Alternatives and similar repositories for machofile

Users that are interested in machofile are comparing it to the libraries listed below

• l0psec / arm64_macOS_Syscalls

  View on GitHub
  ☆56Jul 1, 2024Updated last year
• Permiso-io-tools / DetentionDodger

  View on GitHub
  ☆18Jan 31, 2025Updated last year
• captainGeech42 / synapse-sinkdb

  View on GitHub
  Synapse Rapid Power-up for SinkDB
  ☆11Jun 24, 2025Updated 7 months ago
• domenukk / dragondance

  View on GitHub
  Binary code coverage visualizer plugin for Ghidra - just without crashes on unknown insns
  ☆20Nov 2, 2024Updated last year
• cedowens / Dylib_Runner

  View on GitHub
  Swift code to run a dylib on disk
  ☆16May 9, 2022Updated 3 years ago
• SentineLabs / macos-ttps-yara

  View on GitHub
  A ruleset to find potentially malicious code in macOS malware samples
  ☆40Aug 29, 2023Updated 2 years ago
• g-les / macho_similarity

  View on GitHub
  Conceptual Methods for Finding Commonalities in Macho Files
  ☆12Mar 21, 2024Updated last year
• xpcmdshell / electron-probe

  View on GitHub
  Electron-Probe leverages the Node variant of the Chrome Debugging Protocol to execute JavaScript payloads inside of target Electron appli…
  ☆31Jan 13, 2026Updated last month
• HexHive / GlobalConfusion

  View on GitHub
  TrustZone Trusted Application 0-Days by Design
  ☆25May 9, 2025Updated 9 months ago
• PhorionTech / Kronos

  View on GitHub
  Phorion Kronos is a macOS security tool designed to enhance Apple's Transparency Consent and Control (TCC) security and privacy mechanism…
  ☆79Nov 21, 2023Updated 2 years ago
• isec-tugraz / KernelSnitch

  View on GitHub
  ☆27Nov 30, 2024Updated last year
• bradleyjkemp / sigma-esf

  View on GitHub
  Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework
  ☆22Jan 22, 2021Updated 5 years ago
• 0xmachos / macOS-Security-Research

  View on GitHub
  macOS Security Research
  ☆122Mar 15, 2024Updated last year
• AdnaneKhan / ActionsCacheBlasting

  View on GitHub
  Proof-of-concept code for research into GitHub Actions Cache poisoning.
  ☆21Mar 9, 2025Updated 11 months ago
• Beercow / DFIR_Toolbar

  View on GitHub
  ☆28Oct 15, 2025Updated 4 months ago
• fox-it / dissect.esedb

  View on GitHub
  A Dissect module implementing a parser for Microsofts Extensible Storage Engine Database (ESEDB), used for example in Active Directory, E…
  ☆24Nov 20, 2025Updated 2 months ago
• danielplohmann / mcrit

  View on GitHub
  The MinHash-based Code Relationship & Investigation Toolkit (MCRIT) is a framework created to simplify the application of the MinHash alg…
  ☆96Jan 13, 2026Updated last month
• R00tkitSMM / Pishi

  View on GitHub
  Pishi is a code coverage tool like kcov for macOS.
  ☆75Apr 17, 2025Updated 9 months ago
• gmatuz / npm-initial-access

  View on GitHub
  Easy to extend initial access scenario to help with EDR testing on Linux and Mac
  ☆26Mar 20, 2022Updated 3 years ago
• ait-cs-IaaS / Taranis-NG

  View on GitHub
  Taranis NG is an OSINT gathering and analysis tool for CSIRT teams and organisations. It allows team-to-team collaboration, and contains …
  ☆10Oct 17, 2023Updated 2 years ago
• buzzer-re / whoexec

  View on GitHub
  Discover which process execute a hunted binary inside macOS
  ☆27Dec 15, 2021Updated 4 years ago
• redr0nin / bloudstrike

  View on GitHub
  Linux CS bypass technique
  ☆32Feb 4, 2025Updated last year
• RobotOperator / Eve

  View on GitHub
  Eve is a JAMF exploitation toolkit used to interact with locally hosted JAMF servers and those hosted on jamfcloud.com.
  ☆41Sep 16, 2025Updated 4 months ago
• JosephTLucas / vger

  View on GitHub
  An interactive CLI application for interacting with authenticated Jupyter instances.
  ☆55May 7, 2025Updated 9 months ago
• antman1p / freyja

  View on GitHub
  Freyja is a Golang, Purple Team agent that compiles into Windows, Linux and macOS x64 executables.
  ☆44Oct 29, 2024Updated last year
• nodyhub / zipslipper

  View on GitHub
  Create tar/zip archives that try to exploit zipslip vulnerability.
  ☆48Sep 20, 2024Updated last year
• AndrewFasano / ghidra-unicorn

  View on GitHub
  Export a binary from ghidra to emulate with unicorn
  ☆27Oct 25, 2019Updated 6 years ago
• DuneGroup / ice-axe

  View on GitHub
  ☆23Sep 20, 2024Updated last year
• airbus-cert / dirtypipe-ebpf_detection

  View on GitHub
  An eBPF detection program for CVE-2022-0847
  ☆29Jul 5, 2022Updated 3 years ago
• sisoc-tokyo / mimikatz_detection

  View on GitHub
  ☆12Mar 24, 2018Updated 7 years ago
• horizon3ai / CVE-2025-64155

  View on GitHub
  CVE-2025-64155: Fortinet FortiSIEM Argument Injection to Remote Code Execution
  ☆30Jan 13, 2026Updated last month
• google / acjs

  View on GitHub
  ☆11Dec 19, 2024Updated last year
• axelexic / CSOps

  View on GitHub
  Utility to manipulate codesigned application in Mac OS X. Demonstrate the use of csops system call.
  ☆83Mar 21, 2024Updated last year
• jasonsford / intel_collector

  View on GitHub
  Python library to query various sources of threat intelligence for data on domains, file hashes, and IP addresses.
  ☆31Nov 6, 2023Updated 2 years ago
• xorrior / xpcutil

  View on GitHub
  Golang Tool to interact with Launchd and other services with XPC
  ☆29May 7, 2020Updated 5 years ago
• AdnaneKhan / ActionsTOCTOU

  View on GitHub
  Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)
  ☆35Jan 25, 2026Updated 3 weeks ago
• intrudir / burpcollaborator-docker

  View on GitHub
  A set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate in as simple a p…
  ☆30Nov 30, 2025Updated 2 months ago
• wh1te4ever / xnu_1day_practice

  View on GitHub
  ☆72Jan 29, 2026Updated 2 weeks ago
• Hackcraft-Labs / Fairplay

  View on GitHub
  Artifact monitoring that ensures fairplay
  ☆79Jan 29, 2025Updated last year