The Great Exposure Reset
24 February 2026 @ 5pm CET / 11am EST
CheckMates Fest 2026
Watch Now!AI Security Masters
Hacking with AI: The Dark Side of Innovation
CheckMates Go:
CheckMates Fest
Hey guys,
Wondering if someone would be kind enough to try this script in their lab? I ran it on mine, but it comes up emoty and its cause I dont have any unused objects in my lab policy.
Below is what I get:
[Expert@CP-MANAGEMENT:0]# ./cp_unused_objects.sh --user admin --password 'maxwe!!' --limit 1000
[Expert@CP-MANAGEMENT:0]# ls
cp_unused_2026-02-08_121753 cp_unused_2026-02-08_121806 cp_unused_objects.sh
[Expert@CP-MANAGEMENT:0]# cd cp_unused_2026-02-08_121753/
[Expert@CP-MANAGEMENT:0]# ls
unused_all.json
[Expert@CP-MANAGEMENT:0]# more unused_all.json
[]
[Expert@CP-MANAGEMENT:0]#
Hey guys,
Wondering if someone would be kind enough to try this script in their lab? I ran it on mine, but it comes up emoty and its cause I dont have any unused objects in my lab policy.
Below is what I get:
[Expert@CP-MANAGEMENT:0]# ./cp_unused_objects.sh --user admin --password 'maxwe!!' --limit 1000
[Expert@CP-MANAGEMENT:0]# ls
cp_unused_2026-02-08_121753 cp_unused_2026-02-08_121806 cp_unused_objects.sh
[Expert@CP-MANAGEMENT:0]# cd cp_unused_2026-02-08_121753/
[Expert@CP-MANAGEME
Just had a view on the script using my mobile and have two thoughts.
I was wondering, does it make sense to check for jq right at the start and just exit if it's missing instead of checking nd exiting in the middle of the script?
Also, could it be that the script is a bit inefficient when many many objects come Into the gane by constantly reading and rewriting large data files? Perhaps appending the new data would be much faster. Correct me if I m wrong because misread the script.
Just had a view on the script using my mobile and have two thoughts.
I was wondering, does it make sense to check for jq right at the start and just exit if it's missing instead of checking nd exiting in the middle of the script?
Also, could it be that the script is a bit inefficient when many many objects come Into the gane by constantly reading and rewriting large data files? Perhaps appending the new data would be much faster. Correct me if I m wrong because misread the script.
...;
Yea...thats why Im trying to see if I can test it on management with lots of unused objects. Let me try my standalone lab and see.
Just tested on a test domain using
time ./cpunused.sh --user <my user> --password <my pass> --domain "TEST"
Script ran and created empty directory.
Hello
executing the script using bash -x cp_unused_objects.sh ... returns the error: jq: Unknown option --argjson
I tested the script on an MDS R81.20, JQ version is 1.4 and this version doesn't provide argjson option.
Did some modifications and this version worked on a test domain in our environment:
================================================================================
CHECK POINT UNUSED OBJECTS REPORT
================================================================================
Generated: 2026-02-09 11:13:14
Domain: TEST
================================================================================
SUMMARY
================================================================================
Total unused objects: 9
Unused services: 4
Unused non-services: 5
================================================================================
TOP 10 OBJECT TYPES
================================================================================
host 4 ( 44.4%) ######################
service-tcp 4 ( 44.4%) ######################
group 1 ( 11.1%) #####
================================================================================
OUTPUT FILES
================================================================================
- ./cp_unused_2026-02-09_111310/unused_all.json
- ./cp_unused_2026-02-09_111310/unused_all.csv
- ./cp_unused_2026-02-09_111310/unused_services.csv
- ./cp_unused_2026-02-09_111310/unused_non_services.csv
- ./cp_unused_2026-02-09_111310/unused_report.txt
================================================================================
[INFO]
[INFO] ================================================================================
[INFO] ✓ SUCCESS - All files exported to: /home/m4sebbl/cp_unused_2026-02-09_111310
[INFO] ================================================================================
[INFO]
[INFO] Cleaning up session...
Did some modifications and this version worked on a test domain in our environment:
================================================================================ CHECK POINT UNUSED OBJECTS REPORT ================================================================================ Generated: 2026-02-09 11:13:14 Domain: TEST ================================================================================ SUMMARY =========================================================================@the_rock fyi:
Just tested this version on a CMA with more objects.
================================================================================
SUMMARY
================================================================================
Total unused objects: 2058
Unused services: 144
Unused non-services: 1914
Time used:
real 0m27.392s
user 0m2.945s
sys 0m2.828s
@the_rock fyi:
Just tested this version on a CMA with more objects.
================================================================================ SUMMARY ================================================================================ Total unused objects: 2058 Unused services: 144 Unused non-services: 1914
Time used:
real 0m27.392s user 0m2.945s sys 0m2.828s
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY