trailofbits/sinter

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/trailofbits/sinter)

trailofbits / sinter

A user-mode application authorization system for MacOS written in Swift

☆301

Alternatives and similar repositories for sinter

Users that are interested in sinter are comparing it to the libraries listed below

Sorting:

SuprHackerSteve / Crescendo
View on GitHub
Crescendo is a swift based, real time event viewer for macOS. It utilizes Apple's Endpoint Security Framework.
☆1,071Jul 22, 2021Updated 4 years ago
theevilbit / Shield
View on GitHub
An app to protect against process injection and suspicious file links on macOS
☆230May 19, 2021Updated 4 years ago
antman1p / JXA_Proc_Tree
View on GitHub
A JXA script for enumerating running processes, printed out in a json, parent-child tree.
☆14Jan 28, 2022Updated 4 years ago
cedowens / SwiftBelt-JXA
View on GitHub
JXA implementation of some SwiftBelt functions. Author: Cedric Owens
☆46Jun 22, 2023Updated 2 years ago
its-a-feature / loginItemManipulator
View on GitHub
☆15May 26, 2021Updated 4 years ago
antman1p / PrintTCCdb
View on GitHub
JXA script for Mythic that prints the TCC.db
☆15Apr 18, 2021Updated 4 years ago
objective-see / ProcessMonitor
View on GitHub
Process Monitor Library (based on Apple's new Endpoint Security Framework)
☆492Oct 20, 2023Updated 2 years ago
google / upvote_py2
View on GitHub
A multi-platform binary whitelisting solution
☆451Sep 29, 2021Updated 4 years ago
xorrior / macOSTools
View on GitHub
macOS Offensive Tools
☆270Sep 28, 2023Updated 2 years ago
richiercyrus / Venator
View on GitHub
[⛔️ Deprecated] Venator is a python tool used to gather data for proactive detection of malicious activity on macOS devices.
☆177Jul 1, 2020Updated 5 years ago
themittenmac / TrueTree
View on GitHub
A command line tool for pstree-like output on macOS with additional pid capturing capabilities
☆276Aug 23, 2024Updated last year
jevinskie / jevmachopp
View on GitHub
Modern C++, range-based Mach-O parser designed for embedded use. Uses stack allocations only.
☆34Oct 31, 2022Updated 3 years ago
theevilbit / macos
View on GitHub
☆33Jun 12, 2024Updated last year
0xmachos / apps-behaving-badly
View on GitHub
List of legitimate macOS apps doing not great things
☆35Feb 11, 2022Updated 4 years ago
groob / moroz
View on GitHub
Moroz is a Santa server
☆142May 19, 2025Updated 9 months ago
droe / xnumon
View on GitHub
monitor macOS for malicious activity
☆237Feb 5, 2025Updated last year
usnistgov / macos_security
View on GitHub
macOS Security Compliance Project
☆2,255Feb 18, 2026Updated last week
mwielgoszewski / SecureEnclaveToken
View on GitHub
A Secure Enclave Token Driver Smartcard Extension
☆61Dec 1, 2022Updated 3 years ago
google / santa
View on GitHub
A binary authorization and monitoring system for macOS
☆4,513Feb 5, 2025Updated last year
airbnb / rudolph
View on GitHub
A serverless sync server for Santa, built on AWS
☆105Jun 13, 2025Updated 8 months ago
slyd0g / SwiftInMemoryLoading
View on GitHub
Swift implementation of in-memory Mach-O loading on macOS
☆68Jul 19, 2022Updated 3 years ago
matteyeux / binja-import-header
View on GitHub
Small binja plugin to import header file to types
☆18Nov 11, 2022Updated 3 years ago
knightsc / EndpointSecurity
View on GitHub
A module to expose the Endpoint Security library to Swift
☆20Jul 10, 2019Updated 6 years ago
waderobson / gcs-auth
View on GitHub
Secure your munki repo in Google Cloud Storage
☆25Nov 21, 2022Updated 3 years ago
blacktop / darwin-webkit-build
View on GitHub
WebKit/JSC CodeQL Databases
☆17Dec 15, 2025Updated 2 months ago
its-a-feature / LockSmith
View on GitHub
ObjectiveC CLI tool for interacting with macOS Keychain
☆82Oct 10, 2022Updated 3 years ago
vastlimits / esmat
View on GitHub
macOS Endpoint Security Message Analysis Tool
☆47Jan 31, 2022Updated 4 years ago
google / restor
View on GitHub
Restor is a user-friendly application to (mass) image macOS computers from a single source
☆224Jan 31, 2020Updated 6 years ago
trailofbits / osquery-extensions
View on GitHub
osquery extensions by Trail of Bits
☆269Apr 12, 2023Updated 2 years ago
buzzer-re / whoexec
View on GitHub
Discover which process execute a hunted binary inside macOS
☆27Dec 15, 2021Updated 4 years ago
cedowens / SwiftBelt
View on GitHub
A macOS enumeration tool inspired by harmjoy's Windows-based Seatbelt enumeration tool. Author: Cedric Owens
☆340Apr 28, 2022Updated 3 years ago
cedowens / EntitlementCheck
View on GitHub
Scripts (python3 and Swift) for macOS to recursively check /Applications and also check /usr/local/bin, /usr/bin, and /usr/sbin for binar…
☆98Sep 14, 2022Updated 3 years ago
cedowens / Inject_Dylib
View on GitHub
Swift code to programmatically perform dylib injection
☆52Oct 29, 2022Updated 3 years ago
knightsc / Tracer
View on GitHub
macOS application that makes use of the EndpointSecurity framework
☆19Aug 1, 2019Updated 6 years ago
square / fde-rekey
View on GitHub
fde-rekey is a tool used to rotate/generate a macOS filevault2 personal recovery key without user interaction.
☆32Sep 25, 2017Updated 8 years ago
Brandon7CC / mac-monitor
View on GitHub
"The missing ProcMon for macOS": Mac Monitor records Endpoint Security events and displays them for analysis.
☆1,265Updated this week
A2nkF / unauthd
View on GitHub
A local privilege escalation chain from user to kernel for MacOS < 10.15.5. CVE-2020–9854
☆86Oct 15, 2020Updated 5 years ago
ReversecLabs / Jamf-Attack-Toolkit
View on GitHub
Suite of tools to facilitate attacks against the Jamf macOS management platform.
☆189Feb 10, 2021Updated 5 years ago
melomac / lsunregister
View on GitHub
CLI to batch deregister applications in macOS LaunchServices database
☆22May 18, 2017Updated 8 years ago