Living off the OrchardApple Script

A curated library of AppleScript and JXA atomic tests mapped to the MITRE ATT&CK® framework — helping security teams test and validate macOS defenses.

Browse ScriptsView on GitHub
2
Script Types
AppleScript & JXA
32
ATT&CK Techniques
MITRE ATT&CK mapped
57
Total Scripts
Atomic tests

Script Database

57 scripts across 32ATT&CK techniques

ElevationTCC
T1005
Copy Apple Notes database
AppleScript
T1010
Find all running applications which currently have a window
AppleScript
T1016.001
Test Internet connection
AppleScript
T1018
Read local hosts file
AppleScript
T1021.002
Mount SMB share via AppleScript
AppleScript
T1021.005
Enumerate remote volumes via RAE
AppleScript
T1021.005
Remote execution via Terminal proxy via RAE
AppleScript
T1021.005
Remote Finder comment staging via RAE
AppleScript
T1027
Write payload to Finder comment
AppleScript
T1033
Get user (using System Info)
AppleScript