Merge pull request #7 from sundowndev/v2.0-beta1

Implement version 2

.github/workflows/build.yml

@@ -0,0 +1,54 @@
+name: Go build
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up Go
+        uses: actions/setup-go@v3.2.0
+        with:
+          go-version: 1.18.4
+        id: go
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v3.0.0
+
+      - name: Get dependencies
+        run: |
+          go get -v -t -d ./...
+
+      - name: Enforce Go formatted code
+        run: |
+          make fmt
+          if [[ -z $(git status --porcelain) ]]; then
+            echo "Git directory is clean."
+          else
+            echo "Git directory is dirty. Run make fmt locally and commit any formatting fixes or generated code."
+            git status --porcelain
+            exit 1
+          fi
+
+      - name: Install tools
+        run: make install-tools
+
+      - name: Build
+        run: make build
+
+      - name: Lint
+        run: make lint
+
+      - name: Test
+        run: go test -race -coverprofile=./c.out -covermode=atomic -v ./...
+
+      - name: Report code coverage
+        env:
+          COVERALLS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          go install github.com/mattn/goveralls@latest
+          goveralls -coverprofile=./c.out -service=github

.github/workflows/release.yml

@@ -0,0 +1,29 @@
+name: release
+
+on:
+  push:
+    tags:
+      - '*'
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3.0.0
+
+      - name: Unshallow
+        run: git fetch --prune --unshallow
+
+      - name: Set up Go
+        uses: actions/setup-go@v3.2.0
+        with:
+          go-version: 1.18.4
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v3.0.0
+        with:
+          version: v1.12.3
+          args: release --rm-dist
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -0,0 +1,24 @@
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+bin/*
+!bin/.gitkeep
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (remove the comment below to include it)
+# vendor/
+.vscode/
+
+.DS_Store
+coverage
+coverage.*
+unit-tests.xml
+.idea

.goreleaser.yml

@@ -0,0 +1,37 @@
+project_name: covermyass
+dist: bin
+release:
+  github:
+    owner: sundowndev
+    name: covermyass
+  draft: false
+  prerelease: auto
+before:
+  hooks:
+    - go generate ./...
+builds:
+  - id: "covermyass"
+    binary: covermyass
+    dir: .
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - darwin
+      #- windows
+    goarch:
+      - amd64
+      - arm
+      - arm64
+      - 386
+    ldflags: "-s -w -X github.com/sundowndev/covermyass/v2/build.version={{.Version}} -X github.com/sundowndev/covermyass/v2/build.commit={{.ShortCommit}}"
+archives:
+  - name_template: '{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}'
+    format: binary
+    replacements:
+      armv6: arm
+checksum:
+  name_template: '{{ .ProjectName }}_SHA256SUMS'
+  algorithm: sha256
+snapshot:
+  name_template: "{{ .Tag }}-next"

CODEOWNERS

@@ -0,0 +1 @@
+*       @sundowndev

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2020 Raphaël Cerveaux
+Copyright (c) 2022 Raphaël Cerveaux
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

Makefile

@@ -0,0 +1,62 @@
+# Use bash syntax
+SHELL=/bin/bash
+# Go parameters
+GOCMD=go
+GOBINPATH=$(shell $(GOCMD) env GOPATH)/bin
+GOMOD=$(GOCMD) mod
+GOBUILD=$(GOCMD) build
+GOCLEAN=$(GOCMD) clean
+GOTEST=gotestsum
+GOGET=$(GOCMD) get
+GOINSTALL=$(GOCMD) install
+GOTOOL=$(GOCMD) tool
+GOFMT=$(GOCMD) fmt
+GIT_TAG=$(shell git describe --abbrev=0 --tags)
+GIT_COMMIT=$(shell git rev-parse --short HEAD)
+
+.PHONY: FORCE
+
+.PHONY: all
+all: fmt lint test build go.mod
+
+.PHONY: build
+build:
+	go generate ./...
+	go build -v -ldflags="-s -w -X 'github.com/sundowndev/covermyass/v2/build.version=${GIT_TAG}' -X 'github.com/sundowndev/covermyass/v2/build.commit=${GIT_COMMIT}'" -o ./bin/covermyass .
+
+.PHONY: test
+test:
+	$(GOTEST) --format testname --junitfile unit-tests.xml -- -mod=readonly -race -coverprofile=./c.out -covermode=atomic -coverpkg=.,./... ./...
+
+.PHONY: coverage
+coverage: test
+	$(GOTOOL) cover -func=cover.out
+
+.PHONY: mocks
+mocks:
+	rm -rf mocks
+	mockery --all
+
+.PHONY: fmt
+fmt:
+	$(GOFMT) ./...
+
+.PHONY: clean
+clean:
+	$(GOCLEAN)
+	rm -f bin/*
+
+.PHONY: lint
+lint:
+	@which golangci-lint > /dev/null 2>&1 || (curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- -b $(GOBINPATH) v1.50.1)
+	golangci-lint run -v --timeout=10m
+
+.PHONY: install-tools
+install-tools:
+	$(GOINSTALL) gotest.tools/gotestsum@v1.6.3
+	$(GOINSTALL) github.com/vektra/mockery/v2@v2.8.0
+
+go.mod: FORCE
+	$(GOMOD) tidy
+	$(GOMOD) verify
+go.sum: go.mod

