Primary Use Case

This tool is primarily used by penetration testers and red teamers during the post-exploitation phase to identify and securely delete log files that could reveal their presence on a compromised system. It helps users cover their tracks before exiting the target machine, making forensic recovery of erased logs significantly harder. The tool supports major OS platforms including Linux, macOS, and plans for Windows support.

Key Features

Supports multiple operating systems: Linux, macOS (Darwin), FreeBSD, OpenBSD, with planned Windows support

Scans and lists existing log files on the system without modifying them

Securely overwrites log files multiple times with random data to prevent recovery

Allows filtering of files to ignore using glob patterns

Reports which files can be erased based on current user permissions

Optionally adds a final overwrite with zeros to mask shredding activity

Open-source with PGP-signed releases for integrity verification

Lightweight CLI tool with simple flags for usage control

Insights & Recommendations

The tool is currently in beta and primarily supports Linux and macOS; Windows support is planned but not yet available. Users should run the tool with appropriate permissions (e.g., root) to maximize the ability to erase log files. Overwriting files multiple times with random data followed by zeros helps reduce forensic recovery chances but may increase operation time. Always verify downloaded binaries using the provided PGP signatures and checksums to ensure integrity and authenticity.

Installation

Download the latest release binary for your OS from the GitHub releases page using curl, e.g.: curl -sSL https://github.com/sundowndev/covermyass/releases/latest/download/covermyass_linux_amd64 -o ./covermyass
Make the binary executable: chmod +x ./covermyass
Optionally verify digital signatures by downloading the binary, checksums, and signature files
Import the PGP public key using gpg --keyserver https://keys.openpgp.org --recv-keys 0xE5BC23488DA8C7AC
Verify the signature with gpg --verify covermyass_SHA256SUMS.gpg covermyass_SHA256SUMS
Verify the checksum with sha256sum --ignore-missing -c covermyass_SHA256SUMS

Usage

covermyass

Run an analysis to scan and list existing log files without erasing anything.

covermyass --write -n 100

Overwrite found log files 100 times with random data to securely erase them.

covermyass --write -z -n 5

Overwrite log files 5 times with random data followed by a final overwrite with zeros to hide shredding.

covermyass --list

Show found log files in a simple list format without performing any write or erase operations.

covermyass --filter '/var/log/btmp'

Ignore specified file paths using glob patterns during scanning or erasure.

covermyass --no-read-only --list

List files excluding read-only files.

covermyass -h

Display help information and available command line flags.

covermyass -v

Display the current version of the covermyass tool.

Smart Usage Notes

Integrate with post-exploitation frameworks like Metasploit or Cobalt Strike to automate track covering after successful exploitation.Use in red team exercises to simulate advanced adversary behavior and test blue team detection and response capabilities.Combine with endpoint detection and response (EDR) evasion techniques to improve stealthiness during engagements.Leverage the tool's multi-OS support to conduct cross-platform penetration tests and validate forensic readiness.Incorporate the tool in purple team drills to improve collaboration by demonstrating real-world defense evasion tactics and their detection.

OpenSec Atlas

covermyass

About This Tool

Primary Use Case

Key Features

Insights & Recommendations

Installation

Usage

Smart Usage Notes

Security Capability Profile

Tags

You Might Also Like