Tag Archives: MacOS

MacOSThreatTrack : Bash Tool Used For Proactive Detection Of Malicious Activity On macOS Systems

MacOSThreatTrack is a Bash tool used for proactive detection of malicious activity on macOS systems. The tool is being tested in the beta phase, and it only gathers MacOS system information at this time. The code is poorly organized and requires significant improvements. Description Bash tool used for proactive detection of malicious activity on macOS …

Continue reading “MacOSThreatTrack : Bash Tool Used For Proactive Detection Of Malicious Activity On macOS Systems”

DataSurgeon : Quickly Extracts IP’s, Email Addresses, Hashes, Files, Credit Cards, Social Secuirty Numbers And More From Text

DataSurgeon (ds) is a versatile tool designed for incident response, penetration testing, and CTF challenges. It allows for the extraction of various types of sensitive information including emails, phone numbers, hashes, credit cards, URLs, IP addresses, MAC addresses, SRV DNS records and a lot more! Extraction Features Want more? Please read the contributing guidelines here …

Continue reading “DataSurgeon : Quickly Extracts IP’s, Email Addresses, Hashes, Files, Credit Cards, Social Secuirty Numbers And More From Text”

Email-Vulnerablity-Checker : Find Email Spoofing Vulnerability Of Domains

Email Vulnerablity Checker v1.1.1 verifies whether the domain is vulnerable to spoofing by Email-vulnerablity-checker Features Usage: Clone the package by running: Step 1. Install Requirements # Update the package list and install dig for Debian-based Linux distribution sudo apt update sudo apt install dnsutils # Install dig for CentOS sudo yum install bind-utils # Install …

Continue reading “Email-Vulnerablity-Checker : Find Email Spoofing Vulnerability Of Domains”

Ma2Tl : macOS Forensic Timeline Generator Using The Analysis Result DBs Of Mac_Apt

Ma2Tl is a DFIR tool for generating a macOS forensic timeline from the analysis result DBs of mac_apt. Requirements Python 3.7.0 or later pytz tzlocal xlsxwriter Installation % git clone https://github.com/mnrkbys/ma2tl.git Usage % python ./ma2tl.py -husage: ma2tl.py [-h] [-i INPUT] [-o OUTPUT] [-ot OUTPUT_TYPE] [-s START] [-e END] [-t TIMEZONE] [-l LOG_LEVEL] plugin [plugin …]Forensic timeline …

Continue reading “Ma2Tl : macOS Forensic Timeline Generator Using The Analysis Result DBs Of Mac_Apt”

Boko : Application Hijack Scanner For macOS

Boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables, as well as scripts an application may use that have the potential to be backdoored. The tool also calls out interesting files and lists them instead of manually browsing the file system for …

Continue reading “Boko : Application Hijack Scanner For macOS”

MacHound : An extension to audit Bloodhound collecting and ingesting of Active Directory relationships on MacOS hosts

MacHound is an extension to the Bloodhound audting tool allowing collecting and ingesting of Active Directory relationships on MacOS hosts. MacHound collects information about logged-in users, and administrative group members on Mac machines and ingest the information into the Bloodhound database. In addition to using the HasSession and AdminTo edges, MacHound adds three new edges …

Continue reading “MacHound : An extension to audit Bloodhound collecting and ingesting of Active Directory relationships on MacOS hosts”

Swift-Attack : Unit Tests For Blue Teams To Aid With Building Detections For Some Common macOS Post Exploitation Methods

Swift-Attack is a unit tests for blue teams to aid with building detections for some common macOS post exploitation methods. I have included some post exploitation examples using both command line history and on disk binaries (which should be easier for detection) as well as post exploitation examples using API calls only (which will be …

Continue reading “Swift-Attack : Unit Tests For Blue Teams To Aid With Building Detections For Some Common macOS Post Exploitation Methods”

PoisonApple : macOS Persistence Tool

PoisonApple is a command-line tool to perform various persistence mechanism techniques on macOS. This tool was designed to be used by threat hunters for cyber threat emulation purposes. Install Do it up: $ pip3 install poisonapple –user Note: PoisonApple was written & tested using Python 3.9, it should work using Python 3.6+ Important Notes! PoisonApple …

Continue reading “PoisonApple : macOS Persistence Tool”

SwiftBelt : A macOS Enumeration Tool Inspired By Harmjoy’S Windows

SwiftBelt is a macOS enumerator inspired by @harmjoy’s Windows-based Seatbelt enumeration tool. SwiftBelt does not utilize any command line utilities and instead uses Swift code (leveraging the Cocoa Framework, Foundation libraries, OSAKit libraries, etc.) to perform system enumeration. This can be leveraged on the offensive side to perform enumeration once you gain access to a …

Continue reading “SwiftBelt : A macOS Enumeration Tool Inspired By Harmjoy’S Windows”

Sinter : User-Mode Application Authorization System For MacOS

Sinter is a 100% user-mode endpoint security agent for macOS 10.15 and above, written in Swift. It uses the user-mode EndpointSecurity API to subscribe to and receive authorization callbacks from the macOS kernel, for a set of security-relevant event types. The current version of Sinter supports allowing/denying process executions; in future versions we intend to …

Continue reading “Sinter : User-Mode Application Authorization System For MacOS”