• Stars
    star
    7
  • Rank 2,294,772 (Top 46 %)
  • Language
    Go
  • Created about 4 years ago
  • Updated about 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Small utility to hash EvilQuest code and cstrings sections

More Repositories

1

MachOView

MachOView fork
C
2,495
star
2

Gdbinit

Gdbinit for OS X, iOS and others - x86, x86_64 and ARM
1,596
star
3

lldbinit

A gdbinit clone for LLDB
Python
325
star
4

firmware_vault

A repo for all Apple EFI firmware files
255
star
5

readmem

A small OS X/iOS userland util to dump processes memory
C
218
star
6

onyx-the-black-cat

Kernel extension to disable anti-debug tricks and other useful XNU "features"
C
209
star
7

rootfool

A small tool to dynamically disable and enable SIP in El Capitan
C
163
star
8

EFISwissKnife

An IDA plugin to improve (U)EFI reversing
C++
142
star
9

HexRaysDeob

Hex-Rays OLLVM Deobfuscator and MicroCode Explorer
C++
118
star
10

hydra

A kernel extension and userland daemon to patch applications
C
104
star
11

otool-ng

Some improvements to Apple's otool.
C
100
star
12

gopher

A OS X crypto ransomware PoC
C
90
star
13

mach_race

Exploit code for CVE-2016-1757
C
81
star
14

efi_dxe_emulator

EFI DXE Emulator and Interactive Debugger
C
79
star
15

pydbg64

PyDBG64 - OS X PyDbg with 64 bits support
C
68
star
16

osx_boubou

A PoC Mach-O infector via library injection
C
64
star
17

mpress_dumper

MPRESS dumper for OS X
Assembly
64
star
18

gimmedebugah

A small utility to inject a Info.plist into binaries.
C
57
star
19

gdb-ng

Apple's gdb fork with some fixes and enhancements
C
54
star
20

ExtractMachO

IDA plugin to extract Mach-O binaries located in the disassembly or data
C
54
star
21

Gatekeerper

A kernel extension to mitigate Gatekeeper bypasses
C
48
star
22

kextstat_aslr

Implementation of kexstat via /dev/kmem with kernel ASLR support
C
38
star
23

can_I_suid

A TrustedBSD module to control execution of binaries with suid bit set
C
37
star
24

crackme_nr1

fG!'s crackme #1 source code
C
36
star
25

bruteforcesysent

Small util to discover OS X sysent via bruteforce
C
33
star
26

tcplognke

Apple's tcplognke code sample
C
29
star
27

TELoader

A TE executable format loader for IDA
C
28
star
28

unicorn_string_deobfuscator

A Unicorn based emulator to deobfuscate Equation Group string XOR obfuscation
C
27
star
29

mario

The kernel component of rootpipe fix for Mavericks
C
27
star
30

adium-ng-preview

Repo to dump some preview info and builds for adium-ng
27
star
31

MicrocodeExplorer

Hex-Rays MicrocodeExplorer
C++
26
star
32

readkmem

small utility to dump kernel memory
C
25
star
33

rex_versus_the_romans

Anti Hacking Team TrustedBSD module
C
25
star
34

readphysmem

A small utility to read and write to Macs physical memory using default AppleHWAccess.kext.
Objective-C
25
star
35

llvmpatches

Misc llvm patches
CMake
22
star
36

hello_santa_bye_santa

Bypass Google's Santa
C
21
star
37

fixobjc

IDA IDC script to improve Objective-C disassembly output
21
star
38

checkidt

Small util to dump the IDT table of a running OS X system with kmem enabled
C
20
star
39

armorysandbox

A USB armory based USB sandbox
Makefile
20
star
40

MachOPlugin

IDA plugin to Display Mach-O headers
C
19
star
41

icetheguardianv2

A TrustedBSD module PoC to monitor writes to Daemons and Agents folders
C
19
star
42

diagnostic_service

OS X rootkit loader version #1
C++
18
star
43

kgmacros

Fixed kgmacros to work with VMware kernel gdb stub
17
star
44

ExtractMacho2

IDA plugin to extract Mach-O binaries located in the disassembly or data
C++
17
star
45

syscall-benchmark

macOS syscall performance benchmark
Assembly
16
star
46

av-monster

PoC kext to disable OS X anti-virus software
C
15
star
47

luigi

The userland component of rootpipe fix for Mavericks
Objective-C
14
star
48

carbon_copy_cloner_keychaingen

A keygen for Carbon Copy Cloner private keychain
Objective-C
14
star
49

Crisis-Analysis-Tools

Scripts and other material related to OS.X/Crisis malware analysis
C
13
star
50

diagnostic_service2

OS X rootkit loader version #2
C++
12
star
51

calcspace

Small util to calculate available free space in mach-o binaries for code injection
C
12
star
52

idc-scripts

Random collection of IDA's IDC scripts
11
star
53

Disable-m3u

iTunes plugin to disable creation of m3u playlists
C
11
star
54

rexthewonderdog

A lazy PoC for implementing backdoors in OS X TrustedBSD Mac framework.
C
10
star
55

fuckyouilfak

A IDA Pro 9.0 Beta 2 macOS x86 Fix Loader
C
10
star
56

delambert

GreenLambert macOS IDA plugin to deobfuscate strings
C++
10
star
57

GiveMeHex

A quick IDA hack to get addresses with 0x prefix
C++
9
star
58

twitterwipe

A Go utillty to delete your Twitter history
Go
9
star
59

how_crap_is_ida

An IDA plugin to compare IDA detected functions output versus LC_FUNCTION_STARTS information
C++
9
star
60

keygen_CrackMe_nr1_qwertyoruiop

Keygen for qwertyoruiop's CrackMe nr1
C
7
star
61

spiflash

Very fast reader for SPI flashes for Teensy 2.x.
C
7
star
62

bpf_dbg_output

Small tool to convert bpf binary bytecode to bpf_dbg format
C
7
star
63

evilquest_deobfuscator

EvilQuest/ThiefQuest malware strings decrypter/deobfuscator
Go
6
star
64

icetheguardian

A PoC to protect critical OS X files using TrustedBSD Mac framework.
C
5
star
65

SMBIOSKeygen

macserial and GenSMBIOS merged and ported to Go
Go
4
star
66

yage

An age fork with internal Yubikeys support
Go
2
star
67

snake_queue_parser

A decryptor for Snake/Turla configuration files
Objective-C
2
star
68

Mach-O-Lib

Library to access and manipulate Mach-O headers
1
star
69

macserial

macserial Go module
1
star