WithSecureLabs/ESFang external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

WithSecureLabs/ESFang

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/WithSecureLabs/ESFang)

Close

WithSecureLabs / ESFangView on GitHubMore

• External links
• Readme badge

ESF modular ingestion tool for development and research.

☆38Dec 21, 2021Updated 4 years ago

Alternatives and similar repositories for ESFang

Users that are interested in ESFang are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• cedowens / JXA-Runner

  View on GitHub
  Swift code to programmatically execute local or hosted JXA payloads from Terminal without using the on-disk osascript binary.
  ☆23Apr 22, 2021Updated 5 years ago
• StrangerealIntel / DeltaFlare

  View on GitHub
  ☆12Jun 29, 2021Updated 4 years ago
• bradleyjkemp / sigma-esf

  View on GitHub
  Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework
  ☆22Jan 22, 2021Updated 5 years ago
• ka7ana / CVE-2023-36025

  View on GitHub
  Quick test for CVE-2023-26025 behaviours
  ☆13Nov 29, 2023Updated 2 years ago
• rderik / XPCSquirrel

  View on GitHub
  Code on how to build a macOS app that includes an XPC Service
  ☆33Oct 18, 2019Updated 6 years ago
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• asaurusrex / MachoBins

  View on GitHub
  ☆15Jul 20, 2022Updated 3 years ago
• gyunaev / macprocmon

  View on GitHub
  MacOS X process monitor using EndpointSecurity extension.
  ☆37Sep 29, 2025Updated 7 months ago
• Trinity2019 / SimplePcap

  View on GitHub
  A simple demonstration of the macOS Network Extension
  ☆17May 12, 2021Updated 4 years ago
• its-a-feature / macos_execute_from_memory

  View on GitHub
  PoC of macho loading from memory
  ☆58Nov 18, 2024Updated last year
• MortenSchenk / Privilege_Shellcode

  View on GitHub
  Kernel Shellcode to add all privileges in token
  ☆15Mar 13, 2017Updated 9 years ago
• ronwai / dsctool

  View on GitHub
  Hopper plugin to analyze ObjC runtime structures in the dyld_shared_cache
  ☆26Feb 26, 2021Updated 5 years ago
• insidegui / CoreFollowUpAttack

  View on GitHub
  CoreFollowUp phishing attack on macOS
  ☆15Mar 15, 2022Updated 4 years ago
• mandiant / macos-UnifiedLogs

  View on GitHub
  A cross platform parser for Apple UnifiedLogs!
  ☆341Apr 22, 2026Updated last week
• antman1p / JXA_Proc_Tree

  View on GitHub
  A JXA script for enumerating running processes, printed out in a json, parent-child tree.
  ☆14Jan 28, 2022Updated 4 years ago
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• its-a-feature / loginItemManipulator

  View on GitHub
  ☆15May 26, 2021Updated 4 years ago
• forensicxlab / volatility3_plugins

  View on GitHub
  ☆25Jul 23, 2024Updated last year
• vastlimits / esmat

  View on GitHub
  macOS Endpoint Security Message Analysis Tool
  ☆47Jan 31, 2022Updated 4 years ago
• its-a-feature / Orchard

  View on GitHub
  JavaScript for Automation (JXA) tool to do Active Directory enumeration.
  ☆107Feb 19, 2022Updated 4 years ago
• antman1p / PrintTCCdb

  View on GitHub
  JXA script for Mythic that prints the TCC.db
  ☆15Apr 18, 2021Updated 5 years ago
• 0xe7 / EventSniper

  View on GitHub
  ☆20Nov 6, 2023Updated 2 years ago
• romainthomas / visionOS-liblockdown

  View on GitHub
  Code lifting for executing a visionOS library os macOS using QBDL and QBDI
  ☆22Sep 30, 2024Updated last year
• theevilbit / DuckDockTile

  View on GitHub
  ☆17Sep 29, 2023Updated 2 years ago
• cedowens / Spotlight-Enum-Kit

  View on GitHub
  JXA and swift code that can perform some macOS situational awareness without generating TCC prompts.
  ☆40Apr 20, 2022Updated 4 years ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• cedowens / Dylib_Runner

  View on GitHub
  Swift code to run a dylib on disk
  ☆16May 9, 2022Updated 3 years ago
• r3ggi / electroniz3r

  View on GitHub
  Take over macOS Electron apps' TCC permissions
  ☆225Aug 12, 2023Updated 2 years ago
• CylanceVulnResearch / osx_runbin

  View on GitHub
  ☆68Nov 15, 2022Updated 3 years ago
• mhaskar / Octopus-C2-RedTeam-infrastructure-automation

  View on GitHub
  ☆22May 29, 2020Updated 5 years ago
• idnahacks / NetCeasePlusPlus

  View on GitHub
  Takes the original idea of NetCease and adds functionality
  ☆24Feb 6, 2022Updated 4 years ago
• Brandon7CC / mac-monitor

  View on GitHub
  "The missing ProcMon for macOS": Mac Monitor records Endpoint Security events and displays them for analysis.
  ☆1,298Apr 7, 2026Updated 3 weeks ago
• theevilbit / macos

  View on GitHub
  ☆34Jun 12, 2024Updated last year
• richiercyrus / Venator-Swift

  View on GitHub
  Swift Command line tool used for proactive detection of malicious activity on macOS systems.
  ☆67Jul 1, 2020Updated 5 years ago
• dhinakg / apple-knowledge

  View on GitHub
  A collection of reverse engineered Apple formats
  ☆13Sep 9, 2025Updated 7 months ago
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• SuprHackerSteve / Crescendo

  View on GitHub
  Crescendo is a swift based, real time event viewer for macOS. It utilizes Apple's Endpoint Security Framework.
  ☆1,076Jul 22, 2021Updated 4 years ago
• 0xmachos / apps-behaving-badly

  View on GitHub
  List of legitimate macOS apps doing not great things
  ☆35Feb 11, 2022Updated 4 years ago
• zodiacon / KernelObjectView

  View on GitHub
  View handles and object for each object type
  ☆67Sep 1, 2019Updated 6 years ago
• sensepost / thumbscr-ews

  View on GitHub
  Exchangelib wrapper for pentesting
  ☆68Feb 17, 2025Updated last year
• thecatenjoyer / singlestep_xorstub

  View on GitHub
  Stub for polymorphic code
  ☆11Mar 18, 2023Updated 3 years ago
• norio-nomura / high-sierra-vm-installer-fix

  View on GitHub
  Fix for creating macOS High Sierra VMs using VMware Fusion 8.x
  ☆13Jun 8, 2017Updated 8 years ago
• VeroFess / Showdown

  View on GitHub
  A universal anti-cheat tool for windows/macOS/linux. Only x64 programs are supported.
  ☆20Feb 19, 2023Updated 3 years ago