There are no reviews yet. Be the first to send feedback to the community and the maintainers!
SwiftBelt
A macOS enumeration tool inspired by harmjoy's Windows-based Seatbelt enumeration tool. Author: Cedric OwensC2-JARM
A list of JARM hashes for different ssl implementations used by some C2/red team tools.MacC2
python-based Mac Command and Control that uses internal API calls instead of command line utilities. Author: Cedric OwensMacShellSwift
Proof of concept MacOS post exploitation tool written in Swift. Designed as a POC for blue teams to build macOS detections. Author: Cedric OwensSwift-Attack
Unit tests for blue teams to aid with building detections for some common macOS post exploitation methods.EntitlementCheck
Scripts (python3 and Swift) for macOS to recursively check /Applications and also check /usr/local/bin, /usr/bin, and /usr/sbin for binaries with problematic/interesting entitlements. Also checks for hardened runtime enablementInject_Dylib
Swift code to programmatically perform dylib injectionMod_Rewrite_Automation
Scripts to automate standing up apache2 with mod_rewrite in front of C2 servers.Mythic-Macro-Generator
Python3 script to generate a macro to launch a Mythic payload. Author: Cedric OwensSwiftBelt-JXA
JXA implementation of some SwiftBelt functions. Author: Cedric OwensSpotlight-Enum-Kit
JXA and swift code that can perform some macOS situational awareness without generating TCC prompts.Persistent-Swift
A Swift port of some of the original PersistentJXA projects by D00MFist. Original PersistentJXA repo: https://github.com/D00MFist/PersistentJXAEvilOSX_MacroGenerator
Python3 script to generate Office macros for the EvilOSX framework. Author: Cedric OwensJXA-Runner
Swift code to programmatically execute local or hosted JXA payloads from Terminal without using the on-disk osascript binary.Presentations
Collection of Slides From My Conference Talksaws_key_triage_tool
Script to automate initial triage/enumeration on a set of aws keys in an input file.aws-cli-notes
A combined list of helpful awscli commands from Scott Piper's flaws.cloud exercise as well as from Beau Bullock's Breaching the Cloud TrainingDump-Chrome-Cookies
Repo with a modified version of CookieBro and scripts to leverage it to dump Chrome cookiesTerraform_DigitalOcean_Scripts
Scripts to automate standing up C2 infra with firewall settings inside of DigitalOcean.Helpful_aws-scripts
python3 scripts to help with aws triage needsJXA-RemoveQuarantine
JXA script based on research by Jeff Johnson on leveraging TextEdit to remove quarantine attributes on files. Jeff's original research is here: https://lapcatsoftware.com/articles/sandbox-escape.htmlDylib_Runner
Swift code to run a dylib on diskC2_Cradle
Tool to download, install, and run macOS capable command & control servers (i.e., C2s with macOS payloads/clients) as docker containers from a list of options. This is helpful for automating C2 server setup.docker-arsenal
Spins up a docker container with several useful tools for offensive security in macOS/cloud environments. Also installs the needed dependencies for each tool/utility during docker setup.keygrabber
Automation for grabbing keys from a Linux host. Useful during red team exercises to quickly help assess what access to a Linux host can lead to.Linode_Terraform_Scripts
Scripts to automate standing up hosts in LinodemacOS-browserhist-parser
Swift code to parse the quarantine history database, Chrome history database, Safari history database, and Firefox history database on macOS.SimpleC2_Server
POC for a basic C2 server using the python aiohttp frameworkHELK-automation
Scripts to automate HELK server standup in Digital Ocean and filebeat on macOS to help automation of sending endpoint security logs from macOS hosts into HELK for building detections contentGitlab-Searcher
python3 script that pulls gitlab data of interest using a gitlab personal access tokenAdd-To-TCC-DB
A JXA script that leverages sqlite3 API calls to add items to the user's TCC database at: ~/Library/Application Support/com.apple.TCC/TCC.dbRolling_Op_Metrics
Skeleton spreadsheet to track rolling red team operation metrics.ioreg-and-sysctl-examples
Examples of programmatically interacting with ioreg and sysctl to query system infoJenkins_Hunter_CSharp
C# implementation of my original Jenkins Hunter script (orig in python). It uses threading to search for unauthenticated Jenkins instances on ports 8080, 80, and 443. Author: Cedric OwensJXA-Firefox
JXA Scripts for extracting data from Firefoxzshrc-persist-JXA
JXA script to add a macho binary to ~/.zshrc for persistencePICT-Swift
A Swift (and slightly modified) version of Thomas Reed's PICT (Post Infection Collection Toolkit)GoBelt
Golang programmatically invoking my SwiftBelt-JXA macOS system enumerator project (Golang running SwiftBelt-JXA via cgo)AV_Enum_JXA
JXA code to enumerate security software on a macOS hostLocalAdminChecker
Threaded C# code that uses wmic to quickly check a host's /24 subnet for other hosts the current user has local admin access to. Author: Cedric Owensokta-sprayer
Python3 Script to perform a password spray against an okta instanceMetadata_URLs
List of some cloud metadata URLs that return interesting infodns-TXT-exfil-test
Simple client/server in golang to help with testing data exfil detections over DNS TXT recordsfind_chrome_tab
For those of us with too many Chrome tabs open on macOS ๐ณ...this is a simple applescript to search all tab titles and urls across all Chrome browser windows for a match string and if found it sets that as the active tab. ๐kube-unauth-exec-hunter
Python3 script to check a subnet range for kubernetes nodes allowing system:anonymous API command access. Author: Cedric OwensPhishDifficultyScorer
python3 script that rates the difficulty of a given phishing exercise. Author: Cedric Owensgitleaks-wrapper
Simple wrapper around gitleaks to enumerate publicly facing repos belonging to an org and then run gitleaks against each in search of exposed secrets/keys.JAMF_Runner
A wrapper around the on disk jamf binary (for JAMF managed macOS hosts). Useful for unit testing detections of offensive jamf host-based commands.JenkinsHunter
python3 script that searches a network range for instances of unauthenticated Jenkins hosts. Author: Cedric Owensdns-exfil-test
chromedp-remotedebugger-example
An example of how to use chromedp to run Chrome headless with the remote debugger port programmatically (is still a wrapper around the Chrome binary)SituationalAwarenessTool
C# tool that uses .net to provide situational awareness on a Windows host.modified-tcc-clickjack
modified version of Ron Masas's TCC-Clickjack Swift projectPage-Finder
python3 script that searches a network range for hosts hosting interesting pages that an attacker can leverage. Author: Cedric Owenspritunl-vpn-setup-automation
Bash + terraform scripts to automate standing up pritunl VPN servers.AD-Threaded-Port-Sweeper
C# Code to dump all AD computers and then quickly sweep for a given port.DGA-test
simple code to help with DGA nxdomain response testinghttp-uri-test
SlackXtract
Swift code to extract available slack information from macOS hosts. Automates steps identified in Cody Thomas' post: https://posts.specterops.io/abusing-slack-for-offensive-operations-2343237b9282Love Open Source and this site? Check out how you can help us