Alternatives and similar repositories for Venator-Swift

Users that are interested in Venator-Swift are comparing it to the libraries listed below

• antman1p / PrintTCCdb

  View on GitHub
  JXA script for Mythic that prints the TCC.db
  ☆15Apr 18, 2021Updated 4 years ago
• its-a-feature / loginItemManipulator

  View on GitHub
  ☆15May 26, 2021Updated 4 years ago
• ab2pentest / MacOSThreatTrack

  View on GitHub
  Bash tool used for proactive detection of malicious activity on macOS systems.
  ☆39Sep 29, 2025Updated 4 months ago
• buzzer-re / whoexec

  View on GitHub
  Discover which process execute a hunted binary inside macOS
  ☆27Dec 15, 2021Updated 4 years ago
• richiercyrus / Venator

  View on GitHub
  [⛔️ Deprecated] Venator is a python tool used to gather data for proactive detection of malicious activity on macOS devices.
  ☆177Jul 1, 2020Updated 5 years ago
• slyd0g / SwiftParseTCC

  View on GitHub
  Use "Full Disk Access" permissions to read the contents of TCC.db and display it in human-readable format
  ☆40Jul 27, 2021Updated 4 years ago
• cedowens / SwiftBelt

  View on GitHub
  A macOS enumeration tool inspired by harmjoy's Windows-based Seatbelt enumeration tool. Author: Cedric Owens
  ☆341Apr 28, 2022Updated 3 years ago
• antman1p / JXA_Proc_Tree

  View on GitHub
  A JXA script for enumerating running processes, printed out in a json, parent-child tree.
  ☆14Jan 28, 2022Updated 4 years ago
• cedowens / Spotlight-Enum-Kit

  View on GitHub
  JXA and swift code that can perform some macOS situational awareness without generating TCC prompts.
  ☆40Apr 20, 2022Updated 3 years ago
• jbradley89 / osx_incident_response_scripting_and_analysis

  View on GitHub
  Scripts from my book OS X Incident Response Scripting and Analysis -> https://www.amazon.com/dp/012804456X/ref=cm_sw_r_tw_dp_U_x_fQeLAb68…
  ☆50Sep 23, 2016Updated 9 years ago
• cedowens / MacShellSwift

  View on GitHub
  Proof of concept MacOS post exploitation tool written in Swift. Designed as a POC for blue teams to build macOS detections. Author: Cedri…
  ☆123Dec 27, 2020Updated 5 years ago
• its-a-feature / macos_execute_from_memory

  View on GitHub
  PoC of macho loading from memory
  ☆58Nov 18, 2024Updated last year
• FSecureLABS / CalendarPersist

  View on GitHub
  JXA script to allow programmatic persistence via macOS Calendar.app alerts.
  ☆44Oct 31, 2020Updated 5 years ago
• slyd0g / SwiftInMemoryLoading

  View on GitHub
  Swift implementation of in-memory Mach-O loading on macOS
  ☆68Jul 19, 2022Updated 3 years ago
• ydkhatri / spotlight_queries

  View on GitHub
  Queries for parsed spotlight database in sqlite
  ☆13Dec 29, 2020Updated 5 years ago
• Yamato-Security / suzaku-rules

  View on GitHub
  ☆11Dec 9, 2025Updated 2 months ago
• bradleyjkemp / sigma-esf

  View on GitHub
  Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework
  ☆22Jan 22, 2021Updated 5 years ago
• slyd0g / SwiftSpy

  View on GitHub
  macOS keylogger, clipboard monitor, and screenshotter
  ☆91Sep 1, 2021Updated 4 years ago
• LincolnLandForensics / HodgePodge

  View on GitHub
  /ˈhäjˌpäj/ "a confused mixture."
  ☆13Updated this week
• WesSec / VelociDeploy-o-Matic

  View on GitHub
  Scripts to for ready-to-use Velociraptor instance deployment in Azure
  ☆14Jun 27, 2023Updated 2 years ago
• ydkhatri / UnifiedLogReader

  View on GitHub
  A parser for Unified logging tracev3 files
  ☆97Jul 25, 2025Updated 6 months ago
• djhohnstein / macos_shell_memory

  View on GitHub
  Execute MachO binaries in memory using CGo
  ☆79May 24, 2021Updated 4 years ago
• PhorionTech / Kronos

  View on GitHub
  Phorion Kronos is a macOS security tool designed to enhance Apple's Transparency Consent and Control (TCC) security and privacy mechanism…
  ☆79Nov 21, 2023Updated 2 years ago
• themittenmac / TrueTree

  View on GitHub
  A command line tool for pstree-like output on macOS with additional pid capturing capabilities
  ☆275Aug 23, 2024Updated last year
• silverfort-open-source / latma

  View on GitHub
  ☆80Apr 18, 2023Updated 2 years ago
• cedowens / Swift-Attack

  View on GitHub
  Unit tests for blue teams to aid with building detections for some common macOS post exploitation methods.
  ☆109Oct 29, 2022Updated 3 years ago
• WithSecureLabs / ESFang

  View on GitHub
  ESF modular ingestion tool for development and research.
  ☆37Dec 21, 2021Updated 4 years ago
• invictus-ir / Sigma-AWS

  View on GitHub
  This repository contains the research and components of our research into using Sigma for AWS Incident Response.
  ☆31Jul 12, 2023Updated 2 years ago
• ydkhatri / jarp

  View on GitHub
  Just Another broken Registry Parser (JARP)
  ☆16May 23, 2024Updated last year
• cedowens / Dylib_Runner

  View on GitHub
  Swift code to run a dylib on disk
  ☆16May 9, 2022Updated 3 years ago
• OTRF / 2021-OceanLotus-workshop

  View on GitHub
  ☆19Aug 4, 2021Updated 4 years ago
• theevilbit / DuckDockTile

  View on GitHub
  ☆17Sep 29, 2023Updated 2 years ago
• D00MFist / PersistentJXA

  View on GitHub
  Collection of macOS persistence methods and miscellaneous tools in JXA
  ☆286Aug 3, 2023Updated 2 years ago
• mac4n6 / FSEventsParser

  View on GitHub
  Parser fo macOS/iOS FSEvents Logs
  ☆43May 6, 2024Updated last year
• XMCyber / MacHound

  View on GitHub
  ☆99Feb 16, 2021Updated 5 years ago
• ald3ns / XPR-dump

  View on GitHub
  Helper scripts to automate the extraction of YARA rules from XProtectRemediators
  ☆22Mar 5, 2024Updated last year
• cedowens / C2_Cradle

  View on GitHub
  Tool to download, install, and run macOS capable command & control servers (i.e., C2s with macOS payloads/clients) as docker containers f…
  ☆19Dec 29, 2020Updated 5 years ago
• cedowens / JXA-RemoveQuarantine

  View on GitHub
  JXA script based on research by Jeff Johnson on leveraging TextEdit to remove quarantine attributes on files. Jeff's original research is…
  ☆17Jan 31, 2021Updated 5 years ago
• cedowens / Presentations

  View on GitHub
  Collection of Slides From My Conference Talks
  ☆20Nov 21, 2022Updated 3 years ago