Early bird registration for SO-CON 2026 is now open!  Register Now
Back to Resource Center
Open-source Tools

Eve

Eve is a Jamf exploitation toolkit used to interact with either cloud hosted Jamf Pro tenants or locally hosted Jamf Pro servers using API calls. To use this toolkit credentials for an account registered with the Jamf instance that has API access will be required. This tooling automates attacks that my team and I have performed successfully to exploit Jamf access to enumerate Apple devices, escalate privileges, as well as execute code in varying contexts to laterally move to different systems. The intended user for this toolkit should already have some awareness about Jamf API permissions to know how to best leverage their access.

Download on GitHub

Explore other tools

BloodHound Community Edition

Manage Identity Attack Paths across your hybrid environment and remove the adversary’s favorite target.

BloodHound Community Edition

Read more

Nemesis 2.0

Nemesis 2.0 functions as an "offensive VirusTotal," automatically processing files collected during security assessments through an extensive pipeline of specialized analyzers.

Nemesis 2.0

Read more

Ghostwriter

Ghostwriter is a Django web app for red teams to track projects, clients, assets, reports, and evidence.

Ghostwriter

Read more

Mythic

Mythic is an open-source Command and Control (C2) framework designed around a microservice architecture.

Mythic

Read more

Join the conversation

Learn from others and share your story on the BloodHoundGang Slack Community

Connect with us

You might also be interested in

Cover of the State of APM report
White Papers

The State of Attack Path Management

Our inaugural report highlights why Identity Security is increasingly complex, and why it's difficult to execute without Attack Path Management. We're shifting the conversation from static checklists to the dynamic attack graph.

Read more

White Papers

Maturity Model

The rise of identity-based attacks has exposed a blind spot in the security stack; none of the core tools were designed to map or control how privilege chains together. Attackers aren’t slipping through gaps in detection; they’re bypassing controls entirely by chaining together legitimate access into attack paths that lead directly to critical assets.

Read more

White Papers

The CISO’s Guide to Modern Identity Security

A strategic framework for security leaders navigating the shift from reactive incident response to proactive attack path management

Read more