its-a-feature
Follow
-
-
Mythic Public
A collaborative, multi-platform, red teaming framework
-
CS-Remote-OPs-BOF Public
Forked from sliverarmory/CS-Remote-OPs-BOFC GNU General Public License v2.0 UpdatedFeb 13, 2025 -
dylight Public
Forked from Fitretech-Security/dylightmacOS dylib stager
-
ReflectiveLoader Public
Forked from pwardle/ReflectiveLoaderA Reflective Loader for macOS
-
macos-popups Public
Catalog Red Team techniques that cause popups in various macOS versions
-
macos_execute_from_memory Public
PoC of macho loading from memory
-
offensive_macos Public
Tracking of offensive macOS tooling, blogs, and related helpful information
-
cobalt_sync Public
Forked from GhostManager/cobalt_syncStandalone Cobalt Strike operation logging Aggressor script for Ghostwriter 2.0+
BSD 3-Clause "New" or "Revised" License UpdatedApr 8, 2024 -
JXA_Proc_Tree Public
Forked from antman1p/JXA_Proc_TreeA JXA script for enumerating running processes, printed out in a json, parent-child tree.
-
electroniz3r Public
Forked from r3ggi/electroniz3rTake over macOS Electron apps' TCC permissions
-
dylibHijackScanner Public
Objective C dylibHijackScanner and analysis tool
-
bifrost Public
Objective-C library and console to interact with Heimdal APIs for macOS Kerberos
-
Mystikal Public
Forked from D00MFist/MystikalmacOS Initial Access Payload Generator
-
-
LockSmith Public
ObjectiveC CLI tool for interacting with macOS Keychain
-
SwiftInMemoryLoading Public
Forked from slyd0g/SwiftInMemoryLoadingSwift implementation of in-memory Mach-O loading on macOS
-
TCC-ClickJacking Public
Forked from breakpointHQ/TCC-ClickJackingA proof of concept for a clickjacking attack on macOS.
-
Orchard Public
JavaScript for Automation (JXA) tool to do Active Directory enumeration.
-
HealthInspector Public
JXA situational awareness helper by simply reading specific files on a filesystem
-
CSOps Public
Forked from axelexic/CSOpsUtility to manipulate codesigned application in Mac OS X. Demonstrate the use of csops system call.
-
tamatoa Public
Forked from usiegl00/tamatoaIf you have any questions, please open an issue.
Ruby The Unlicense UpdatedDec 13, 2021 -
-
macos_shell_memory Public
Forked from djhohnstein/macos_shell_memoryExecute MachO binaries in memory using CGo
-
macOSCameraCapture Public
Simple CLI utility to save off an image from every webcam hooked into a mac
-
PoshC2 Public
Forked from nettitude/PoshC2A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.
-
PrintTCCdb Public
Forked from antman1p/PrintTCCdbJXA script for Mythic that prints the TCC.db
-
KnockKnock Public
Forked from objective-see/KnockKnockEnumerate persistently installed software
-
chronology Public
Forked from SpecterOps/chronologySpecterOps Historical Records
-
CursedChrome Public
Forked from mandatoryprogrammer/CursedChromeChrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies, allowing you to browse sites as your victims.