{"id":31074009,"url":"https://github.com/amarilu84/afdw-secure-drive-wiper","last_synced_at":"2026-05-01T21:34:35.566Z","repository":{"id":314530681,"uuid":"1055825494","full_name":"Amarilu84/afdw-secure-drive-wiper","owner":"Amarilu84","description":"Anti-Forensic Drive Wiper for Linux - Securely overwrite disks ensuring non-recoverable data destruction with forensic plausible deniability.","archived":false,"fork":false,"pushed_at":"2025-09-13T07:10:20.000Z","size":70,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-09-13T09:29:07.635Z","etag":null,"topics":["bash","disk-wipe","disk-wiper","forensics","linux","privacy","secure-delete","security-tools"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Amarilu84.png","metadata":{"files":{"readme":"README.md","changelog":"changelog.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-12T21:43:24.000Z","updated_at":"2025-09-13T07:10:23.000Z","dependencies_parsed_at":"2025-09-13T09:29:09.716Z","dependency_job_id":"725d2c3a-992e-43c2-b2d3-26bea0d5ac20","html_url":"https://github.com/Amarilu84/afdw-secure-drive-wiper","commit_stats":null,"previous_names":["amarilu84/afdw","amarilu84/afdw-secure-drive-wiper"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/Amarilu84/afdw-secure-drive-wiper","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Amarilu84%2Fafdw-secure-drive-wiper","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Amarilu84%2Fafdw-secure-drive-wiper/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Amarilu84%2Fafdw-secure-drive-wiper/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Amarilu84%2Fafdw-secure-drive-wiper/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Amarilu84","download_url":"https://codeload.github.com/Amarilu84/afdw-secure-drive-wiper/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Amarilu84%2Fafdw-secure-drive-wiper/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":275348511,"owners_count":25448626,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-16T02:00:10.229Z","response_time":65,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bash","disk-wipe","disk-wiper","forensics","linux","privacy","secure-delete","security-tools"],"created_at":"2025-09-16T02:01:59.881Z","updated_at":"2026-05-01T21:34:35.529Z","avatar_url":"https://github.com/Amarilu84.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/user-attachments/assets/d14505a3-da8f-4af3-a09c-16d775c2bdb1\" alt=\"AFDW Screenshot\"\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n\n  \u003c!-- Latest release badge --\u003e\n  \u003ca href=\"https://github.com/Amarilu84/afdw-secure-drive-wiper/releases\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/v/release/Amarilu84/afdw-secure-drive-wiper?style=for-the-badge\u0026color=blue\u0026logo=github\" alt=\"Latest Release\"\u003e\n  \u003c/a\u003e\n  \u0026nbsp; \u003c!-- spacer --\u003e\n\n  \u003c!-- License badge --\u003e\n  \u003ca href=\"https://github.com/Amarilu84/afdw-secure-drive-wiper/blob/main/LICENSE\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/license/Amarilu84/afdw-secure-drive-wiper?style=for-the-badge\u0026color=green\" alt=\"License\"\u003e\n  \u003c/a\u003e\n  \u0026nbsp;\n\n  \u003c!-- Shell language badge --\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Shell-Bash-blue?style=for-the-badge\u0026logo=gnu-bash\" alt=\"Shell: Bash\"\u003e\n\n\u003c/p\u003e\n\nAFDW — The \"Anti-Forensic Drive Wiper\"\nSecurely wipes drives with the intent of shredding data beyond recovery and leaving no trace of wipe signatures\neven by extreme methods up to and including national security/government forensic LABs.\n\nAES 256 CTR mode (stream cipher) 32Bit random key 16Bit random IV/Nonce. No \"Salted\" or PBKDF2 metadata headers are written\nbecause Key / IV are supplied directly. Result is high-entropy bytes from absolute beginning to end of drive for plausible\ndeniability (pure random-looking fill from uninitialized drive).