MacOSThreatTrack is a Bash tool used for proactive detection of malicious activity on macOS systems. The tool is being tested in the beta phase, and it only gathers MacOS system information at this time. The code is poorly organized and requires significant improvements. Description Bash tool used for proactive detection of malicious activity on macOS …
Tag Archives: MacOS
DataSurgeon : Quickly Extracts IP’s, Email Addresses, Hashes, Files, Credit Cards, Social Secuirty Numbers And More From Text
DataSurgeon (ds) is a versatile tool designed for incident response, penetration testing, and CTF challenges. It allows for the extraction of various types of sensitive information including emails, phone numbers, hashes, credit cards, URLs, IP addresses, MAC addresses, SRV DNS records and a lot more! Extraction Features Want more? Please read the contributing guidelines here …
Email-Vulnerablity-Checker : Find Email Spoofing Vulnerability Of Domains
Email Vulnerablity Checker v1.1.1 verifies whether the domain is vulnerable to spoofing by Email-vulnerablity-checker Features Usage: Clone the package by running: Step 1. Install Requirements # Update the package list and install dig for Debian-based Linux distribution sudo apt update sudo apt install dnsutils # Install dig for CentOS sudo yum install bind-utils # Install …
Continue reading “Email-Vulnerablity-Checker : Find Email Spoofing Vulnerability Of Domains”
Ma2Tl : macOS Forensic Timeline Generator Using The Analysis Result DBs Of Mac_Apt
Ma2Tl is a DFIR tool for generating a macOS forensic timeline from the analysis result DBs of mac_apt. Requirements Python 3.7.0 or later pytz tzlocal xlsxwriter Installation % git clone https://github.com/mnrkbys/ma2tl.git Usage % python ./ma2tl.py -husage: ma2tl.py [-h] [-i INPUT] [-o OUTPUT] [-ot OUTPUT_TYPE] [-s START] [-e END] [-t TIMEZONE] [-l LOG_LEVEL] plugin [plugin …]Forensic timeline …
Boko : Application Hijack Scanner For macOS
Boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables, as well as scripts an application may use that have the potential to be backdoored. The tool also calls out interesting files and lists them instead of manually browsing the file system for …
Continue reading “Boko : Application Hijack Scanner For macOS”
MacHound : An extension to audit Bloodhound collecting and ingesting of Active Directory relationships on MacOS hosts
MacHound is an extension to the Bloodhound audting tool allowing collecting and ingesting of Active Directory relationships on MacOS hosts. MacHound collects information about logged-in users, and administrative group members on Mac machines and ingest the information into the Bloodhound database. In addition to using the HasSession and AdminTo edges, MacHound adds three new edges …
Swift-Attack : Unit Tests For Blue Teams To Aid With Building Detections For Some Common macOS Post Exploitation Methods
Swift-Attack is a unit tests for blue teams to aid with building detections for some common macOS post exploitation methods. I have included some post exploitation examples using both command line history and on disk binaries (which should be easier for detection) as well as post exploitation examples using API calls only (which will be …
PoisonApple : macOS Persistence Tool
PoisonApple is a command-line tool to perform various persistence mechanism techniques on macOS. This tool was designed to be used by threat hunters for cyber threat emulation purposes. Install Do it up: $ pip3 install poisonapple –user Note: PoisonApple was written & tested using Python 3.9, it should work using Python 3.6+ Important Notes! PoisonApple …
SwiftBelt : A macOS Enumeration Tool Inspired By Harmjoy’S Windows
SwiftBelt is a macOS enumerator inspired by @harmjoy’s Windows-based Seatbelt enumeration tool. SwiftBelt does not utilize any command line utilities and instead uses Swift code (leveraging the Cocoa Framework, Foundation libraries, OSAKit libraries, etc.) to perform system enumeration. This can be leveraged on the offensive side to perform enumeration once you gain access to a …
Continue reading “SwiftBelt : A macOS Enumeration Tool Inspired By Harmjoy’S Windows”
Sinter : User-Mode Application Authorization System For MacOS
Sinter is a 100% user-mode endpoint security agent for macOS 10.15 and above, written in Swift. It uses the user-mode EndpointSecurity API to subscribe to and receive authorization callbacks from the macOS kernel, for a set of security-relevant event types. The current version of Sinter supports allowing/denying process executions; in future versions we intend to …
Continue reading “Sinter : User-Mode Application Authorization System For MacOS”