About LOOBins

LOOBins (Living Off the Orchard: macOS Binaries) is a community-driven project documenting macOS built-in binaries that can be used by threat actors for post-exploitation activities.

Inspired by projects like GTFOBins and LOLBAS, LOOBins focuses specifically on macOS and the unique binaries available in Apple's ecosystem.

What Makes LOOBins Different?

• Focuses exclusively on macOS-specific binaries
• Maps use cases to MITRE ATT&CK tactics
• Includes detection guidance for each technique
• Provides a Python SDK (PyLOOBins) for programmatic access
• Exports data in STIX 2.0 format for threat intelligence platforms

Contributing

LOOBins is open source and welcomes contributions. If you know of a macOS binary that can be abused by threat actors, please consider submitting a LOOBin entry.

See the Contributing Guide for details on how to submit new entries.