\n\nIf formatting with file system, it mimics factory settings (random Serial / UUID / Label). Leaves no trace of wipe. It also writes the appropriate\n\"cylinders\" (clusters) based on size of disk (\u003c 8 GiB → 16 KiB / 8–32 GiB → 32 KiB / 32–128 GiB → 64 KiB / ≥ 128 GiB → 128 KiB)\nas would a legitimate \"factory setting\".\n\nAttempts to utilize Discard/TRIM if supported by device controller, otherwise does a 1-pass zero fill, then optional file system.\n\nAFDW by default runs in a \"guided\" mode which has lots of safety's in place with confirmations so you don't accidentally destroy your data.\nYou can use different flags to modify or change it's behavior.\n\nAFDW also supports an emergency mode which instantly and immediately begins wiping with the fastest, most secure method possible, bypassing\nall safety's and confirmations, even melting system drives. IYKYK.\n\nAttempts to utilize Discard/TRIM if supported by device controller, otherwise does a 1-pass zero fill, then optional file system.\n\nIf formatting with file system, it mimics factory settings (random Serial / UUID / Label). Leaves no trace of wipe.\nIt also properly handles zero-wiping pre-partition area, noting whether it is MBR or GPT and safely handling each\nwithout nuking MBR or partition meta-data.\n\nThere are `--flags` you can use to customize the wipe based on your needs. You can skip methods, use only certain methods, etc. (read on or use with -h).\n\n\n# TL;DR (What it does):\n\n1.) Lists disks with `lsblk`, shows size/model. Pick the right drive \u0026 double-confirm.\n\n2.) Makes you type the full path again, then type ERASE (case-sensitive) before anything destructive.\n\n3.) Unmounts everything from that device.\n\n4.) Flushes writes (`sync`), unmounts recursively (or lazy) so nothing is mounted.\n\n5.) Fills the *exact* device size with encrypted noise. (This prevents 'no space left' notice at end).\n\n6.) Grab the byte size (`blockdev --getsize64`), stream zeros for exactly that many bytes, pipe through AES-256-CTR with a random key/IV, and write to the device.\\\n(The older method generated a passphrase and piped it through AES-256-CTR, but left a \"Salted__\" header in first 8 bits).\\\n(I felt this defeated the purpose of true 'Ghost Mode' and it could be seen that it was wiped on purpose).\\\n(The fix was to use exact device size, pipe zero's through encryption, and write directly to disk with dd using random key/IV).\\\n(Result: surface looks like high-entropy “random” data end-to-end).\n\n7.) Try the controller’s internal wipe (discard/trim).\n\n8.) If `blkdiscard` is supported, issue it. Then spot-check a few random 4 MiB blocks:\n(The blocks are randomly chosen from the beginning, middle, and end of drive).\\\n(If they read as all `0x00` or all `0xFF`, great — considered erased).\\\n(If not, assume discard didn’t really clear everything → do a single zero pass).\\\n\nNOTE: It is true you can just use internal discard/trim to write zero's at firmware level and be OK.\nMany people will say that you are wasting time writing high entropy random first, then zero's second. There is truth to this.\nHowever, where a noise-first pass can be useful is when zeros might be treated specially by the device/stack:\nCompressing SSDs / data-reduction controllers (mostly internal SATA/NVMe SSDs, not cheap USB/SD) - writing zeros can be elided/compressed;\na random pass forces real writes across the address space. Thin-provisioned LUNs / dedup filesystems / sparse images (VMs, SANs) - zeros may\nde-allocate or dedup; random data proves allocation and overwrites.\n\nIf the final look you want is “high-entropy/uninitialized” (not factory): stopping after the noise pass yields a surface that looks like\nencrypted or never-used data. That’s the only time the noise pass meaningfully changes the forensic “appearance.”