SentineLabs/XProtect-Malware-Families external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

SentineLabs/XProtect-Malware-Families

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/SentineLabs/XProtect-Malware-Families)

Close

SentineLabs / XProtect-Malware-FamiliesView on GitHubMore

• External links
• Readme badge

Mapping XProtect's obfuscated malware family names to common industry names.

☆94Nov 14, 2025Updated 6 months ago

Alternatives and similar repositories for XProtect-Malware-Families

Users that are interested in XProtect-Malware-Families are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• SentineLabs / macos-ttps-yara

  View on GitHub
  A ruleset to find potentially malicious code in macOS malware samples
  ☆41Aug 29, 2023Updated 2 years ago
• ald3ns / XPR-dump

  View on GitHub
  Helper scripts to automate the extraction of YARA rules from XProtectRemediators
  ☆22Mar 5, 2024Updated 2 years ago
• l0psec / arm64_macOS_Syscalls

  View on GitHub
  ☆57Jul 1, 2024Updated last year
• 0xmachos / apps-behaving-badly

  View on GitHub
  List of legitimate macOS apps doing not great things
  ☆35Feb 11, 2022Updated 4 years ago
• knightsc / XProtect

  View on GitHub
  macOS XProtect definition files
  ☆40Mar 25, 2022Updated 4 years ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• mandiant / macos-UnifiedLogs

  View on GitHub
  A cross platform parser for Apple UnifiedLogs!
  ☆354May 7, 2026Updated 3 weeks ago
• SentineLabs / aevt_decompile

  View on GitHub
  This is a work-in-progress command line tool for reversing run-only AppleScripts. It will help parse the output of applescript-disassembl…
  ☆72Jan 12, 2021Updated 5 years ago
• JayBrown / macOS-Security-Updates

  View on GitHub
  Notifies the user when macOS Security components like Gatekeeper and XProtect have been updated
  ☆61Mar 12, 2021Updated 5 years ago
• sandflysecurity / sandfly-file-decloak

  View on GitHub
  Decloak Linux stealth rootkits hiding data with this simple memory mapped IO investigation tool.
  ☆29Sep 29, 2025Updated 8 months ago
• knightsc / EndpointSecurity

  View on GitHub
  A module to expose the Endpoint Security library to Swift
  ☆20Jul 10, 2019Updated 6 years ago
• cedowens / EntitlementCheck

  View on GitHub
  Scripts (python3 and Swift) for macOS to recursively check /Applications and also check /usr/local/bin, /usr/bin, and /usr/sbin for binar…
  ☆98Sep 14, 2022Updated 3 years ago
• PhorionTech / Kronos

  View on GitHub
  Phorion Kronos is a macOS security tool designed to enhance Apple's Transparency Consent and Control (TCC) security and privacy mechanism…
  ☆82Nov 21, 2023Updated 2 years ago
• cedowens / Inject_Dylib

  View on GitHub
  Swift code to programmatically perform dylib injection
  ☆53Oct 29, 2022Updated 3 years ago
• objective-see / FileMonitor

  View on GitHub
  File Monitor Library (based on Apple's new Endpoint Security Framework)
  ☆384Oct 9, 2022Updated 3 years ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• apple-oss-distributions / lsof

  View on GitHub
  ☆12Oct 22, 2025Updated 7 months ago
• Azure-Samples / ms-identity-macOS-swift-objc

  View on GitHub
  Desktop application for MacOS calling Microsoft Graph. It's written in swift and uses the Microsoft identity platform
  ☆12Jan 12, 2024Updated 2 years ago
• 0xmachos / macOS-Security-Research

  View on GitHub
  macOS Security Research
  ☆122Mar 15, 2024Updated 2 years ago
• aerosoul94 / tilutil

  View on GitHub
  Python scripts for parsing IDA TIL files.
  ☆30Jul 16, 2021Updated 4 years ago
• antman1p / freyja

  View on GitHub
  Freyja is a Golang, Purple Team agent that compiles into Windows, Linux and macOS x64 executables.
  ☆41Oct 29, 2024Updated last year
• g-les / macho_similarity

  View on GitHub
  Conceptual Methods for Finding Commonalities in Macho Files
  ☆12Mar 21, 2024Updated 2 years ago
• trailofbits / sinter

  View on GitHub
  A user-mode application authorization system for MacOS written in Swift
  ☆300Sep 18, 2020Updated 5 years ago
• ald3ns / copy-as-yara

  View on GitHub
  This is a little plugin to copy disassembly in a way that is usable in YARA rules!
  ☆48Apr 14, 2025Updated last year
• richiercyrus / Venator-Swift

  View on GitHub
  Swift Command line tool used for proactive detection of malicious activity on macOS systems.
  ☆67Jul 1, 2020Updated 5 years ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• objective-see / ProcessMonitor

  View on GitHub
  Process Monitor Library (based on Apple's new Endpoint Security Framework)
  ☆500Oct 20, 2023Updated 2 years ago
• antman1p / JXA_Proc_Tree

  View on GitHub
  A JXA script for enumerating running processes, printed out in a json, parent-child tree.
  ☆14Jan 28, 2022Updated 4 years ago
• jhftss / CVE-2022-22639

  View on GitHub
  CVE-2022-22639: Get a Root Shell on macOS Monterey
  ☆121Apr 5, 2022Updated 4 years ago
• smb01 / zxshell

  View on GitHub
  a open source rat from china
  ☆27Oct 28, 2016Updated 9 years ago
• ripeda / Lectricus

  View on GitHub
  Programmatic Electron fuse detection
  ☆21Jul 2, 2024Updated last year
• MythicAgents / hermes

  View on GitHub
  Swift 5 macOS agent
  ☆116Jul 23, 2024Updated last year
• infosecB / LOOBins

  View on GitHub
  Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" ma…
  ☆539Apr 30, 2026Updated 3 weeks ago
• mac4n6 / FSEventsParser

  View on GitHub
  Parser fo macOS/iOS FSEvents Logs
  ☆46May 6, 2024Updated 2 years ago
• puffyCid / macos-fseventsd

  View on GitHub
  A library to parse macOS FsEvents
  ☆25Aug 28, 2022Updated 3 years ago
• Serverless GPU API endpoints on Runpod - Get Bonus Credits • Ad
  Skip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
• bfuzzy / ThreatHunter-Playbook

  View on GitHub
  A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
  ☆14Jul 18, 2018Updated 7 years ago
• hjuutilainen / apple-updates

  View on GitHub
  Track Apple software update changes with Github Actions
  ☆27Feb 11, 2022Updated 4 years ago
• 0xmachos / mac-white-papers

  View on GitHub
  Every OS X/ macOS white paper
  ☆114Apr 14, 2020Updated 6 years ago
• apple-oss-distributions / Libsystem

  View on GitHub
  ☆25Oct 22, 2025Updated 7 months ago
• knightsc / system_policy

  View on GitHub
  osquery table extension that allows querying of information from the macOS private SystemPolicy.framework
  ☆32Oct 29, 2021Updated 4 years ago
• mroi / apple-internals

  View on GitHub
  information and tools to understand the internals of Apple’s operating systems
  ☆199Mar 30, 2026Updated last month
• MacPaw / Notarized

  View on GitHub
  Tiny tool to reveal notarized applications
  ☆24Dec 25, 2018Updated 7 years ago