL
- Install MongoDB
- Install Node.js
- Install Yarn
- Install Go
- Install AWS Command Line
- Install Boto
- Install Docker
- Install Java JDK 8
- Setup Apache Server
- Install PHP
- Setting up php-fpm with Nginx
- Install Aircrack-ng
- Install Capture the Flag Tools
- Install VirtualBox
- Install Sublime Text 3
- Install Visual Studio Code
- Write to NTFS on macOS Catalina
- Disable Gatekeeper
- Spoof MAC Address
- Tweaks
- Tweak macOS Appearance
- Save to Disk by Default
- Firefox Browser Extensions (Online Privacy)
- Firefox Configurations (Online Privacy)
Check for updates
Checks and install all avaliable software updates.
$ softwareupdate -iaiTerm2
iTerm2 brings the terminal into the modern age with features you never knew you always wanted.
Download: iTerm2
Download: iTerm2 Themes
Nerd Fonts
Nerd Fonts is a project that patches developer targeted fonts with a high number of glyphs (icons).
Official Github: NerdFonts
Direct Download: NerdFonts
Unzip and use ./install script to install to your system.
Install Command Line Tools without Xcode
Download the macOS SDK, headers, and build tools. These tools make it easy to install open source software or develop on UNIX.
$ xcode-select --installHomebrew
Homebrew installs the stuff you need that Apple didn't.
Official Site: Homebrew
$ /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"Useful commands:
brew cleanup brew doctor brew outdated brew upgrade
To uninstall Homebrew:
$ ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/uninstall)"Zsh
A powerful shell designed for interactive use. Features of bash, tsh, and tcsh are incorporated into zsh.
$ brew install zshIf necessary, make zsh default shell using this command: chsh -s $(which zsh)
Oh My Zsh
Oh My Zsh is a open source framework built on top of zsh for managing it's configuration. This framework will allow us to use themes, plugins, helpers, functions and many other cool things.
Official Github: Oh My Zsh
$ sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)"Change file permissions for the following folders:
$ chmod 755 /usr/local/share/zsh
$ chmod 755 /usr/local/share/zsh/site-functionsInstall plugins:
$ cd ~/.oh-my-zsh/custom/plugins
$ git clone https://github.com/zsh-users/zsh-syntax-highlighting
$ git clone https://github.com/zsh-users/zsh-autosuggestionsAdd zsh-syntax-highlighting, zsh-autosuggestions, colored-man-pages in ~/.zshrc under plugins.
Refresh the shell enviornment:
$ source ~/.zshrc Git
A distributed version control system for tracking changes in souce code during software development.
$ brew install gitGit extras:
$ brew install git-lfs git-flow git-extrasGit setup:
$ git config --global user.name "your username"
$ git config --global user.email "your email"
$ git config --global credential.helper osxkeychain
$ git config --global color.ui autoGenerate SSH Keys
A SSH key is an access credential in the SSH protocol. Its function is similar to that of user names and passwords, but the keys are primarily used for automated processes and for implementing single sign-ons.
$ ssh-keygen -o -a 256 -t ed25519Options:
-a rounds
-o openssh
-t type
To copy public key to a particular server, use: ssh-copy-id <user@hostname>
To setup Github, copy and paste SSH key to Github website. use: pbcopy < ~/.ssh/id_ed25519.pub to copy to clipboard.
To verify, ssh -T git@github.com, you should get message "sucessfully authenticated".
Powerlevel10k
A theme for Zsh. It emphasizes speed, flexibility, and out-of-the-box expierence. With Powerlevel10k, there is no prompt lag.
Official Github: Powerlevel10k
$ git clone --depth=1 https://github.com/romkatv/powerlevel10k.git $ZSH_CUSTOM/themes/powerlevel10kSet ZSH_THEME="powerlevel10k/powerlevel10k" in ~/.zshrc
$ source ~/.zshrcTo configure, use p10k configure
Message of the Day
A welcome message shown to a user upon the terminal login.
$ brew install cowsay lolcat fortunecowsay generates ASCII pictures of a cow with a message.
lolcat is a utility which adds a rainbow coloring to the cat like command.
fortune displays a pseudo-random message from a database of quotations.
Edit the ~/.zprofile using the following command:
$ vim ~/.zprofileAdd: fortune | cowsay | lolcat. Save and exit.
