• Stars
    star
    1,252
  • Rank 37,538 (Top 0.8 %)
  • Language
    Rust
  • License
    MIT License
  • Created almost 3 years ago
  • Updated about 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.

moonwalk

Cover your tracks during Linux Exploitation / Penetration Testing by leaving zero traces on system logs and filesystem timestamps.


πŸ“– Table of Contents

ℹ️ Introduction

moonwalk is a 400 KB single-binary executable that can clear your traces while penetration testing a Unix machine. It saves the state of system logs pre-exploitation and reverts that state including the filesystem timestamps post-exploitation leaving zero traces of a ghost in the shell.

⚠️ NOTE: This tool is open-sourced to assist solely in Red Team operations and in no means is the author liable for repercussions caused by any prohibited use of this tool. Only make use of this in a machine you have permission to test.

Features

  • Small Executable: Get started quickly with a curl fetch to your target machine.
  • Fast: Performs all session commands including logging, trace clearing, and filesystem operations in under 5 milliseconds.
  • Reconnaissance: To save the state of system logs, moonwalk finds a world-writable path and saves the session under a dot directory which is removed upon ending the session.
  • Shell History: Instead of clearing the whole history file, moonwalk reverts it back to how it was including the invokation of moonwalk.
  • Filesystem Timestamps: Hide from the Blue Team by reverting the access/modify timestamps of files back to how it was using the GET command.

Installation

$ curl -L https://github.com/mufeedvh/moonwalk/releases/download/v1.0.0/moonwalk_linux -o moonwalk

(AMD x86-64)

OR

Download the executable from Releases OR Install with cargo:

$ cargo install --git https://github.com/mufeedvh/moonwalk.git

Install Rust/Cargo

Build From Source

Prerequisites:

  • Git
  • Rust
  • Cargo (Automatically installed when installing Rust)
  • A C linker (Only for Linux, generally comes pre-installed)
$ git clone https://github.com/mufeedvh/moonwalk.git
$ cd moonwalk/
$ cargo build --release

The first command clones this repository into your local machine and the last two commands enters the directory and builds the source in release mode.

Usage

Once you get a shell into the target Unix machine, start a moonwalk session by running this command:

$ moonwalk start

While you're doing recon/exploitation and messing with any files, get the touch timestamp command of a file beforehand to revert it back after you've accessed/modified it:

$ moonwalk get ~/.bash_history

Post-exploitation, clear your traces and close the session with this command:

$ moonwalk finish

That's it!

Contribution

Ways to contribute:

  • Suggest a feature
  • Report a bug
  • Fix something and open a pull request
  • Help me document the code
  • Spread the word
  • Find something I missed which leaves any trace!

License

Licensed under the MIT License, see LICENSE for more information.

More Repositories

1

binserve

A fast production-ready static web server with TLS (HTTPS), routing, hot reloading, caching, templating, and security in a single-binary you can set up with zero code.
Rust
903
star
2

basecrack

Decode All Bases - Base Scheme Decoder
Python
472
star
3

pdfrip

A multi-threaded PDF password cracking utility equipped with commonly encountered password format builders and dictionary attacks.
Rust
356
star
4

CVE-2019-8449

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4
Python
66
star
5

paydept

πŸ™Œ Shows every open-source dependency you use in your system that accept donations. πŸ’
Rust
44
star
6

seclip

A CLI utility to secretly copy secrets to clipboard. πŸ”’πŸ“
Rust
36
star
7

gisture

A minimal and flexible blog generator based on GitHub Gist.
Rust
30
star
8

log4jail

A firewall reverse proxy for preventing Log4J (Log4Shell aka CVE-2021-44228) attacks.
Rust
24
star
9

l33tmario

Mario the game but you rescue the princess by hacking.
PHP
21
star
10

regretti

A programming language where comments are the first-class citizen and ASCII art flowcharts are the controls!
Rust
18
star
11

okjson

A fast, simple, and pythonic JSON Schema Validator.
Python
5
star
12

ajnatham

An encrypted data storage for notes, passwords, private keys and the like in a single binary with GUI, API and Markdown support.
Rust
5
star
13

website

mufeedvh.com :)
HTML
4
star
14

tupperplot

Tupper's self-referential formula plotting itself on a framebuffer with Rust.
Rust
3
star
15

wordlentropy

Naive and quick Wordle optimal starting word Analysis.
Rust
2
star
16

cheatsheets

my personal cheatsheets.
2
star
17

project-euler

practicing project euler in random languages to build a habit and for fun.
Julia
1
star
18

configuration

my random configs.
Shell
1
star
19

notes

random notes when i feel like it.
JavaScript
1
star