Post-exploitation tool to cover your tracks on a compromised machine (beta)
 
 
Go to file
sundowndev cec318a935 init v2 project 2022-10-31 14:20:17 +04:00
.github/workflows init v2 project 2022-10-31 14:20:17 +04:00
build init v2 project 2022-10-31 14:20:17 +04:00
cmd init v2 project 2022-10-31 14:20:17 +04:00
lib init v2 project 2022-10-31 14:20:17 +04:00
logs init v2 project 2022-10-31 14:20:17 +04:00
.gitignore init v2 project 2022-10-31 14:20:17 +04:00
CODEOWNERS init v2 project 2022-10-31 14:20:17 +04:00
LICENSE Create LICENSE 2020-01-23 15:25:54 +01:00
Makefile init v2 project 2022-10-31 14:20:17 +04:00
README.md init v2 project 2022-10-31 14:20:17 +04:00
go.mod init v2 project 2022-10-31 14:20:17 +04:00
go.sum init v2 project 2022-10-31 14:20:17 +04:00
main.go init v2 project 2022-10-31 14:20:17 +04:00

README.md

covermyass

Build status Tag

About

Covermyass is a post-exploitation tool to cover your tracks on various operating systems (Linux, Darwin, Windows, ...). It was designed for penetration testing "covering tracks" phase, before exiting the infected server. At any time, you can run the tool to find which log files exists on the system, then run again later to erase those files. The tool will tell you which file can be erased with the current user permissions.

Installation

With sudo

sudo curl -sSL https://github.com/sundowndev/covermyass/releases/latest/download/covermyass_Linux_x86_64 -o /usr/bin/covermyass
sudo chmod +x /usr/bin/covermyass

Without sudo :

curl -sSL https://github.com/sundowndev/covermyass/releases/latest/download/covermyass_Linux_x86_64 -o ~/.local/bin/covermyass
chmod +x ~/.local/bin/covermyass

Keep in mind that without sudo privileges, you might be unable to clear system-level log files.

Usage

Run an analysis to find log files :

covermyass

Clear log files instantly :

covermyass --write

Add custom file paths :

covermyass -p '/db/**/*.log'

Filter out some paths :

covermyass -f '/foo/bar/*.log'
covermyass -f '/foo/bar.log'