LOOBins is a comprehensive resource detailing macOS built-in binaries that threat actors can misuse, aiding cybersecurity professionals in detection and defense.
Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS binaries and how they can be used by threat actors for malicious purposes.
This tool is primarily used by cybersecurity professionals, threat hunters, and red teamers to understand how native macOS binaries can be exploited for malicious purposes such as command execution, persistence, and privilege escalation. It serves as a reference to identify, detect, and mitigate threats leveraging these binaries in macOS environments.
LOOBins is a continuously evolving project that relies on community contributions to stay current with new macOS binaries and use cases; users should regularly update their local copies and monitor the web app for the latest information. It is complementary to GTFOBins, which covers Unix binaries, so users should consult both for comprehensive coverage.
Clone the repository from GitHub: git clone https://github.com/infosecB/LOOBins.git
Refer to the PyLOOBins documentation for SDK/CLI installation steps
Install PyLOOBins via pip (implied from badge): pip install pyloobinspyloobins --help
Displays help and usage information for the PyLOOBins CLI tool
pyloobins search <binary_name>
Searches the LOOBins database for information on a specific macOS binary
curl https://loobins.io/api/v1/loobins
Fetches the list of all LOOBins via the JSON API