Skip to content
This repository has been archived by the owner on Mar 30, 2019. It is now read-only.
/ BURN Public archive

[WIP] Anti-Forensics ToolKit to clear post-intrusion sensible logfiles 🔥 (For Research Only)

Notifications You must be signed in to change notification settings

phosphore/BURN

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 

Repository files navigation

[WIP] BURN

An Anti-Forensics Toolkit to clear sensible logfiles on *nix sistems, inspired by an EquationGroup's command which originally made sure "you've cleaned up any temporary files you've left on the box".

USAGE

BURN has several operational modes:

  • BURN -c 1h (clear) to delete all log entries older than x hour/minutes
  • BURN -f (fake) tamper logs with fake entries. User will be prompted to choose to insert infos e.g. an ip/timespan/other, randomize them or copy older recent log entries and vary them slightly.
  • BURN -d (delete) to hard delete log the whole log files and command history of the current user
  • BURN -b (burn) securely delete the script and exit. This will also clear the command history.

TODO

Log Files in the /var/log Directory:

System Logs Name Filename Description
Boot Log boot.log Contains messages indicating which systems services have started and shut down successfully and which (if any) have failed to start or stop.
Cron Log cron Contains status messages from the crond, a daemon that periodically runs scheduled jobs, such as backups and log file rotation.
Kernel Startup Log dmesg A recording of messages printed by the kernel when the system boots.
FTP Log xferlog Information about files transferred using the wu-ftpd FTP service.
Apache Access Log httpd/access_log Logs requests for information from your Apache Web server.
Apache Error Log httpd/error_log Logs errors encountered from clients trying to access data on your Apache Web server.
Mail Log maillog Contains information about addresses to which and from which e-mail was sent. Useful for detecting spamming.
MySQL Server Log mysqld.log Includes information related to activities of the MySQL database server (mysqld).
News Log spooler Directory containing logs of messages from the Usenet News server, if you are running one.
RPM Packages rpmpkgs Contains a listing of RPM packages that are installed on your system.
Security Log secure Records the date, time, and duration of login attempts and sessions.
System Log messages A general-purpose log file to which many programs record messages.
Update Agent Log up2date Contains messages resulting from actions by the Red Hat Update Agent.
XFree86 Log XFree86.0.log Includes messages output by the Xfree86 server.
* gdm/:0.log Holds messages related to the login screen (GNOME display manager).
* samba/log.smbd Messages from the Samba SMB file service daemon.
* squid/access.log Contains messages related to the squid proxy/caching server.
* vsftpd.log Contains messages relating to transfers made using the vsFTPd daemon (FTP server).
* sendmail Error messages recorded by the sendmail daemon.
* uucp Status messages from the Unix to Unix Copy Protocol daemon.
* snort SNORT
* /aide/aide.log AIDE, Advanced Intrusion Detection Environment

About

[WIP] Anti-Forensics ToolKit to clear post-intrusion sensible logfiles 🔥 (For Research Only)

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages