Upload source

Author: mufeedvh

.github/workflows/release.yml

@@ -0,0 +1,58 @@
+name: moonwalk Release Action
+
+on:
+  push:
+
+jobs:
+  build-ubuntu:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Install latest rust toolchain
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          default: true
+          override: true
+
+      - name: Build for Linux
+        run: cargo build --all --release && strip target/release/moonwalk && mv target/release/moonwalk target/release/moonwalk_linux
+
+      - name: Release
+        uses: softprops/action-gh-release@v1
+        if: startsWith(github.ref, 'refs/tags/')
+        with:
+          files: |
+           target/release/moonwalk_linux
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  build-mac:
+    runs-on: macos-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Install latest rust toolchain
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          target: x86_64-apple-darwin
+          default: true
+          override: true
+
+      - name: Build for Mac
+        run: cargo build --all --release && strip target/release/moonwalk && mv target/release/moonwalk target/release/moonwalk_darwin
+
+      - name: Release
+        uses: softprops/action-gh-release@v1
+        if: startsWith(github.ref, 'refs/tags/')
+        with:
+          files: |
+            target/release/moonwalk_darwin
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -0,0 +1,10 @@
+# Generated by Cargo
+# will have compiled files and executables
+/target/
+
+# Remove Cargo.lock from gitignore if creating an executable, leave it for libraries
+# More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html
+Cargo.lock
+
+# These are backup files generated by rustfmt
+**/*.rs.bk

Cargo.toml

@@ -0,0 +1,16 @@
+[package]
+name = "moonwalk"
+version = "1.0.0"
+edition = "2018"
+
+[dependencies]
+colored = "2.0.0"
+users = "0.11.0"
+serde = { version = "1.0.132", features = ["derive"] }
+serde_json = "1.0.73"
+once_cell = "1.9.0"
+
+[profile.release]
+lto = 'thin'
+panic = 'abort'
+codegen-units = 1

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2021 Mufeed VH
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,2 @@
+# moonwalk
+Cover your tracks during Linux Exploitation/Penetration Testing by leaving zero traces on system logs and filesystem timestamps.

src/core/clear.rs

@@ -0,0 +1,56 @@
+use std::io::Result;
+
+use super::{
+    values,
+    fs::FileSystem,
+    logger::TMP_LOG_DIR
+};
+
+/// Clears every invokation of `moonwalk` from shell history
+pub fn clear_me_from_history() -> Result<()> {
+    const HISTORY_FILES: [&str; 2] = ["~/.bash_history", "~/.zsh_history"];
+
+    // get current authenticated user
+    let user = &values::CURR_USER;
+
+    for file in HISTORY_FILES {
+        let mut file_path: String = String::from(file);
+
+        // parse and resolve `~/` home path
+        if file_path.starts_with('~') {
+            let current_user = format!(
+                "/home/{:?}/",
+                user.name()
+            ).replace('"', "");
+
+            file_path = file_path.replace("~/", &current_user);
+        }
+
+        let mut write_buffer = String::new();
+
+        if FileSystem::file_exists(&file_path) {
+            let file_contents = String::from_utf8(
+                FileSystem::read(&file_path)?
+            ).unwrap();
+    
+            for line in file_contents.lines() {
+                let condition = line.contains("moonwalk") || line.contains("MOONWALK");
+    
+                if !condition {
+                    write_buffer.push_str(line);
+                    write_buffer.push('\n')
+                }
+            }
+    
+            FileSystem::write(
+                &file_path,
+                write_buffer.as_bytes()
+            )?;
+        }
+    }
+
+    // finally remove the logging directory
+    FileSystem::remove_dir(&TMP_LOG_DIR)?;
+
+    Ok(())
+}

src/core/fs.rs

@@ -0,0 +1,86 @@
+use std::fs;
+use std::io::BufReader;
+use std::io::prelude::*;
+use std::path::Path;
+use std::io::Result;
+use std::process::Command;
+
+use super::parsers::nix_stat_parser;
+
+use serde::{Deserialize, Serialize};
+
+pub struct FileSystem;
+
+#[derive(Serialize, Deserialize)]
+pub struct FileStat {
+    pub atime: String,
+    pub mtime: String,
+    pub ctime: String
+}
+
+impl FileSystem {
+    /// Returns stat info of files to parse access/modify timestamps
+    pub fn file_nix_stat(file_path: &str) -> FileStat {
+        // return file stats from child process
+        let child_process = Command::new("/bin/stat")
+            .arg(file_path)
+            .output()
+            .expect("failed to execute child process");
+
+        // parse unix timestamp from fs stats
+        nix_stat_parser(
+            String::from_utf8_lossy(&child_process.stdout)
+        )
+    }
+
+    /// Apply timestamps to files using the touch utility
+    #[inline]
+    pub fn change_file_timestamp(file_path: &str, stat: FileStat) {
+        Command::new("/usr/bin/touch")
+            .args([
+                "-a", "-t", &stat.atime,
+                "-m", "-t", &stat.mtime,
+                file_path
+            ])
+            .output()
+            .expect("failed to execute child process");
+    }
+
+    /// Returns if a file path exists or not
+    #[inline]
+    pub fn file_exists(file_path: &str) -> bool {
+        Path::new(file_path).exists()
+    }
+
+    /// Read a file into bytes
+    pub fn read(file_path: &str) -> Result<Vec<u8>> {
+        let file = fs::File::open(file_path)?;
+        let mut buf_reader = BufReader::new(file);
+        let mut contents: Vec<u8> = Vec::new();
+        buf_reader.read_to_end(&mut contents)?;
+        Ok(contents)
+    }
+
+    /// Write bytes to a file
+    pub fn write(file_path: &str, contents: &[u8]) -> Result<()> {
+        let mut file = fs::File::create(file_path)?;
+        file.write_all(contents)?;
+        Ok(())        
+    }
+
+    /// Create a recursive directory
+    pub fn create_dir(file_path: &str) -> Result<()> {
+        if !Path::new(file_path).exists() {
+            fs::create_dir_all(file_path)?
+        }
+        Ok(())
+    }
+
+    /// Remove a directory at absolute path
+    pub fn remove_dir(file_path: &str) -> Result<()> {
+        if Path::new(file_path).exists() {
+            fs::remove_dir_all(file_path)?
+        }
+        Ok(())
+    }
+}