Moonwalk – Cover Your Tracks During Linux Exploitation By Leaving Zero Traces On System Logs And Filesystem Timestamps
Cover your tracks during Linux
Once you get a shell into the target Unix machine, start a moonwalk session by running this command:
$ moonwalk start While you’re doing recon/exploitation and messing with any files, get the touch timestamp command of a file beforehand to revert it back after you’ve accessed/modified it:
$ moonwalk get ~/.bash_history Post-exploitation, clear your traces and close the session with this command:
$ moonwalk finish That’s it!
Contribution
Ways to contribute:
- Suggest a feature
- Report a bug
- Fix something and open a pull request
- Help me document the code
- Spread the word
- Find something I missed which leaves any trace!
License
Licensed under the MIT License, see LICENSE for more information.
Download Moonwalk
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.