\n\nFor USB sticks / SD cards with no discard/TRIM support, controllers typically don’t compress zeros. So for your factory-look target, just do:\nPreferred: blkdiscard → format → verify (fastest, if supported).\nFallback: zero-only → format → verify (half the time of noise+zero, same final look).\n\nThe philosophy here is, why are you using this script? Does the consequence of your data being recovered outweigh your trust in other/faster\nerasure methods, or concerns over the lifespan of the drive with the amount of writes? If losing a cheap USB flash drive spares you a visit\nfrom the FBI, then just do the extra methods, no?. At the end of the day, it's you that gets affected, not the others with opinions.\\\n-END NOTE-\n\n\n9.) Zero-pass fallback (if needed - in case discard/trim wasn't available).\n\n10.) One clean sweep of zeros across the *exact* byte size (prevents 'no space left' hiccup), syncing at the end.\n\n11.) Partitions + formats for a “factory-fresh” look.\\\n(Creates one aligned partition table (MBR by default, or GPT if you asked).\\\n(Makes a single primary partition starting at *1 MiB* (good alignment/“cylinders” realism).\\\n(Formats exFAT with a capacity-aware cluster size:\\\n(\u003c8 GiB → 16K, 8–32 GiB → 32K, 32–128 GiB → 64K, ≥128 GiB → 128K).\n\n12.) Randomizes identifiers: generates an 8-char A–Z/0–9 label, and a fresh volume GUID/serial.\n\n13.) Verifies it really looks clean \u0026 normal.\\\n(Checks: MBR signature '0x55AA', erased pre-partition gap, middle \u0026 last random MiBs erased, table type (MBR/GPT) matches, label pattern OK),\n(exFAT UUID pattern '####-####', partition starts exactly at *1 MiB*, and that a small read inside the filesystem works).\n\n14.) Logs everything.\\\n(Write a human log and a JSON log (includes per-stage timings) to ./afdw_logs/ )\n\n15.) Optionally powers off/ejects the device.\\\n(If supported, 'udisksctl power-off' so you can safely yank it.\n\n\nNet effect: you end with a drive that either (a) looks blank and freshly formatted like it came from the factory,\nor (b) (if you choose) ends on high-entropy “random” data — your call via flags.\n\n\n\n\n# How To Run (First Time Setup):\n\nFirst run (no dependencies yet)\n\nDebian / Ubuntu / Kali:\n\nchmod +x afdw.sh\\\nsudo bash ./afdw.sh --install-deps --doctor\\\nsudo bash ./afdw.sh\\\n\nThis gives permissions, installs dependencies, checks that all functions will work.\n\nJust testing the flow without formatting?\\\nsudo bash ./afdw.sh --no-format\n\n\nOther distros (quick hints)\n\n1. Show what’s missing (no disk prompts, no writes):\n\nsudo bash ./afdw.sh --doctor\n\n2. Install the basics with your package manager:\n\nFedora/RHEL/CentOS:\n\nsudo dnf install -y coreutils util-linux openssl parted exfatprogs\n\nArch/Manjaro:\n\nsudo pacman -S --needed coreutils util-linux openssl parted exfatprogs\n\nopenSUSE:\n\nsudo zypper install -y coreutils util-linux openssl parted exfatprogs\n\n(Optional but nice): blkdiscard udisksctl partx kpartx\n\n\n\n# Gotchas\n\nRun as **root** (the script enforces it).\\\n**WSL/containers** are blocked on purpose (unsafe for raw disks).\\\nMake sure you run with **bash** i.e. sudo bash ./afdw.sh and **NOT** with /bin/sh i.e. sudo ./afdw.sh\\\nUse **doctor mode** anytime to check the environment:\n\nsudo bash ./afdw.sh --doctor\n\n\n\n# How To Run (After Initial Setup):\n\nRun it in guided mode (most common) and follow the prompts:\\\nsudo bash ./afdw.sh\n\nRun it in batch mode with explicit confirmation:\\\nsudo bash ./afdw.sh --device /dev/sdX --non-interactive --erase-confirm ERASE\n\nFast method for drives without TRIM/DISCARD:\\\nsudo bash ./afdw.sh --device /dev/sdX --fast\n\nWhy you might want each mode:\n\nFactory-fresh look (common)\\\nUse --fast on media without DISCARD to skip the noise pass (cuts time ~in half), then format + verify.\\\nsudo bash ./afdw.sh --device /dev/sdX --fast\n\nRandomized final surface (entropy on disk)\\\nUse --noise-only --no-format to end on high-entropy data and stop there.