Light

ben3636 / osquery Goto Github PK

View Code? Open in Web Editor NEW

1.0 1.0 0.0 92.07 MB

Repo for me to play around with custom OSquery Packs :)

Shell 100.00%

osquery's Introduction

Hey there, you've found my stash of MacOS IR tools :)

This is a place where I publish my collection of tools, scripts, and queries that I use in incident response with MacOS endpoints.

These tools are designed to quickly scrape information about the machine and potential infection/persistence vectors

These queries use OSquery by Facebook so you'll need to install that to run these tools: https://osquery.io/downloads/official/5.1.0

Happy Hunting :)

-Ben

Demo Install & Results

Cargo Manifest

ir.sh
- This is the raw script that runs the show, use this is you want to pull it apart and see what makes it tick
MacOS Incident Response.app.zip
- This is the app version of the tool, this is just a shiny wrapper for the bash script that will be more friendly for less tech-savvy users

NOTE: If MacOS reports the app version of this tool as damaged, you'll need to open Terminal and run the following command to bypass GateKeeper. The app is self-signed and contains a shell script so MacOS will (as it should) do all it can to prevent you from clicking on dumb shit :)

xattr -cr ~/Downloads/MacOS\ Incident\ Response.app

osquery's People

Contributors

Stargazers

Watchers

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.