A large number of plugin descriptions are incorrect (copy and pasted from other plugins). For example mac_check_mig_table says it lists processes. Please double check all of these.
mac_adium - Gets memory maps of processes
mac_apihooks - Checks for API hooks in processes
mac_apihooks_kernel - Checks to see if system call and kernel functions are hooked
mac_arp - Prints the arp table
mac_bash - Recover bash history from bash process memory
mac_bash_env - Recover bash's environment variables
mac_bash_hash - Recover bash hash table from bash process memory
mac_calendar - Gets calendar events from Calendar.app
mac_check_mig_table - List Running Processes
mac_check_syscall_shadow - List Running Processes
mac_check_syscalls - Checks to see if system call table entries are hooked
mac_check_sysctl - Checks for unknown sysctl handlers
mac_check_trap_table - Checks to see if mach trap table entries are hooked
mac_contacts - Gets contact names from Contacts.app
mac_dead_procs - Prints terminated/de-allocated processes
mac_dead_sockets - Prints terminated/de-allocated network sockets
mac_dead_vnodes - Prints terminated/de-allocated processes
mac_dmesg - Prints the kernel debug buffer
mac_dump_file - Dumps a specified file
mac_dump_maps - Dumps memory ranges of processes
mac_dyld_maps - Gets memory maps of processes from dyld data structures
mac_find_aslr_shift - Find the ASLR shift value for 10.8+ images
mac_ifconfig - Lists network interface information for all devices
mac_ip_filters - Reports any hooked IP filters
mac_keychaindump - Gets memory maps of processes
mac_ldrmodules - Compares the output of proc maps with the list of libraries from libdl
mac_librarydump - Dumps the executable of a process
mac_list_files - Prints mounted device information
mac_list_sessions - Enumerates sessions
mac_list_zones - Prints active zones
mac_lsmod - Lists loaded kernel modules
mac_lsmod_iokit - Lists loaded kernel modules through IOkit
mac_lsmod_kext_map - Lists loaded kernel modules
mac_lsof - Lists per-process opened files
mac_machine_info - Prints machine information about the sample
mac_malfind - Looks for suspicious process mappings
mac_memdump - Dump addressable memory pages to a file
mac_moddump - Writes the specified kernel extension to disk
mac_mount - Prints mounted device information
mac_netstat - Lists active per-process network connections
mac_network_conns - Lists network connections from kernel network structures
mac_notesapp - Gets memory maps of processes
mac_notifiers - Detects rootkits that add hooks into I/O Kit (e.g. LogKext)
mac_pgrp_hash_table - Walks the process group hash table
mac_pid_hash_table - Walks the pid hash table
mac_print_boot_cmdline - Prints kernel boot arguments
mac_proc_maps - Gets memory maps of processes
mac_procdump - Dumps the executable of a process
mac_psaux - Prints processes with arguments in user land (**argv)
mac_pslist - List Running Processes
mac_pstree - Show parent/child relationship of processes
mac_psxview - Find hidden processes with various process listings
mac_recover_filesystem - Recover the cached filesystem
mac_route - Prints the routing table
mac_socket_filters - Reports socket filters
mac_tasks - List Active Tasks
mac_trustedbsd - Lists malicious trustedbsd policies
mac_version - Prints the Mac version
mac_volshell - Shell in the memory image
mac_yarascan - Scan memory for yara signatures
A large number of plugin descriptions are incorrect (copy and pasted from other plugins). For example mac_check_mig_table says it lists processes. Please double check all of these.