Homebrew Packages
$ brew install tree fzf ack htop httpd gcc mas neofetch nmap openssh openssl p7zip rsync speedtest-cli ssh-copy-id subnetcalc telnet the_silver_searcher thefuck tldr tmux trash unrar unzip watch wget youtube-dl rtv vim exaGPG
GPG is a free software alternative to the closed source commercial PGP. You will also need pinentry-mac. pinentry-mac is a tool which prompts with a native dialog box for your GPG key passphrase and also allows you to store the password in your Mac’s keychain. To install GPG and pinentry-mac, use the following command:
$ brew install gpg pinentry-macTo list the GPG keys, use the command:
$ gpg --list-keys- Your keyring should be empty at this point.
To enable pinentry, edit the $HOME/.gnupg/gpg-agent.conf file, use the command:
$ echo "pinentry-program /usr/local/bin/pinentry-mac" >> $HOME/.gnupg/gpg-agent.confTo GENERATE A MASTER KEY, use the command:
$ gpg --expert --full-generate-key-
When prompted for what kind of key, pick option:
(8) RSA (set your own capabilities). -
When prompted for capabilities, type
sand hit enter to toggle off the Sign capability. -
Next type
eand hit enter to toggle off the Encrypt capability. -
Confirm that the current allowed actions only lists Certify, then type
qand hit enter to finish setting capabilities. -
Now you are prompted for how long the RSA key should be. Type
4096to set the highest security that GPG currently supports. -
For expiration, I suggest picking
0so the key doesn’t expire. -
For the Real Name, I suggest picking the same “friendly name” you use for outgoing email.
-
Next provide the email address you want to use for receiving encrypted email.
-
I will reference this email as
YOUR@EMAIL.comfor the remainder of this install. -
If you’d like to enter a comment for the key, you can do so next. Otherwise hit
enterto skip it. -
If everything looks good at this point, hit
ofor Okay.
You will now be prompted for your master key passphrase. Please ensure this is a secure password that you have not used anywhere else.
- To set secure preferences on key, use the following command:
$ gpg --edit-key YOUR@EMAIL.com-
Paste
setpref SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressedinto it and pressenter. -
Type
yto confirm. -
Type
saveto save and exit.
To ADD A SUBKEY to be used to encrypt and sign, use the following command:
$ gpg --expert --edit-key YOUR@EMAIL.com-
At the prompt, type
addkey. -
Choose option:
(8) RSA (set your own capabilities)as before. -
Unlike before, the capabilities are already set the way I want (“Sign Encrypt”), so type
qto finish capability selection. -
Type
4096as previously done for the keysize. -
Next, we suggest using
0for no expiration as before. -
Confirm
yat the next two prompts. -
After entering your passphrase, your subkey is now created.
-
Type
saveto quit and exit.
To EXPORT YOUR PRIVATE KEY, use the command:
$ gpg --export-secret-keys --armor YOUR@EMAIL.com > YOUR@EMAIL.com.private.gpg-keyTo EXPORT YOUR PUBLIC KEY, use the command:
$ gpg --export --armor YOUR@EMAIL.com > YOUR@EMAIL.com.public.gpg-keyTo CREATE A REVOCATION CERTIFICATE, use the command:
$ gpg --output YOUR@EMAIL.com.gpg-revocation-certificate --gen-revoke YOUR@EMAIL.com-
Follow the prompts to create the revocation certificate. For reason, I suggest
1 = Key has been compromisedand you can hit enter on the description line (it’s not needed). -
Backup your keys in a safe place.
I suggest deleting the private key and revocation certificate from your computer afterwards.
Python
A interpreted, high-level, general-purpose programming language. There are many ways to install Python, but I found this to be best.
$ brew install pyenv
$ pyenv install -l
$ pyenv install 3.8.2
$ pyenv global 3.8.2
$ pyenv version
$ echo -e 'if command -v pyenv 1>/dev/null 2>&1; then\n eval "$(pyenv init -)"\nfi' >> ~/.zshrc
$ exec $SHELL
$ which python
$ python -V
$ pip -V
$ pip install --upgrade pipVirtualenv
A tool to create isolated virtual Python environments.
$ pip install virtualenvPipenv
A packaging tool for Python that solves some common problems associated with the typical workflow using pip, virtualenv, and the good old requirements.txt.
$ brew install pipenvRuby
A interpreted, high-level, general-purpose programming language.
$ brew install rbenv ruby-build
$ echo 'if which rbenv > /dev/null; then eval "$(rbenv init -)"; fi' >> ~/.zshrc
$ source ~/.zshrc
$ rbenv install -l
$ rbenv install 2.7.0
$ rbenv global 2.7.0
$ exec $SHELL
$ ruby -vRubyGems and Bundler
Ruby package manager
$ which gem
$ gem install bundlerRails
A web-application framework that includes everything needed to create database-backed web applications.
