Skip to content

Swift Command line tool used for proactive detection of malicious activity on macOS systems.

License

Notifications You must be signed in to change notification settings

greatis/Reanimator-Swift

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

59 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Author: @rrcyrus

Major Contributor: @Airzero24

Venator-Swift is a Swift tool used for gathering data for the purpose of proactive macOS detection. Support for 10.13 and above. Happy Hunting!

Accompanying blog post: https://posts.specterops.io/introducing-venator-a-macos-tool-for-proactive-detection-34055a017e56

The tool needs root permissions to run, or else you will get the error message below.

Venator-Swift has a number of different features including the ability to upload host data to an Amazon S3 Bucket and enrich data using Virustotal.

  • By default, the resulting file will created in the /tmp directory. You can specify an alternate path by using the -o flag.
  • When uploading to S3 -r or --region refers to the region your bucket is in. Regions that are supported are specified here.
  • To obtain a Virustotal API key to be used with Venator-Swift, refer to the following documentation: https://developers.virustotal.com/reference
  • You can also specify modules you would like to run as opposed to the default action (which is to run all modules). A list of modules are below:
launchagents
launchdaemons
sip
gatekeeper
cronjobs
apps
bashhistory
zshhistory
loginitems
firefoxExtension
chromeExtension
installhistory
periodicscripts
connections
startupscripts
eventtap
kext

A notarized and signed version of Venator-Swift can be found under Releases. The installation package will place Venator in /usr/local/bin/. Alternatively, you can expand the package with the pkgutil command.

About

Swift Command line tool used for proactive detection of malicious activity on macOS systems.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Swift 100.0%