WithSecureLabs/ESFang external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

WithSecureLabs/ESFang

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/WithSecureLabs/ESFang)

Close

WithSecureLabs / ESFangView on GitHubMore

• External links
• Readme badge

ESF modular ingestion tool for development and research.

☆38Dec 21, 2021Updated 4 years ago

Alternatives and similar repositories for ESFang

Users that are interested in ESFang are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• cedowens / JXA-Runner

  View on GitHub
  Swift code to programmatically execute local or hosted JXA payloads from Terminal without using the on-disk osascript binary.
  ☆23Apr 22, 2021Updated 5 years ago
• Omar-Ikram / EndpointSecurityDemo

  View on GitHub
  This is a complete Xcode project of the Endpoint Security Demo gist: https://gist.github.com/Omar-Ikram/8e6721d8e83a3da69b31d4c2612a68ba
  ☆20Jan 5, 2025Updated last year
• StrangerealIntel / DeltaFlare

  View on GitHub
  ☆12Jun 29, 2021Updated 4 years ago
• avalon1610 / SFirewall

  View on GitHub
  ☆12Oct 20, 2016Updated 9 years ago
• ka7ana / CVE-2023-36025

  View on GitHub
  Quick test for CVE-2023-26025 behaviours
  ☆13Nov 29, 2023Updated 2 years ago
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• rderik / XPCSquirrel

  View on GitHub
  Code on how to build a macOS app that includes an XPC Service
  ☆33Oct 18, 2019Updated 6 years ago
• dtrizna / SysmonRNN

  View on GitHub
  All necessary code in order to feed Sysmon data into Recurrent Neural Network
  ☆17Jul 2, 2020Updated 5 years ago
• asaurusrex / MachoBins

  View on GitHub
  ☆15Jul 20, 2022Updated 3 years ago
• gyunaev / macprocmon

  View on GitHub
  MacOS X process monitor using EndpointSecurity extension.
  ☆37Sep 29, 2025Updated 7 months ago
• Trinity2019 / SimplePcap

  View on GitHub
  A simple demonstration of the macOS Network Extension
  ☆17May 12, 2021Updated 4 years ago
• its-a-feature / macos_execute_from_memory

  View on GitHub
  PoC of macho loading from memory
  ☆58Nov 18, 2024Updated last year
• MortenSchenk / Privilege_Shellcode

  View on GitHub
  Kernel Shellcode to add all privileges in token
  ☆15Mar 13, 2017Updated 9 years ago
• ronwai / dsctool

  View on GitHub
  Hopper plugin to analyze ObjC runtime structures in the dyld_shared_cache
  ☆26Feb 26, 2021Updated 5 years ago
• insidegui / CoreFollowUpAttack

  View on GitHub
  CoreFollowUp phishing attack on macOS
  ☆15Mar 15, 2022Updated 4 years ago
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• mandiant / macos-UnifiedLogs

  View on GitHub
  A cross platform parser for Apple UnifiedLogs!
  ☆341Apr 22, 2026Updated last week
• antman1p / JXA_Proc_Tree

  View on GitHub
  A JXA script for enumerating running processes, printed out in a json, parent-child tree.
  ☆14Jan 28, 2022Updated 4 years ago
• its-a-feature / loginItemManipulator

  View on GitHub
  ☆15May 26, 2021Updated 4 years ago
• forensicxlab / volatility3_plugins

  View on GitHub
  ☆25Jul 23, 2024Updated last year
• vastlimits / esmat

  View on GitHub
  macOS Endpoint Security Message Analysis Tool
  ☆47Jan 31, 2022Updated 4 years ago
• its-a-feature / Orchard

  View on GitHub
  JavaScript for Automation (JXA) tool to do Active Directory enumeration.
  ☆107Feb 19, 2022Updated 4 years ago
• kohnakagawa / cidre-vm

  View on GitHub
  Software installation scripts for macOS systems that allows you to setup a Virtual Machine (VM) for reverse engineering macOS malware
  ☆38Feb 24, 2026Updated 2 months ago
• axelexic / CSOps

  View on GitHub
  Utility to manipulate codesigned application in Mac OS X. Demonstrate the use of csops system call.
  ☆84Mar 21, 2024Updated 2 years ago
• antman1p / PrintTCCdb

  View on GitHub
  JXA script for Mythic that prints the TCC.db
  ☆15Apr 18, 2021Updated 5 years ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• 0xe7 / EventSniper

  View on GitHub
  ☆20Nov 6, 2023Updated 2 years ago
• breakpointHQ / TCC-ClickJacking

  View on GitHub
  A proof of concept for a clickjacking attack on macOS.
  ☆98Feb 12, 2024Updated 2 years ago
• romainthomas / visionOS-liblockdown

  View on GitHub
  Code lifting for executing a visionOS library os macOS using QBDL and QBDI
  ☆22Sep 30, 2024Updated last year
• cedowens / Spotlight-Enum-Kit

  View on GitHub
  JXA and swift code that can perform some macOS situational awareness without generating TCC prompts.
  ☆40Apr 20, 2022Updated 4 years ago
• cedowens / Dylib_Runner

  View on GitHub
  Swift code to run a dylib on disk
  ☆16May 9, 2022Updated 3 years ago
• r3ggi / electroniz3r

  View on GitHub
  Take over macOS Electron apps' TCC permissions
  ☆225Aug 12, 2023Updated 2 years ago
• opendns / PinyinDetector

  View on GitHub
  Tool to identify domains containing Pinyin language
  ☆12Oct 18, 2014Updated 11 years ago
• mhaskar / Octopus-C2-RedTeam-infrastructure-automation

  View on GitHub
  ☆22May 29, 2020Updated 5 years ago
• idnahacks / NetCeasePlusPlus

  View on GitHub
  Takes the original idea of NetCease and adds functionality
  ☆24Feb 6, 2022Updated 4 years ago
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• Brandon7CC / mac-monitor

  View on GitHub
  "The missing ProcMon for macOS": Mac Monitor records Endpoint Security events and displays them for analysis.
  ☆1,298Apr 7, 2026Updated 3 weeks ago
• theevilbit / macos

  View on GitHub
  ☆34Jun 12, 2024Updated last year
• richiercyrus / Venator-Swift

  View on GitHub
  Swift Command line tool used for proactive detection of malicious activity on macOS systems.
  ☆67Jul 1, 2020Updated 5 years ago
• dhinakg / apple-knowledge

  View on GitHub
  A collection of reverse engineered Apple formats
  ☆13Sep 9, 2025Updated 7 months ago
• SuprHackerSteve / Crescendo

  View on GitHub
  Crescendo is a swift based, real time event viewer for macOS. It utilizes Apple's Endpoint Security Framework.
  ☆1,076Jul 22, 2021Updated 4 years ago
• 0xmachos / apps-behaving-badly

  View on GitHub
  List of legitimate macOS apps doing not great things
  ☆35Feb 11, 2022Updated 4 years ago
• zodiacon / KernelObjectView

  View on GitHub
  View handles and object for each object type
  ☆67Sep 1, 2019Updated 6 years ago