Post-exploitation tool to cover your tracks on a compromised machine (beta)
 
 
Go to file
sundowndev af1955152e docs: readme 2022-11-29 15:40:50 +04:00
.github/workflows ci: fix go version in release workflow 2022-11-20 16:58:32 +04:00
bin add bin folder 2022-11-01 14:28:11 +04:00
build init v2 project 2022-10-31 14:20:17 +04:00
cmd refactor: remove unlink feature 2022-11-29 15:17:56 +04:00
lib refactor: remove unlink feature 2022-11-29 15:17:56 +04:00
logs init v2 project 2022-10-31 14:20:17 +04:00
mocks feat: init shred lib 2022-11-17 17:29:51 +04:00
.gitignore add bin folder 2022-11-01 14:28:11 +04:00
.goreleaser.yml chore: fix ldflags in goreleaser config 2022-11-20 17:51:09 +04:00
CODEOWNERS init v2 project 2022-10-31 14:20:17 +04:00
LICENSE docs: readme 2022-11-29 15:40:50 +04:00
Makefile init v2 project 2022-10-31 14:20:17 +04:00
README.md docs: readme 2022-11-29 15:40:50 +04:00
go.mod feat: init shred lib 2022-11-17 17:29:51 +04:00
go.sum feat: init shred lib 2022-11-17 17:29:51 +04:00
main.go init v2 project 2022-10-31 14:20:17 +04:00

README.md

covermyass

Build status Tag

About

Covermyass is a post-exploitation tool to cover your tracks on various operating systems (Linux, Darwin, Windows, ...). It was designed for penetration testing "covering tracks" phase, before exiting the infected server. At any time, you can run the tool to find which log files exists on the system, then run again later to erase those files. The tool will tell you which file can be erased with the current user permissions. Files are overwritten repeatedly with random data, in order to make it harder for even very expensive hardware probing to recover the data.

Current status

This tool is still in beta. Upcoming versions might bring breaking changes. For now, we're focusing Linux and Darwin support, Windows may come later.

Installation

Download the latest release :

curl -sSL https://github.com/sundowndev/covermyass/releases/latest/download/covermyass_linux_amd64 -o ./covermyass
chmod +x ./covermyass

Usage

$ covermyass -h

Usage:
  covermyass [flags]

Examples:

Overwrite log files as well as those found by path /db/*.log
covermyass --write -p /db/*.log

Overwrite log files 5 times with a final overwrite with zeros to hide shredding
covermyass --write -z -n 5


Flags:
  -f, --filter strings   File paths to ignore (supports glob patterns)
  -h, --help             help for covermyass
  -n, --iterations int   Overwrite N times instead of the default (default 3)
  -l, --list             Show files in a simple list format. This will prevent any write operation
      --no-read-only     Exclude read-only files in the list. Must be used with --list
  -v, --version          version for covermyass
      --write            Erase found log files. This WILL shred the files!
  -z, --zero             Add a final overwrite with zeros to hide shredding

First, run an analysis. This will not erase anything.

covermyass

When you acknowledged the results, erase those files.

covermyass --write

Filter out some paths :

covermyass -f '/foo/bar/*.log'
covermyass -f '/foo/bar.log'

License

covermyass is licensed under the MIT license. Refer to LICENSE for more information.