$ gem install rails -v 6.0.2.1
$ rbenv rehash
$ rails -vMySQL
A open-source relational database management system.
$ brew install mysql$ unset TMPDIR
$ mkdir /usr/local/var
$ mysql_install_db --verbose --user=`whoami` --basedir="$(brew --prefix mysql)" --datadir=/usr/local/var/mysql --tmpdir=/tmpUsage:
Start: mysql.server start
Stop: mysql.server stop
Help: mysql.server --help
Connect CLI: mysql -uroot
MySQL Workbench
GUI client for MySQL
$ brew cask install --appdir="/Applications" mysqlworkbenchPostgreSQL
A open-source relational database management system emphaszing extensibility and technical standards compliance.
$ brew install postgresql
$ postgres --versionUsage:
Create Database: $ initdb /usr/local/var/postgres
Start Database: pg_ctl -D /usr/local/var/postgres start
Stop Database: pg_ctl -D /usr/local/var/postgres stop
Create actual Database: createdb mydatabasename , dropdb mydatabasename
MongoDB
A popular NoSQL database
$ brew tap mongodb/brew
$ brew install mongodb-community@4.2To start MongoDB: brew services start mongodb
Node JS
A open-source, cross-platform, Javascript runtime enviornment that executes Javascript code outside of a browser.
$ brew install nodeYarn
A package manager for your code. It allows your to use and share code with other developers quickly and securely.
$ brew install yarn --ignore-dependencies
Go
A statically typed, complied programming language designed at Google. Similar to C, but with memory safety, garbarge collection, structural typing, and CSP-style concurrency.
$ brew install goAWS Command Line Interface
A unified tool to manage your AWS service, allowing you to control multiple AWS services from the command line and to automate them through scripts.
$ brew install awscli
$ aws configureBoto
The official AWS SDK for Python
$ pip install boto Docker
A set of platform as a service products that uses OS-level virtualization to deliver software in packages called containers.
Download: Docker for Mac
Java JDK 8
A development enviornment for building applications and components using the Java programming language.
$ brew tap adoptopenjdk/openjdk
$ brew cask install adoptopenjdk8
$ brew install mavenAircrack-ng
A network suite of tools to access WiFi network security.
$ brew install aircrack-ng
$ sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/local/bin/airportUsage:
-
Scan Wifi:
airport -s -
Disconnect Wifi:
airport -z -
Monitor Mode On:
sudo airport <interface> sniff <channel>, e.g.airport en0 sniff 6 -
Monitor Mode Off:
ps -ax | grep -a airport.*sniff -
Brute Hash:
aircrack-ng -1 -a 1 -b <BSSID> <cap_file> -w <wordlist> -
Kill Processes:
sudo kill -9 <process id> -
Cap File Location:
/tmp/airportSniff*.cap
Apache
A open-source cross-platform web server software.
$ sudo apachectl stop
$ sudo launchctl unload -w /System/Library/LaunchDaemons/org.apache.httpd.plist 2>/dev/null
$ brew install httpd
$ sudo brew services restart httpd
$ sudo nano /usr/local/etc/httpd/httpd.confFind and replace, Listen 8080 to Listen 80 , and ServerName www.example.com:8080 to ServerName localhost
$ sudo apachectl -k restartTo verify, go to browser and type "localhost" in search bar. You should see "It Works!"
PHP
$ brew install php@7.4
$ brew isntall composerTest:
$ mkdir test
$ cd test
$ composer require atk4/ui
$ nano test.phpPaste the following in PHP file:
<?php
include 'vendor/autoload.php';
$app = new atk4\ui\App('PHP-test');
$app->initLayout('Centered');
$app->add(['Label', 'Your PHP Version:', 'big blue', 'detail'=>phpversion()]);Save and exit.
$ php -S 127.0.0.1:8080Now, go on browser and navigate to: http://127.0.0.1:8080/test.php
Setting up php-fpm with Nginx
$ brew install nginx
$ sudo brew services start nginx
$ brew services start phpEdit the server section from /usr/local/etc/nginx/nginx.conf
server {
listen 80;
server_name localhost;
client_max_body_size 20M;
root /Users/<YOUR_USER_NAME>/Sites/;
location / {
index index.php index.html index.htm;
}
location = /yourapp/ {
# Simpler version of mod_rewrite catch-all approach
index index.php;
}
location /otherapp/ {
# Actual URL rewriting
rewrite ^/[^/]*/(.*) /otherapp/index.php?page=$1;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
# goes on same line:
fastcgi_param SCRIPT_FILENAME /Users/rw/Sites/$fastcgi_script_name;
include fastcgi_params;
}
}Sublime Text 3
A source code editor with a Python application programming interface. Supports many programming languages.
