• Stars
    star
    358
  • Rank 118,855 (Top 3 %)
  • Language
    Go
  • License
    MIT License
  • Created almost 6 years ago
  • Updated almost 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Post-exploitation tool to cover your tracks on a compromised machine (beta)

build status Coverage Status Go Report Card GitHub all releases

Introduction

Covermyass is a post-exploitation tool to cover your tracks on various operating systems. It was designed for penetration testing "covering tracks" phase, before exiting the compromised server. At any time, you can run the tool to find which log files exists on the system, then run again later to erase those files. The tool will tell you which file can be erased with the current user permissions. Files are overwritten repeatedly with random data, in order to make it harder for even very expensive hardware probing to recover the data.

It supports the three major operating systems (Linux, macOS, Windows) and a few smaller ones (FreeBSD, OpenBSD).

Current status

This tool is still in beta. Upcoming versions might bring breaking changes. For now, we're focusing Linux and Darwin support, Windows may come later.

Installation

Download the latest release :

curl -sSL https://github.com/sundowndev/covermyass/releases/latest/download/covermyass_linux_amd64 -o ./covermyass
chmod +x ./covermyass

Verify digital signatures

covermyass releases are signed using PGP key (rsa4096) with ID E5BC23488DA8C7AC and fingerprint 1A662C679AD91F549A77CD96E5BC23488DA8C7AC. Our key can be retrieved from common keyservers.

  1. Download binary, checksums and signature
curl -L https://github.com/sundowndev/covermyass/releases/latest/download/covermyass_linux_amd64 -o covermyass_linux_amd64 && \
curl -L https://github.com/sundowndev/covermyass/releases/latest/download/covermyass_SHA256SUMS -o covermyass_SHA256SUMS && \
curl -L https://github.com/sundowndev/covermyass/releases/latest/download/covermyass_SHA256SUMS.gpg -o covermyass_SHA256SUMS.gpg
  1. Import key
gpg --keyserver https://keys.openpgp.org --recv-keys 0xE5BC23488DA8C7AC
  1. Verify signature (optionally trust the key from gnupg to avoid any warning)
gpg --verify covermyass_SHA256SUMS.gpg covermyass_SHA256SUMS
  1. Verify checksum
sha256sum --ignore-missing -c covermyass_SHA256SUMS

Usage

$ covermyass -h

Usage:
  covermyass [flags]

Examples:

Overwrite log files 5 times with a final overwrite with zeros to hide shredding
covermyass --write -z -n 5


Flags:
  -f, --filter strings   File paths to ignore (supports glob patterns)
  -h, --help             help for covermyass
  -n, --iterations int   Overwrite N times instead of the default (default 3)
  -l, --list             Show files in a simple list format. This will prevent any write operation
      --no-read-only     Exclude read-only files in the list. Must be used with --list
  -v, --version          version for covermyass
      --write            Erase found log files. This WILL shred the files!
  -z, --zero             Add a final overwrite with zeros to hide shredding

First, run an analysis. This will not erase anything.

$ covermyass

Loaded known log files for linux
Scanning file system...

Found the following files
/var/log/lastlog (29.5 kB, -rw-rw-r--)
/var/log/btmp (0 B, -rw-rw----)
/var/log/wtmp (0 B, -rw-rw-r--)
/var/log/faillog (3.2 kB, -rw-r--r--)

Summary
Found 4 files (4 read-write, 0 read-only) in 27ms

When you acknowledged the results, erase those files.

$ whoami
root
$ covermyass --write -n 100

Loaded known log files for linux
Scanning file system...

Found the following files
/var/log/lastlog (29.5 kB, -rw-rw-r--)
/var/log/btmp (0 B, -rw-rw----)
/var/log/wtmp (0 B, -rw-rw-r--)
/var/log/faillog (3.2 kB, -rw-r--r--)

Summary
Found 4 files (4 read-write, 0 read-only) in 27ms

⣾ Shredding files... (3.1 MB, 1.3 MB/s) [2s] 

Successfully shredded 4 files 100 times

Filter out some paths :

$ covermyass -f '/foo/**/*.log' -f '/bar/foo.log'

License

Covermyass is licensed under the MIT license. Refer to LICENSE for more information.

