Cover your tracks during Linux Exploitation / Penetration Testing by leaving zero traces on system logs and filesystem timestamps. moonwalk is a 400 KB single-binary executable that can clear your traces while penetration testing a Unix machine. It saves the state of system logs pre-exploitation and reverts that state including the filesystem timestamps post-exploitation leaving zero traces of a ghost in the shell.
Features
- Documentation available
- Get started quickly with a curl fetch to your target machine
- Performs all session commands including logging, trace clearing, and filesystem operations in under 5 milliseconds
- To save the state of system logs, moonwalk finds a world-writable path and saves the session under a dot directory which is removed upon ending the session
- Instead of clearing the whole history file, moonwalk reverts it back to how it was including the invokation of moonwalk
- Hide from the Blue Team by reverting the access/modify timestamps of files back to how it was using the GET command
Categories
File SystemsLicense
MIT LicenseFollow moonwalk
Other Useful Business Software
Earn up to 16% annual interest with Nexo.
Generate interest, borrow against your crypto, and trade a range of cryptocurrencies — all in one platform.
Geographic restrictions, eligibility, and terms apply.
Rate This Project
Login To Rate This Project
User Reviews
Be the first to post a review of moonwalk!