What types of security issues does Scanner detect?

It detects unsigned or invalidly signed binaries, processes running from unusual locations (e.g., `/tmp`), non-standard network port usage, deleted executables, and more, categorizing them by severity (HIGH/MEDIUM/LOW).

Can I integrate Scanner with other tools?

Absolutely. Besides its comprehensive CLI, Scanner also operates as an MCP server, making it compatible with MCP clients like Claude Code for broader security workflows and automation.

What is Scanner for macOS?

Scanner is a powerful security tool designed for post-incident investigation on macOS, identifying and flagging suspicious process activity, network connections, and code signing issues with severity-ranked explanations.

Does Scanner offer network analysis capabilities?

Yes, Scanner can analyze network connections, highlighting external IP addresses to help identify unusual or unauthorized outbound communications from your macOS system.

Scanner

Name: Scanner
Author: hegner123

byhegner123

0•

Herramientas para Desarrolladores

Analíticas y Monitorización

Seguridad y Pruebas

Inspects macOS processes, network connections, and code signing status to identify and flag suspicious activity with severity-ranked explanations.

Scanner is a powerful post-incident investigation tool for macOS designed to thoroughly examine every running process. It meticulously checks executable paths, verifies code signing statuses, and analyzes network connections, then flags any suspicious indicators with detailed, severity-ranked explanations. Available as both a standalone command-line interface and an MCP server for seamless integration with Claude Code, it empowers users to quickly identify potential security threats.

Características Principales

01Comprehensive macOS process investigation

02Code signing verification and tampering detection

03Network connection analysis with external IP highlighting

04Flags suspicious activity with severity ranking (HIGH/MEDIUM/LOW)

05Allowlist management to suppress known false positives

060 GitHub stars

Casos de Uso

01Automating macOS security checks via an MCP client like Claude Code

02Performing security audits of running processes and network activity

03Conducting post-incident security investigations on macOS