Loading connector details…
macOS Post-Incident Scanner
MCPOpen SourceMIT20.0
by hegner123 • Uncategorized
An MCP server and CLI tool for macOS that inspects running processes and network connections to flag suspicious activity with severity-ranked explanations.
Example Use Cases
- 1
Perform automated post-incident security analysis on macOS systems.
- 2
Monitor and flag suspicious running processes and network connections.
- 3
Integrate macOS process and network inspection into MCP-compatible workflows.
Description
Scanner is a post-incident investigation tool designed for macOS that analyzes every running process by checking executable paths, code signing status, and network connections. It flags suspicious indicators such as unsigned binaries, invalid signatures, hidden executables, and unusual network activity, providing severity-ranked explanations. The tool can be used as a standalone CLI or as an MCP server compatible with Claude Code, enabling automated security analysis and process management. It supports allowlisting known binaries to reduce false positives and offers JSON output for scripting and integration.
Quick Actions
Quick Stats
Service TypeMCP
Pricing ModelFree
Capabilities0 Tools / 0 Prompts / 0 Resources
Ownerhegner123
CategoryUncategorized
Tags
clicode-signinggolangincident-responsemacosmcp-serverprocess-scannersecurity