MCPcopy Index your code
hub / github.com/cocopollo/HunterM

github.com/cocopollo/HunterM @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
15 symbols 45 edges 1 files 1 documented · 7%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

HunterM - macOS Forensics 🕵️‍♂️

Banner

A powerful macOS DFIR artifact collection tool for forensic analysis.

HunterM is a digital forensics tool designed to collect and analyze key macOS forensic artifacts. It is useful for incident response, threat hunting, and compromise assessments.


🚀 Features

  • ✅ Collects Login Items, Network Connections, Extended Zsh History
  • ✅ Retrieves System Information (OS, kernel, timezone)
  • ✅ Extracts Browser History (Safari, Chrome, Firefox)
  • ✅ Lists Installed Applications
  • ✅ Exports collected artifacts into structured reports
  • No dependencies (except colorama for colored output)

📌 Collected Artifacts

Artifact Description
Login Items Applications that start automatically at login
Network Connections Active network connections (ESTABLISHED state)
Zsh History Extended shell history with timestamps
System Information OS version, kernel details, timezone
Browser History Safari, Chrome, and Firefox visited sites
Installed Applications Lists all installed applications

⚡ Usage

Python HunterM.py -e output_directory

Core symbols most depended-on inside this repo

generate_banner
called by 2
HuntM.py
generate_report
called by 2
HuntM.py
collect_artifacts
called by 1
HuntM.py
get_login_items
called by 1
HuntM.py
get_network_connections
called by 1
HuntM.py
get_zsh_history_extended
called by 1
HuntM.py
get_running_processes
called by 1
HuntM.py
get_browser_history
called by 1
HuntM.py

Shape

Method 11
Function 3
Class 1

Languages

Python100%

Modules by API surface

HuntM.py15 symbols

For agents

$ claude mcp add HunterM \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact