Alternatives and similar repositories for esfriend

Users that are interested in esfriend are comparing it to the libraries listed below

• buzzer-re / whoexec

  View on GitHub
  Discover which process execute a hunted binary inside macOS
  ☆27Dec 15, 2021Updated 4 years ago
• OpenCTI-Platform / splunk-add-on

  View on GitHub
  OpenCTI Add-On for Splunk
  ☆13Jan 13, 2026Updated last month
• bradleyjkemp / sigma-esf

  View on GitHub
  Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework
  ☆22Jan 22, 2021Updated 5 years ago
• knightsc / EndpointSecurity

  View on GitHub
  A module to expose the Endpoint Security library to Swift
  ☆20Jul 10, 2019Updated 6 years ago
• antman1p / JXA_Proc_Tree

  View on GitHub
  A JXA script for enumerating running processes, printed out in a json, parent-child tree.
  ☆14Jan 28, 2022Updated 4 years ago
• mac4n6 / FSEventsParser

  View on GitHub
  Parser fo macOS/iOS FSEvents Logs
  ☆42May 6, 2024Updated last year
• its-a-feature / loginItemManipulator

  View on GitHub
  ☆15May 26, 2021Updated 4 years ago
• antman1p / PrintTCCdb

  View on GitHub
  JXA script for Mythic that prints the TCC.db
  ☆15Apr 18, 2021Updated 4 years ago
• antman1p / GD-Thief

  View on GitHub
  Red Team tool for exfiltrating files from a target's Google Drive that you have access to, via Google's API.
  ☆59Sep 2, 2021Updated 4 years ago
• slyd0g / SwiftParseTCC

  View on GitHub
  Use "Full Disk Access" permissions to read the contents of TCC.db and display it in human-readable format
  ☆40Jul 27, 2021Updated 4 years ago
• cedowens / JXA-Runner

  View on GitHub
  Swift code to programmatically execute local or hosted JXA payloads from Terminal without using the on-disk osascript binary.
  ☆23Apr 22, 2021Updated 4 years ago
• redteam-dev / wiki

  View on GitHub
  List of Red Team Repositories
  ☆17Feb 26, 2019Updated 6 years ago
• jamf / aftermath

  View on GitHub
  Aftermath is a free macOS IR framework
  ☆569Sep 25, 2025Updated 4 months ago
• l0psec / arm64_macOS_Syscalls

  View on GitHub
  ☆56Jul 1, 2024Updated last year
• Caprico1 / Docker-Botnets

  View on GitHub
  All docker botnets acrued since early 2018 .... as of 2025 there is a stall in actors...tbd if updates beyond JAN 2025 will continue.
  ☆22Jan 11, 2025Updated last year
• r3ggi / electroniz3r

  View on GitHub
  Take over macOS Electron apps' TCC permissions
  ☆220Aug 12, 2023Updated 2 years ago
• WithSecureLabs / ESFang

  View on GitHub
  ESF modular ingestion tool for development and research.
  ☆37Dec 21, 2021Updated 4 years ago
• ydkhatri / nska_deserialize

  View on GitHub
  NSKeyedArchive plist deserializer
  ☆29Sep 13, 2024Updated last year
• richiercyrus / Venator-Swift

  View on GitHub
  Swift Command line tool used for proactive detection of malicious activity on macOS systems.
  ☆67Jul 1, 2020Updated 5 years ago
• kohnakagawa / cidre-vm

  View on GitHub
  Software installation scripts for macOS systems that allows you to setup a Virtual Machine (VM) for reverse engineering macOS malware
  ☆38Jun 26, 2025Updated 7 months ago
• muchdogesec / obstracts

  View on GitHub
  Turn any blog into structured threat intelligence.
  ☆51Feb 5, 2026Updated last week
• theevilbit / macos

  View on GitHub
  ☆33Jun 12, 2024Updated last year
• PhorionTech / Kronos

  View on GitHub
  Phorion Kronos is a macOS security tool designed to enhance Apple's Transparency Consent and Control (TCC) security and privacy mechanism…
  ☆79Nov 21, 2023Updated 2 years ago
• cedowens / Spotlight-Enum-Kit

  View on GitHub
  JXA and swift code that can perform some macOS situational awareness without generating TCC prompts.
  ☆40Apr 20, 2022Updated 3 years ago
• mav8557 / Father

  View on GitHub
  LD_PRELOAD rootkit
  ☆138Feb 29, 2024Updated last year
• cedowens / SwiftBelt

  View on GitHub
  A macOS enumeration tool inspired by harmjoy's Windows-based Seatbelt enumeration tool. Author: Cedric Owens
  ☆341Apr 28, 2022Updated 3 years ago
• sapph2c / bifrost

  View on GitHub
  A Flask-based HTTP(S) command and control (C2) with a web frontend. Malleable agent written in Go.
  ☆36Aug 12, 2023Updated 2 years ago
• themittenmac / threat-hunting-macos-book

  View on GitHub
  A companion Github repo for the book - Threat Hunting macOS by Jaron Bradley
  ☆17Jul 26, 2025Updated 6 months ago
• digital-promise / badge-engine

  View on GitHub
  This repository is for code and documentation for Badge Engine, a Digital Promise technology
  ☆17Dec 22, 2025Updated last month
• MythicAgents / typhon

  View on GitHub
  Payload designed for targeting Jamf enrolled devices.
  ☆39May 19, 2023Updated 2 years ago
• tonghuaroot / Awesome-macOS-Red-Teaming

  View on GitHub
  List of Awesome macOS Red Teaming Resources.
  ☆241Apr 15, 2022Updated 3 years ago
• adulau / hashlookup-server

  View on GitHub
  Fast lookup server for NSRL and other hash database used in digital forensic
  ☆48Jan 26, 2026Updated 2 weeks ago
• cedowens / SwiftBelt-JXA

  View on GitHub
  JXA implementation of some SwiftBelt functions. Author: Cedric Owens
  ☆46Jun 22, 2023Updated 2 years ago
• ree4pwn / my-nuclei-templates

  View on GitHub
  ☆11Dec 5, 2020Updated 5 years ago
• ait-cs-IaaS / Taranis-NG

  View on GitHub
  Taranis NG is an OSINT gathering and analysis tool for CSIRT teams and organisations. It allows team-to-team collaboration, and contains …
  ☆10Oct 17, 2023Updated 2 years ago
• 649 / Vendont-Scraper

  View on GitHub
  Vendont is a Venmo transaction finder/scraper. It uses Venmo's own public API system to fetch all transactions at a given time.
  ☆10Jun 16, 2019Updated 6 years ago
• michiel / docker-compose-splunk-fluentbit

  View on GitHub
  Integration of fluent-bit and Splunk using the HTTP Event Collector (Splunk HEC)
  ☆10Oct 16, 2018Updated 7 years ago
• karthikgenius / YaraCapper

  View on GitHub
  YARA rule-based automation system to detect network attacks at byte-level
  ☆13May 12, 2021Updated 4 years ago
• CodeTriangle / Perplexicon

  View on GitHub
  A conlang lexicon software made in Python
  ☆13Aug 24, 2025Updated 5 months ago