1.6 KiB
covermyass
About
Covermyass is a post-exploitation tool to cover your tracks on various operating systems (Linux, Darwin, Windows, ...). It was designed for penetration testing "covering tracks" phase, before exiting the infected server. At any time, you can run the tool to find which log files exists on the system, then run again later to erase those files. The tool will tell you which file can be erased with the current user permissions. Files are overwritten repeatedly with random data, in order to make it harder for even very expensive hardware probing to recover the data.
Installation
With sudo
sudo curl -sSL https://github.com/sundowndev/covermyass/releases/latest/download/covermyass_Linux_x86_64 -o /usr/bin/covermyass
sudo chmod +x /usr/bin/covermyass
Without sudo :
curl -sSL https://github.com/sundowndev/covermyass/releases/latest/download/covermyass_Linux_x86_64 -o ~/.local/bin/covermyass
chmod +x ~/.local/bin/covermyass
Keep in mind that without sudo privileges, you might be unable to clear system-level log files.
Usage
Run an analysis to find log files :
covermyass
Clear log files instantly :
covermyass --write
Add custom file paths :
covermyass -p '/db/**/*.log'
Filter out some paths :
covermyass -f '/foo/bar/*.log'
covermyass -f '/foo/bar.log'