Download: Sublime Text 3
To block updates, add the following lines to /etc/hosts:
127.0.0.1 license.sublimehq.com
127.0.0.1 www.sublimetext.com
License Key for Sublime Text 3: (Working as of 03-05-2020) Please buy product if you like it!
----- BEGIN LICENSE ----
Member J2TeaM
Single User License
EA7E-1011316
D7DA350E 1B8B0760 972F8B60 F3E64036
B9B4E234 F356F38F 0AD1E3B7 0E9C5FAD
FA0A2ABE 25F65BD8 D51458E5 3923CE80
87428428 79079A01 AA69F319 A1AF29A4
A684C2DC 0B1583D4 19CBD290 217618CD
5653E0A0 BACE3948 BB2EE45E 422D2C87
DD9AF44B 99C49590 D2DBDEE1 75860FD2
8C8BB2AD B2ECE5A4 EFC08AF2 25A9B864
------ END LICENSE ------
Settings for Sublime:
"auto_complete_commit_on_tab": true,
"bold_folder_labels": true,
"enable_line_word_count": true,
"file_exclude_patterns":
[
".DS_Store"
],
"folder_exclude_patterns":
[
"bin", ".bundle", ".git", ".sass-cache", "tmp"
],
"hot_exit": false,
"ignored_packages":
[
"Vintage"
],
"open_files_in_new_window": false,
"remember_open_files": false,
"rulers":
[
80, 120
],
"scroll_past_end": false,
"scroll_speed": 5.0,
"show_encoding": true,
"spell_check": false,
"tab_size": 2,
"translate_tabs_to_spaces": true
Visual Studio Code
A lightweight code editor with support for many programming languages through extensions.
$ brew cask install visual-studio-codeVirtualBox
Creates and managew virtual machines. A free solution to VMWare.
brew cask install --appdir="/Applications" virtualboxAlias
A list of alias that instucts the shell to replace one string with another string while executing the commands. Like a shortcut.
Add the following to ~/.zshrc using the command vim ~/.zshrc:
alias zshconfig="vim ~/.zshrc"
alias ls="ls -G"
alias grep="grep -n -G"
alias ping="ping -c 5"
alias ps="ps aux"
alias ll="exa -ll"
alias mv="mv -vi"
alias rm="rm -vi"
alias cp="cp -vi"
alias untar="tar -xvf"
alias update="brew update && brew upgrade"
alias ..="cd .."
alias ...="cd ../../../"
alias ....="cd ../../../../"
Write to NTFS on macOS Catalina
Apple's Mac OS system can always read Windows NTFS formatted drives, but cannot write to them. This method will allow you to write to NTFS formatted drives.
$ brew cask install osxfuse
$ brew install ntfs-3gReboot into Recovery Mode (⌘-R). Open terminal and enter following command:
$ csrutil disable
$ diskutil listLook for the (synthesized) section with the name Macintosh HD - Data , see Identifier similar to disk2s1.
Replace your Identifier in place of disk2s1 on the following commands.
$ diskutil apfs unlockVolume disk2s1
$ cd /Volumes/Macintosh HD/sbin
$ mv mount_ntfs mount_ntfs.orig
$ ln -s /usr/local/sbin/mount_ntfs mount_ntfs
$ csrutil enable
$ rebootDisable Gatekeeper
Gatekeeper is a security feature of the macOS operation system. It enforces code signing and verifies the downloaded applications before allowing them to run. Disabling this feature will allow your system to run any downloaded software.
$ sudo spctl --master-disableSpoof MAC Address
MAC spoofing is a technique for changing a factory-assigned Media Access Control (MAC) address of a network interface on a networked device.
Install SpoofMac:
$ brew install spoof-mac
$ sudo spoof-mac randomize en0Change MAC address automatically from boot:
$ sudo nano /Library/LaunchDaemons/local.macspoof.plistAdd these lines:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>MacSpoof</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/spoof-mac.py</string>
<string>randomize</string>
<string>en0</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>Save and exit. Then Reboot.
