Analysis updated 2026-07-18 · repo last pushed 2026-04-23
Audit an organization's Jamf Pro setup to find overly permissive accounts that could let someone take over managed Macs.
Run a red team engagement to discover privilege escalation paths from a low-level Jamf account to full control of managed computers.
Verify during a compliance review that no hidden administrative paths exist across a Jamf Pro tenant.
Bridge Jamf Pro permission data with Okta identity management to visualize cross-platform access relationships in BloodHound.
| specterops/jamfhound | lynote-ai/ai-detector-skill | rss3208/visiomaster | |
|---|---|---|---|
| Stars | 134 | 134 | 134 |
| Language | Python | Python | Python |
| Last pushed | 2026-04-23 | — | — |
| Maintenance | Maintained | — | — |
| Setup difficulty | moderate | easy | hard |
| Complexity | 4/5 | 2/5 | 3/5 |
| Audience | ops devops | general | researcher |
Figures from each repo's GitHub metadata at analysis time.
Requires a running BloodHound instance, Python 3.12+, and manual configuration of Jamf Pro connection details within the code.
JamfHound is a security tool that maps out the permissions and relationships inside a Jamf Pro environment. Jamf Pro is a popular platform that IT teams use to manage fleets of Apple devices. By connecting to Jamf Pro and extracting data about accounts, computers, groups, and policies, this tool reveals how permissions are structured and identifies potential "attack paths", chains of access that could let someone gain control or run code on managed machines. The tool works by logging into a Jamf Pro instance using provided credentials, ideally an "auditor" account with broad read-only access. It gathers information about the environment and outputs that data as JSON files. These files are designed to be fed into BloodHound, a widely used security visualization tool. Once imported, BloodHound displays a visual map showing who has access to what and how different objects are connected, making it easier to spot overly permissive configurations or hidden risks. The primary users are IT security teams, auditors, and red team operators who need to assess the security posture of an organization's Apple device management setup. For example, a security analyst might use this tool to see if a low-level Jamf account can escalate privileges to take over a managed computer, or an auditor might use it to verify that no unnecessary administrative paths exist across the tenant. It works with both cloud-hosted and on-site Jamf Pro installations and can also bridge data with Okta identity management systems. The project originated as a proof-of-concept during a 24-hour hackathon at SpecterOps but has since been developed into a community-maintained tool. Notably, some of its earlier standalone features for querying individual accounts or devices are deprecated, meaning they still function but are no longer actively supported. The developers recommend using a separate project called Eve for those targeted enumeration tasks, keeping this tool focused on generating data for BloodHound visualization. Setting it up requires some technical comfort, as users need a running BloodHound instance, Python 3.12 or newer, and must manually configure connection details within the code. The team notes that future improvements are planned, including multi-threading to speed up data collection and enhanced error handling.
JamfHound connects to Jamf Pro Apple device management and exports permission data as JSON for BloodHound, helping security teams visualize who can access what across managed Macs and find hidden attack paths.
Mainly Python. The stack also includes Python, BloodHound, Jamf Pro API.
Maintained — commit in last 6 months (last push 2026-04-23).
No license information was provided in the explanation, so usage rights are unknown.
Setup difficulty is rated moderate, with roughly 1h+ to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.