WithSecureLabs/ESFang external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

WithSecureLabs/ESFang

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/WithSecureLabs/ESFang)

Close

WithSecureLabs / ESFangView on GitHubMore

• External links
• Readme badge

ESF modular ingestion tool for development and research.

☆38Dec 21, 2021Updated 4 years ago

Alternatives and similar repositories for ESFang

Users that are interested in ESFang are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• Alkenso / sEndpointSecurity

  View on GitHub
  ☆11Jun 5, 2024Updated 2 years ago
• cedowens / JXA-Runner

  View on GitHub
  Swift code to programmatically execute local or hosted JXA payloads from Terminal without using the on-disk osascript binary.
  ☆23Apr 22, 2021Updated 5 years ago
• Omar-Ikram / EndpointSecurityDemo

  View on GitHub
  This is a complete Xcode project of the Endpoint Security Demo gist: https://gist.github.com/Omar-Ikram/8e6721d8e83a3da69b31d4c2612a68ba
  ☆20Jan 5, 2025Updated last year
• StrangerealIntel / DeltaFlare

  View on GitHub
  ☆12Jun 29, 2021Updated 4 years ago
• bradleyjkemp / sigma-esf

  View on GitHub
  Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework
  ☆22Jan 22, 2021Updated 5 years ago
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• avalon1610 / SFirewall

  View on GitHub
  ☆12Oct 20, 2016Updated 9 years ago
• rderik / XPCSquirrel

  View on GitHub
  Code on how to build a macOS app that includes an XPC Service
  ☆33Oct 18, 2019Updated 6 years ago
• dtrizna / SysmonRNN

  View on GitHub
  All necessary code in order to feed Sysmon data into Recurrent Neural Network
  ☆17Jul 2, 2020Updated 5 years ago
• asaurusrex / MachoBins

  View on GitHub
  ☆15Jul 20, 2022Updated 3 years ago
• gyunaev / macprocmon

  View on GitHub
  MacOS X process monitor using EndpointSecurity extension.
  ☆37Sep 29, 2025Updated 8 months ago
• its-a-feature / macos_execute_from_memory

  View on GitHub
  PoC of macho loading from memory
  ☆58Nov 18, 2024Updated last year
• BatteryCandy / osquery-splunk-dashboards

  View on GitHub
  Collection of operational focused osquery dashboards.
  ☆10Jan 20, 2021Updated 5 years ago
• apple-oss-distributions / adv_cmds

  View on GitHub
  ☆15Oct 22, 2025Updated 7 months ago
• mandiant / macos-UnifiedLogs

  View on GitHub
  A cross platform parser for Apple UnifiedLogs!
  ☆358May 7, 2026Updated last month
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• topws / MacDemos

  View on GitHub
  常用控件（NSButton，NSTextView等使用），MAC文件监控，数字水印，Mac APP开机自动启动
  ☆20Oct 12, 2018Updated 7 years ago
• antman1p / JXA_Proc_Tree

  View on GitHub
  A JXA script for enumerating running processes, printed out in a json, parent-child tree.
  ☆14Jan 28, 2022Updated 4 years ago
• forensicxlab / volatility3_plugins

  View on GitHub
  ☆25Jul 23, 2024Updated last year
• vastlimits / esmat

  View on GitHub
  macOS Endpoint Security Message Analysis Tool
  ☆47Jan 31, 2022Updated 4 years ago
• its-a-feature / Orchard

  View on GitHub
  JavaScript for Automation (JXA) tool to do Active Directory enumeration.
  ☆107Feb 19, 2022Updated 4 years ago
• kohnakagawa / cidre-vm

  View on GitHub
  Software installation scripts for macOS systems that allows you to setup a Virtual Machine (VM) for reverse engineering macOS malware
  ☆38Feb 24, 2026Updated 3 months ago
• axelexic / CSOps

  View on GitHub
  Utility to manipulate codesigned application in Mac OS X. Demonstrate the use of csops system call.
  ☆84Mar 21, 2024Updated 2 years ago
• antman1p / PrintTCCdb

  View on GitHub
  JXA script for Mythic that prints the TCC.db
  ☆15Apr 18, 2021Updated 5 years ago
• 0xe7 / EventSniper

  View on GitHub
  ☆20Nov 6, 2023Updated 2 years ago
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• romainthomas / visionOS-liblockdown

  View on GitHub
  Code lifting for executing a visionOS library os macOS using QBDL and QBDI
  ☆22Sep 30, 2024Updated last year
• cedowens / Spotlight-Enum-Kit

  View on GitHub
  JXA and swift code that can perform some macOS situational awareness without generating TCC prompts.
  ☆40Apr 20, 2022Updated 4 years ago
• r3ggi / electroniz3r

  View on GitHub
  Take over macOS Electron apps' TCC permissions
  ☆225Aug 12, 2023Updated 2 years ago
• CylanceVulnResearch / osx_runbin

  View on GitHub
  ☆68Nov 15, 2022Updated 3 years ago
• idnahacks / NetCeasePlusPlus

  View on GitHub
  Takes the original idea of NetCease and adds functionality
  ☆24Feb 6, 2022Updated 4 years ago
• audibleblink / kh

  View on GitHub
  Keyhack - Golang API token/webhook validator
  ☆16Mar 20, 2025Updated last year
• dhinakg / apple-knowledge

  View on GitHub
  A collection of reverse engineered Apple formats
  ☆14Sep 9, 2025Updated 9 months ago
• Brandon7CC / mac-monitor

  View on GitHub
  "The missing ProcMon for macOS": Mac Monitor records Endpoint Security events and displays them for analysis.
  ☆1,344Apr 7, 2026Updated 2 months ago
• SuprHackerSteve / Crescendo

  View on GitHub
  Crescendo is a swift based, real time event viewer for macOS. It utilizes Apple's Endpoint Security Framework.
  ☆1,078Jul 22, 2021Updated 4 years ago
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• 0xmachos / apps-behaving-badly

  View on GitHub
  List of legitimate macOS apps doing not great things
  ☆35Feb 11, 2022Updated 4 years ago
• DreamingInBinary / RandomAppIdeas

  View on GitHub
  Random app ideas in an exploratory phase with basic interfaces created in SwiftUI.
  ☆10Jul 13, 2021Updated 4 years ago
• sensepost / thumbscr-ews

  View on GitHub
  Exchangelib wrapper for pentesting
  ☆68Feb 17, 2025Updated last year
• thecatenjoyer / singlestep_xorstub

  View on GitHub
  Stub for polymorphic code
  ☆11Mar 18, 2023Updated 3 years ago
• zhuowei / VirtualizationDemo

  View on GitHub
  demoing Virtualization.framework changes in macOS 12 beta
  ☆18Jun 30, 2021Updated 4 years ago
• SHA-MRIZ / FsMinfilterHooking

  View on GitHub
  ☆33Dec 22, 2020Updated 5 years ago
• willyu-elastic / SimpleEndpoint

  View on GitHub
  Sample code for macOS Extensions Part 3
  ☆24Feb 20, 2020Updated 6 years ago