objective-see/sniffMK

Stars
211
Rank 182,960 (Top 4 %)
Language
Objective-C
License
GNU General Publi...
Created almost 7 years ago
Updated over 3 years ago

objective-see/sniffMK

objective-see

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

sniff mouse and keyboard events

sniffMK

sniffMK is a simple utility designed to sniff mouse and keyboard events on macOS. It is based on code from amit singh's website; (http://osxbook.com)

It was designed to facilitate malware analysis (specifically OSX/FruitFly which can simulate both mouse and keyboard events - see BlackHat/DefCon slides for details).

Run sniffMK, as root, to start sniffing events:

# ./sniffMK
mouse/keyboard sniffer
based on code from amit singh (http://osxbook.com)

event: left mouse down
x: 821.285156
y: 727.726562

event: left mouse up
x: 821.285156
y: 727.726562

event: key down
key modifiers: shift 
keycode: 0x4/h

event: key up
keycode: 0x4/h

event: key down
keycode: 0x22/i

event: key up
keycode: 0x22/i

....

event: key down
key modifiers: control 
keycode: 0x8/c

To only capture mouse events, execute sniffMK with the -mouse commandline argument.
Similarly, execute it with the -keyboard commandline argument to only capture keyboard events.

LuLu

LuLu is the free macOS firewall

BlockBlock

BlockBlock provides continual protection by monitoring persistence locations.

OverSight

OverSight monitors a mac's mic and webcam, alerting the user when the internal mic is activated, or whenever a process accesses the webcam.

ProcessMonitor

Process Monitor Library (based on Apple's new Endpoint Security Framework)

ProcInfo

process info/monitoring library for macOS

KnockKnock

Enumerate persistently installed software

ReiKey

Malware and other applications may install persistent keyboard "event taps" to intercept your keystrokes. ReiKey can scan, detect, and monitor for such taps!

FileMonitor

File Monitor Library (based on Apple's new Endpoint Security Framework)

Netiquette

Network Monitor

DoNotDisturb

Detect Evil Maid Attacks

WhatsYourSign

WhatsYourSign adds a menu item to Finder.app. Simply right-, or control-click on any file to display its cryptographic signing information!

Malware

macOS Malware Collection

DNSMonitor

A DNS Monitor, leveraging Apple's NEDNSProxyProvider/Network Extension Framework

DumpBTM

And open-source version of % sfltool dumpbtm

AuRevoir

View and remove notification messages from Apple's "Notification Database"

TaskExplorer

Visually explore all running tasks (processes) ....viewing its signature status, loaded dylibs, open files, network connection, and much more.

DylibHijackScanner

Scan your computer for applications that are either susceptible to dylib hijacking or have been hijacked.

RansomWhere

Generic ransomware detector

ProcInfoExample

example project, utilizing Proc Info library

fromAppStore

checks if an application is pristine (untampered) and from the official Mac App Store

KextViewr

View all modules on that are loaded in the OS kernel

objective-see

Mach-O

A (basic) Mach-O Library

LockDown

Audits and remediates security configuration settings (El Capitan)

TAOMM

The Art of Mac Malware

products

Objective-See's Products

Ostiarius

Blocks unsigned internet binaries from executing (El Capitan)