cedowens / SwiftBelt
A macOS enumeration tool inspired by harmjoy's Windows-based Seatbelt enumeration tool. Author: Cedric Owens
☆315Updated 2 years ago
Related projects: ⓘ
- macOS persistence tool☆221Updated 2 years ago
- Collection of macOS persistence methods and miscellaneous tools in JXA☆260Updated last year
- macOS Initial Access Payload Generator☆280Updated 8 months ago
- macOS Offensive Tools☆258Updated 11 months ago
- Objective-C library and console to interact with Heimdal APIs for macOS Kerberos☆138Updated last year
- Tracking of offensive macOS tooling, blogs, and related helpful information☆146Updated 3 years ago
- Unit tests for blue teams to aid with building detections for some common macOS post exploitation methods.☆103Updated last year
- Proof of concept MacOS post exploitation tool written in Swift. Designed as a POC for blue teams to build macOS detections. Author: Cedri…☆114Updated 3 years ago
- Scripts (python3 and Swift) for macOS to recursively check /Applications and also check /usr/local/bin, /usr/bin, and /usr/sbin for binar…☆90Updated 2 years ago
- Swift 5 macOS agent☆98Updated last month
- Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" ma…☆420Updated 2 weeks ago
- ☆113Updated this week
- Swift Command line tool used for proactive detection of malicious activity on macOS systems.☆68Updated 4 years ago
- ☆99Updated 3 years ago
- Payload designed for targeting Jamf enrolled devices.☆35Updated last year
- ObjectiveC CLI tool for interacting with macOS Keychain☆71Updated last year
- macOS .DS_Store Parser☆60Updated 3 years ago
- [⛔️ Deprecated] Venator is a python tool used to gather data for proactive detection of malicious activity on macOS devices.☆174Updated 4 years ago
- ☆204Updated 2 weeks ago
- JXA situational awareness helper by simply reading specific files on a filesystem☆66Updated 2 years ago
- NTLMRawUnhide.py is a Python3 script designed to parse network packet capture files and extract NTLMv2 hashes in a crackable format. The …☆300Updated 10 months ago
- Determine the Palo Alto PAN-OS software version of a remote GlobalProtect portal or management interface.☆118Updated 2 months ago
- Interact with Chromium-based browsers' debug port to view open tabs, installed extensions, and cookies☆152Updated last year
- Adversary Simulators High-Fidelity Intelligence and Reporting Toolkit☆151Updated this week
- A proof of concept for a clickjacking attack on macOS.☆92Updated 7 months ago
- JavaScript for Automation (JXA) tool to do Active Directory enumeration.☆97Updated 2 years ago
- Post-Infection Collection Toolkit☆93Updated last year
- Enumerate valid usernames from Office 365 using ActiveSync, Autodiscover v1, or office.com login page.☆231Updated 4 months ago
- ☆348Updated last month
- Mapping XProtect's obfuscated malware family names to common industry names.☆82Updated 4 months ago