Sponsorship

More Repositories

1

hacker-roadmap

A collection of hacking tools, resources and references to practice ethical hacking.
13,159
star
2

phoneinfoga

Information gathering framework for phone numbers
Go
12,743
star
3

dorkgen

Type-safe dork queries for search engines such as Google, Yahoo, DuckDuckGo & Bing
Go
87
star
4

phoneinfoga-google-driver

WIP - Chromium plugin for PhoneInfoga's Google Search scanner
Go
73
star
5

express-api-example

Express REST API example
JavaScript
35
star
6

inteltools

A collection of useful tools for OSINT investigations
HTML
27
star
7

meganz-webclient-docker

Unofficial Docker image for the mega.nz web client
Dockerfile
19
star
8

underbase

MongoDB schema and data migration library based on semver
TypeScript
19
star
9

website

Personal website
Vue
15
star
10

sundowndev

11
star
11

devbreak.fr

Don't use bookmarks. A collection of resources for designers and front-end developers.
JavaScript
11
star
12

parcel-starter

Simple front-end boilerplate and JS bundler with Parcel, Babel and css preprocessing with Sass.
CSS
9
star
13

castle

Access token management library for Go. Designed for APIs that need a rate and time limited access control feature.
Go
9
star
14

dotfiles

~/.dotfiles
Shell
8
star
15

serve

Simple, production ready, HTTP server for static file serving
Go
8
star
16

algorithms

solving problems the wrong way
Go
7
star
17

static

Host for static files
TypeScript
5
star
18

leafeon

A dependency-free Javascript routing library that fits perfectly with client-side templating
TypeScript
5
star
19

goreleaser-template

Repository template for shipping a Go binary with Go Releaser
Go
4
star
20

hetical-forensic

Agrégateur pour l'intranet de @ecolehetic. Récupère et formalise les données des étudiants et leur activité professionnelle pour des recherches en OSINT et de la visualisation de données.
JavaScript
4
star
21

livre-blanc-video

Le YouTube de demain est-il libre ? Une plongée dans l'industrie du streaming vidéo et ses problématiques.
HTML
3
star
22

website-2018

2018 version of my personal website
CSS
3
star
23

go-search

Full text-search CLI search engine for your file system, backed by Redis (school project)
Go
3
star
24

interview-v1

[DEPRECATED] CSR & frameworkless based web application
PHP
2
star
25

lerna-example

Example Lerna monorepo with Jest, TypeScript & Babel
TypeScript
2
star
26

interview-v5

Another job interview
TypeScript
2
star
27

HETICvsEEMI

Plus Éemien ou Héticien ? Le jeu qui ne fait pas rire les élèves.
TypeScript
2
star
28

si8

la famosa semaine intensive 8 (repo API)
JavaScript
2
star
29

interview-v6

another job interview (anonymous enterprise; It's an MVP!)
TypeScript
2
star
30

WinnersNeverStop

La différence entre les gagnants et les perdants se voit à la grandeur face à la pression. Leur capacité à persévérer et ne jamais arrêter de s'entraîner. Découvrez les coulisses d’une discipline sportive qui se développe de plus en plus, et en particulier en France.
JavaScript
2
star
31

WorkshopPHP

PHP pour les noobs
PHP
2
star
32

interview-v4

TypeScript
1
star
33

kandt

Une application comme on n'en fait plus
PHP
1
star
34

VulcanoPHP

[DEPRECATED] An open-source security-first minimal PHP CMS.
PHP
1
star
35

interview-v2

JavaScript
1
star
36

TasteHealthy

Évaluez la qualité de ce que vous mangez. Projet de visualisation de données basé sur les données d'@openfoodfacts.
JavaScript
1
star
37

si3

A video sharing community platform for independant videomakers
JavaScript
1
star
38

underbase-cli

[DEPRECATED] CLI app for Underbase, a MongoDB schema and data migration library.
TypeScript
1
star
39

grpc-api-example

A gRPC API with grpc gateway and openapi
Go
1
star