README.md

@@ -1,97 +1,73 @@
-# Covermyass
+## *covermyass* ##
 
-[![Build status](https://img.shields.io/travis/sundowndev/covermyass/master.svg?style=flat-square)](https://travis-ci.org/sundowndev/covermyass/builds)
-[![Tag](https://img.shields.io/github/tag/SundownDEV/covermyass.svg?style=flat-square)](https://github.com/sundowndev/covermyass/releases)
+[![Build status](https://github.com/sundowndev/covermyass/workflows/Go%20build/badge.svg)](https://github.com/sundowndev/covermyass/actions)
+[![Tag](https://img.shields.io/github/tag/SundownDEV/covermyass.svg)](https://github.com/sundowndev/covermyass/releases)
 
-**⚠️ This tool is unmaintained**
+### About ###
 
-### About
+**Covermyass** is a post-exploitation tool to cover your tracks on various operating systems (Linux, Darwin, Windows, ...). It was designed for penetration testing "covering tracks" phase, before exiting the infected server. At any time, you can run the tool to find which log files exists on the system, then run again later to erase those files. The tool will tell you which file can be erased with the current user permissions. Files are overwritten repeatedly with random data, in order to make it harder for even very expensive hardware probing to recover the data.
 
-Shell script to cover your tracks on UNIX systems. Designed for pen testing "covering tracks" phase, before exiting the infected server. Or, permanently disable system logs for post-exploitation.
+### Current status ###
 
-This tool allows you to clear log files such as :
+This tool is still in beta. Upcoming versions might bring breaking changes. For now, we're focusing Linux and Darwin support, Windows may come later.
 
-```bash
-# Linux
-/var/log/messages # General message and system related stuff
-/var/log/auth.log # Authenication logs
-/var/log/kern.log # Kernel logs
-/var/log/cron.log # Crond logs
-/var/log/maillog # Mail server logs
-/var/log/boot.log # System boot log
-/var/log/mysqld.log # MySQL database server log file
-/var/log/qmail # Qmail log directory
-/var/log/httpd # Apache access and error logs directory
-/var/log/lighttpd # Lighttpd access and error logs directory
-/var/log/secure # Authentication log
-/var/log/utmp # Login records file
-/var/log/wtmp # Login records file
-/var/log/yum.log # Yum command log file
-
-# macOS
-/var/log/system.log # System Log
-/var/log/DiagnosticMessages # Mac Analytics Data
-/Library/Logs # System Application Logs
-/Library/Logs/DiagnosticReports # System Reports
-~/Library/Logs # User Application Logs
-~/Library/Logs/DiagnosticReports # User Reports
-```
+### Installation ###
 
-## Installation
-
-With sudo
+Download the latest release : 
 
 ```bash
-sudo curl -sSL https://raw.githubusercontent.com/sundowndev/covermyass/master/covermyass -o /usr/bin/covermyass
-sudo chmod +x /usr/bin/covermyass
+curl -sSL https://github.com/sundowndev/covermyass/releases/latest/download/covermyass_linux_amd64 -o ./covermyass
+chmod +x ./covermyass
 ```
 
-Without sudo :
+### Usage ###
 
-```bash
-curl -sSL https://raw.githubusercontent.com/sundowndev/covermyass/master/covermyass -o ~/.local/bin/covermyass
-chmod +x ~/.local/bin/covermyass
 ```
+$ covermyass -h
 
-You can now use the tool using the executable.
+Usage:
+  covermyass [flags]
 
-Keep in mind that without sudo privileges, you *might* be unable to clear system-level log files (`/var/log`).
+Examples:
 
-## Usage
+Overwrite log files as well as those found by path /db/*.log
+covermyass --write -p /db/*.log
 
-Simply type :
+Overwrite log files 5 times with a final overwrite with zeros to hide shredding
+covermyass --write -z -n 5
 
-```
-covermyass # you may need to use sudo if you want to clean auth logs
-```
 
-Follow the instructions :
+Flags:
+  -f, --filter strings   File paths to ignore (supports glob patterns)
+  -h, --help             help for covermyass
+  -n, --iterations int   Overwrite N times instead of the default (default 3)
+  -l, --list             Show files in a simple list format. This will prevent any write operation
+      --no-read-only     Exclude read-only files in the list. Must be used with --list
+  -v, --version          version for covermyass
+      --write            Erase found log files. This WILL shred the files!
+  -z, --zero             Add a final overwrite with zeros to hide shredding
 
 ```
-Welcome to Cover my ass tool !
-
-Select an option :
 
-1) Clear logs for user root
-2) Permenently disable auth & bash history
-3) Restore settings to default
-99) Exit tool
+First, run an analysis. This will not erase anything.
 
->
+```
+covermyass
 ```
 
-*NOTE: don't forget to exit the terminal session since the bash history is cached.*
-
-Clear logs instantly (requires *sudo* to be efficient) :
+When you acknowledged the results, erase those files.
 
 ```
-sudo covermyass now
+covermyass --write
 ```
 
-### Using cron job
+Filter out some paths : 
 
-Clear bash history every day at 5am :
-
-```bash
-0 5 * * * covermyass now >/dev/null 2>&1
 ```
+covermyass -f '/foo/bar/*.log'
+covermyass -f '/foo/bar.log'
+```
+
+### License ###
+
+**covermyass** is licensed under the MIT license. Refer to [LICENSE](LICENSE) for more information.

build/build.go

@@ -0,0 +1,21 @@
+package build
+
+import (
+	"fmt"
+	"runtime"
+)
+
+var version = "dev"
+var commit = "dev"
+
+func Name() string {
+	return fmt.Sprintf("%s-%s", version, commit)
+}
+
+func String() string {
+	return fmt.Sprintf("%s (%s)", Name(), runtime.Version())
+}
+
+func IsRelease() bool {
+	return Name() != "dev-dev"
+}