WithSecureLabs/ESFang external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

WithSecureLabs/ESFang

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/WithSecureLabs/ESFang)

Close

WithSecureLabs / ESFangView on GitHubMore

• External links
• Readme badge

ESF modular ingestion tool for development and research.

☆38Dec 21, 2021Updated 4 years ago

Alternatives and similar repositories for ESFang

Users that are interested in ESFang are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• Alkenso / sEndpointSecurity

  View on GitHub
  ☆11Jun 5, 2024Updated last year
• cedowens / JXA-Runner

  View on GitHub
  Swift code to programmatically execute local or hosted JXA payloads from Terminal without using the on-disk osascript binary.
  ☆23Apr 22, 2021Updated 4 years ago
• Omar-Ikram / EndpointSecurityDemo

  View on GitHub
  This is a complete Xcode project of the Endpoint Security Demo gist: https://gist.github.com/Omar-Ikram/8e6721d8e83a3da69b31d4c2612a68ba
  ☆20Jan 5, 2025Updated last year
• bradleyjkemp / sigma-esf

  View on GitHub
  Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework
  ☆22Jan 22, 2021Updated 5 years ago
• avalon1610 / SFirewall

  View on GitHub
  ☆12Oct 20, 2016Updated 9 years ago
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• ka7ana / CVE-2023-36025

  View on GitHub
  Quick test for CVE-2023-26025 behaviours
  ☆13Nov 29, 2023Updated 2 years ago
• rderik / XPCSquirrel

  View on GitHub
  Code on how to build a macOS app that includes an XPC Service
  ☆33Oct 18, 2019Updated 6 years ago
• dtrizna / SysmonRNN

  View on GitHub
  All necessary code in order to feed Sysmon data into Recurrent Neural Network
  ☆17Jul 2, 2020Updated 5 years ago
• asaurusrex / MachoBins

  View on GitHub
  ☆15Jul 20, 2022Updated 3 years ago
• gyunaev / macprocmon

  View on GitHub
  MacOS X process monitor using EndpointSecurity extension.
  ☆37Sep 29, 2025Updated 6 months ago
• Trinity2019 / SimplePcap

  View on GitHub
  A simple demonstration of the macOS Network Extension
  ☆16May 12, 2021Updated 4 years ago
• its-a-feature / macos_execute_from_memory

  View on GitHub
  PoC of macho loading from memory
  ☆58Nov 18, 2024Updated last year
• MortenSchenk / Privilege_Shellcode

  View on GitHub
  Kernel Shellcode to add all privileges in token
  ☆15Mar 13, 2017Updated 9 years ago
• BatteryCandy / osquery-splunk-dashboards

  View on GitHub
  Collection of operational focused osquery dashboards.
  ☆10Jan 20, 2021Updated 5 years ago
• End-to-end encrypted cloud storage - Proton Drive • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
• ronwai / dsctool

  View on GitHub
  Hopper plugin to analyze ObjC runtime structures in the dyld_shared_cache
  ☆26Feb 26, 2021Updated 5 years ago
• apple-oss-distributions / adv_cmds

  View on GitHub
  ☆15Oct 22, 2025Updated 5 months ago
• mandiant / macos-UnifiedLogs

  View on GitHub
  A cross platform parser for Apple UnifiedLogs!
  ☆338Mar 8, 2026Updated last month
• topws / MacDemos

  View on GitHub
  常用控件（NSButton，NSTextView等使用），MAC文件监控，数字水印，Mac APP开机自动启动
  ☆20Oct 12, 2018Updated 7 years ago
• antman1p / JXA_Proc_Tree

  View on GitHub
  A JXA script for enumerating running processes, printed out in a json, parent-child tree.
  ☆14Jan 28, 2022Updated 4 years ago
• vastlimits / esmat

  View on GitHub
  macOS Endpoint Security Message Analysis Tool
  ☆47Jan 31, 2022Updated 4 years ago
• kohnakagawa / cidre-vm

  View on GitHub
  Software installation scripts for macOS systems that allows you to setup a Virtual Machine (VM) for reverse engineering macOS malware
  ☆36Feb 24, 2026Updated last month
• antman1p / PrintTCCdb

  View on GitHub
  JXA script for Mythic that prints the TCC.db
  ☆15Apr 18, 2021Updated 4 years ago
• breakpointHQ / TCC-ClickJacking

  View on GitHub
  A proof of concept for a clickjacking attack on macOS.
  ☆97Feb 12, 2024Updated 2 years ago
• DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• theevilbit / DuckDockTile

  View on GitHub
  ☆17Sep 29, 2023Updated 2 years ago
• cedowens / Dylib_Runner

  View on GitHub
  Swift code to run a dylib on disk
  ☆16May 9, 2022Updated 3 years ago
• CylanceVulnResearch / osx_runbin

  View on GitHub
  ☆68Nov 15, 2022Updated 3 years ago
• r3ggi / electroniz3r

  View on GitHub
  Take over macOS Electron apps' TCC permissions
  ☆223Aug 12, 2023Updated 2 years ago
• opendns / PinyinDetector

  View on GitHub
  Tool to identify domains containing Pinyin language
  ☆12Oct 18, 2014Updated 11 years ago
• mhaskar / Octopus-C2-RedTeam-infrastructure-automation

  View on GitHub
  ☆22May 29, 2020Updated 5 years ago
• Brandon7CC / mac-monitor

  View on GitHub
  "The missing ProcMon for macOS": Mac Monitor records Endpoint Security events and displays them for analysis.
  ☆1,287Updated this week
• richiercyrus / Venator-Swift

  View on GitHub
  Swift Command line tool used for proactive detection of malicious activity on macOS systems.
  ☆67Jul 1, 2020Updated 5 years ago
• dhinakg / apple-knowledge

  View on GitHub
  A collection of reverse engineered Apple formats
  ☆13Sep 9, 2025Updated 7 months ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• SuprHackerSteve / Crescendo

  View on GitHub
  Crescendo is a swift based, real time event viewer for macOS. It utilizes Apple's Endpoint Security Framework.
  ☆1,073Jul 22, 2021Updated 4 years ago
• 0xmachos / apps-behaving-badly

  View on GitHub
  List of legitimate macOS apps doing not great things
  ☆35Feb 11, 2022Updated 4 years ago
• zodiacon / KernelObjectView

  View on GitHub
  View handles and object for each object type
  ☆65Sep 1, 2019Updated 6 years ago
• sensepost / thumbscr-ews

  View on GitHub
  Exchangelib wrapper for pentesting
  ☆67Feb 17, 2025Updated last year
• thecatenjoyer / singlestep_xorstub

  View on GitHub
  Stub for polymorphic code
  ☆11Mar 18, 2023Updated 3 years ago
• norio-nomura / high-sierra-vm-installer-fix

  View on GitHub
  Fix for creating macOS High Sierra VMs using VMware Fusion 8.x
  ☆13Jun 8, 2017Updated 8 years ago
• VeroFess / Showdown

  View on GitHub
  A universal anti-cheat tool for windows/macOS/linux. Only x64 programs are supported.
  ☆20Feb 19, 2023Updated 3 years ago