Post-exploitation tool to cover your tracks on a compromised machine (beta)
 
 
Go to file
sundowndev 04c1ca7837 refactor: create init function for each check 2022-11-17 15:37:00 +04:00
.github/workflows init v2 project 2022-10-31 14:20:17 +04:00
bin add bin folder 2022-11-01 14:28:11 +04:00
build init v2 project 2022-10-31 14:20:17 +04:00
cmd refactor: create init function for each check 2022-11-17 15:37:00 +04:00
lib refactor: create init function for each check 2022-11-17 15:37:00 +04:00
logs init v2 project 2022-10-31 14:20:17 +04:00
.gitignore add bin folder 2022-11-01 14:28:11 +04:00
CODEOWNERS init v2 project 2022-10-31 14:20:17 +04:00
LICENSE Create LICENSE 2020-01-23 15:25:54 +01:00
Makefile init v2 project 2022-10-31 14:20:17 +04:00
README.md docs: command description 2022-11-01 13:52:52 +04:00
go.mod init v2 project 2022-10-31 14:20:17 +04:00
go.sum init v2 project 2022-10-31 14:20:17 +04:00
main.go init v2 project 2022-10-31 14:20:17 +04:00

README.md

covermyass

Build status Tag

About

Covermyass is a post-exploitation tool to cover your tracks on various operating systems (Linux, Darwin, Windows, ...). It was designed for penetration testing "covering tracks" phase, before exiting the infected server. At any time, you can run the tool to find which log files exists on the system, then run again later to erase those files. The tool will tell you which file can be erased with the current user permissions. Files are overwritten repeatedly with random data, in order to make it harder for even very expensive hardware probing to recover the data.

Installation

With sudo

sudo curl -sSL https://github.com/sundowndev/covermyass/releases/latest/download/covermyass_Linux_x86_64 -o /usr/bin/covermyass
sudo chmod +x /usr/bin/covermyass

Without sudo :

curl -sSL https://github.com/sundowndev/covermyass/releases/latest/download/covermyass_Linux_x86_64 -o ~/.local/bin/covermyass
chmod +x ~/.local/bin/covermyass

Keep in mind that without sudo privileges, you might be unable to clear system-level log files.

Usage

Run an analysis to find log files :

covermyass

Clear log files instantly :

covermyass --write

Add custom file paths :

covermyass -p '/db/**/*.log'

Filter out some paths :

covermyass -f '/foo/bar/*.log'
covermyass -f '/foo/bar.log'