To test MAC address after boot, use: spoof-mac list
If you don't want to install SpoofMac, you can change MAC address manually using the following commands:
Check existing MAC address:
$ ifconfig eno0 | grep etherGenerate a random hexadecimal number:
$ openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//'To change MAC address, use:
$ sudo ifconfig en0 ether <MAC_ADDRESS>*Note: Replace <MAC_ADDRESS> with the one you generated.
Tweaks
Reset dock back to default:
$ defaults delete com.apple.dock; killall DockChange image type for screenshots:
$ defaults write com.apple.screencapture type -string "png"(Replace png with any other i.e. bmp, gif, jpg, pdf, tiff
Avoid creating .DS_Store files on network or USB volumes:
$ defaults write com.apple.desktopservices DSDontWriteNetworkStores -bool trueFinder: show all filename extensions:
$ defaults write NSGlobalDomain AppleShowAllExtensions -bool trueFinder: show hidden files by default:
$ defaults write com.apple.finder AppleShowAllFiles -bool trueFinder: show status bar:
$ defaults write com.apple.finder ShowStatusBar -bool trueEmpty Trash securely by default:
$ defaults write com.apple.finder EmptyTrashSecurely -bool trueFull Path in Finder Title Bar:
$ defaults write com.apple.finder _FXShowPosixPathInTitle -bool YES;Automatically quit printer app once print jobs has been completed:
$ defaults write com.apple.print.PrintingPrefs "Quit When Finished" -bool trueDisable the “Are you sure you want to open this application?” dialog message:
defaults write com.apple.LaunchServices LSQuarantine -bool falseReveal IP address, hostname, OS version, etc. when clicking the clock in the login window
$ sudo defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo HostNameDon't send search queries to Apple in Safari:
$ defaults write com.apple.Safari UniversalSearchEnabled -bool false
$ defaults write com.apple.Safari SuppressSearchSuggestions -bool trueCTF Tools
A collection of Capture the Flag (CTF) Tools
$ brew install bfg binutils binwalk cifer dex2jar dns2tcp fcrackzip foremost hashpump hydra john knock netpbm pngcheck socat sqlmap tcpflow tcpreplay tcptrace xz ucspi-tcpFirefox Browser Extensions
A list of Firefox extensions that can help with online privacy.
Bitly
CanvasBlocker
CookieAutoDelete
Decentraleyes
Google Search Link Fix
HTTPS Everywhere
Privacy Badger
Terms of Service; Didn't Read
To Google Translate
uBlock Origin
User-Agent Switcher
NoScript
Firefox Privacy Focused Configuration
Type about:config in the Firefox search bar to edit configurations.
media.peerconnection.enabled = false
media.peerconnection.turn.disable = true
media.peerconnection.use_document_iceservers = false
media.peerconnection.video.enabled = false
media.peerconnection.identity.timeout = 1
privacy.firstparty.isolate = true
privacy.trackingprotection.fingerprinting.enabled = true
privacy.trackingprotection.cryptomining.enabled = true
privacy.trackingprotection.enabled = true
browser.send_pings = false
browser.sessionstore.max_tabs_undo = 0
browser.urlbar.speculativeConnect.enabled = false
dom.event.clipboardevents.enabled = false
media.eme.enabled = false
media.gmp-widevinecdm.enabled = false
media.navigator.enabled = false
network.cookie.cookieBehavior = 1
network.http.referer.XOriginPolicy = 2
network.http.referer.XOriginTrimmingPolicy = 2
webgl.disabled = true
browser.sessionstore.privacy_level = 2
network.IDN_show_punycode = true
macOS Appearance
Reduce Transparency:
$ defaults write com.apple.universalaccess reduceTransparency -bool trueRestore Default Transparency:
$ defaults write com.apple.universalaccess reduceTransparency -bool falseSave to Disk by Default (Not iCloud)
Sets default save target to local disk instead of iCloud
$ defaults write -g NSDocumentSaveNewDocumentsToCloud -bool falseDisable Adobe Acrobat Updater
$ defaults write com.adobe.AdobeUpdater.Admin Disable.Update -bool yesTransmission.app
Don’t prompt for confirmation before downloading:
$ defaults write org.m0k.transmission DownloadAsk -bool false
$ defaults write org.m0k.transmission MagnetOpenAsk -bool falseDon’t prompt for confirmation before removing non-downloading active transfers:
$ defaults write org.m0k.transmission CheckRemoveDownloading -bool trueHide the donate message:
$ defaults write org.m0k.transmission WarningDonate -bool falseHide the legal disclaimer:
$ defaults write org.m0k.transmission WarningLegal -bool falseRandomize port on launch:
$ defaults write org.m0k.transmission RandomPort -bool true
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