\\\nsudo bash ./afdw.sh --device /dev/sdX --noise-only --no-format\n\nOne quick zero pass, nothing else\\\nsudo ./afdw.sh --device /dev/sdX --zero-only --no-format\n\nSkip wipes; just partition + format + verify\\\nsudo bash ./afdw.sh --device /dev/sdX --skip-wipe\n\n\n\n# All Flags:\n\nTargeting \u0026 Safety\n\n--device /dev/sdX — pick a device explicitly (required for non-interactive).\n--non-interactive --erase-confirm ERASE — batch mode (token is *CASE SENSITIVE*).\n--genius — allow operating on the system/root disk (dangerous; default is refuse).\n\nWipe/Format Behavior\n\n--noise-only — run only the high-entropy fill; skip zero and format.\n--zero-only — run only a single zero pass; skip noise and format.\n--skip-wipe — skip wipe passes; do partition + exFAT + verify.\n--fast — if DISCARD is unsupported, automatically skip the noise pass.\n--no-format — don’t create a partition or filesystem.\n--gpt — use a GPT table instead of MBR (msdos).\n--label RANDOM|CUSTOM — label mode (default RANDOM).\n--label-text \"NAME1234\" — with CUSTOM, sets the exact label (A–Z/0–9, up to 11 chars; upcased).\n--strict — if verification fails, exit 2 (otherwise it reports and continues).\n--no-poweroff — skip `udisksctl power-off` at the end.\n--dry-run — print what would run; don’t touch the device.\n--no-color — disable ANSI colors.\n-h, --help — show usage.\n\n\n\n# Under The Hood (short version):\n\nNoise pass: dd if=/dev/zero | openssl enc -aes-256-ctr → dd of=/dev/…\\\nGives a high-entropy surface (looks like encrypted data).\n\nGhost erase: tries blkdiscard -t (tests support) and blkdiscard (actual discard).\\\nIf unsupported, samples a few random 4 MiB blocks at beginning, middle, and end of drive; if they’re not all zeros/0xFF, it does a single zero pass.\n\nPartition: parted -a optimal mklabel \u003cmsdos|gpt\u003e mkpart primary 1MiB 100%\\\nNames the partition correctly for sdb1 vs mmcblk0p1/nvme0n1p1.\n\nFormat: mkfs.exfat with cluster size chosen from capacity and a random/custom label.\n\nVerify: MBR 0x55AA, erased pre-partition gap and sample blocks, partition table type, label pattern,\nexFAT UUID pattern (####-####), 1 MiB alignment, sample read in the filesystem.\n\n\n\n# What logs you get:\n\nEverything lands in `./afdw_logs/` next to the script:\n\nverify_XXXX.txt — the human-readable PASS/FAIL transcript\\\nafdw_YYYYMMDD_HHMMSS.json — the machine log (includes timings)\n\nExample JSON:\\\njson\\\n{\\\n\"timestamp\": \"2025-09-12T06:38:03-04:00\",\\\n\"device\": \"/dev/sdb\",\\\n\"size_bytes\": 61524148224,\\\n\"human_size\": \"57.30 G\",\\\n\"model\": \"SanDisk\",\\\n\"bus\": \"usb\",\\\n\"table_type\": \"msdos\",\\\n\"formatted\": 1,\\\n\"label\": \"B47XJ4ZA\",\\\n\"uuid\": \"E9E3-F808\",\\\n\"discard_attempted\": 0,\\\n\"verify_passed\": 1,\\\n\"strict_mode\": 0,\\\n\"fast_mode\": 1,\\\n\"skip_wipe\": 0,\\\n\"times\": { \"total\": 4290, \"noise\": 0, \"erase\": 4289, \"format\": 1, \"verify\": 0 },\\\n\"dry_run\": 0\\\n}\n\n\n\n# Requirements:\n\nLinux + Bash 4+\\\nMust run as root: `sudo bash ./afdw.sh`\\\nTools you’ll need on PATH:\n\nrequired: lsblk dd openssl parted blkid uuidgen blockdev grep awk sed tr wc hexdump\\\nrecommended: exfatprogs (for mkfs.exfat), blkdiscard, findmnt, udisksctl, partx, kpartx\n\n\n\n# Install on Debian/Ubuntu/Kali:\n\nsudo apt update\\\nsudo apt install -y coreutils util-linux openssl parted exfatprogs blkid uuid-runtime udisks2\n\n\n\n# Performance notes\n\nIf your stick doesn’t support DISCARD, --fast will skip the noise pass automatically → roughly half the time.\\\nUSB 3+ matters. lsusb -t should show 5000M (not 480M). Bad hubs/cables drop you to USB 2 speeds.\\\nBig block sizes help for the zero pass (bs=8M is good; bs=32M can help, but diminishing returns).\\\nNoise+zero writes the device twice. If the final look you want is “factory blank”, you don’t need both on non-discard media.\n\n\n\n# Troubleshooting:\n\n“Not a block device” — check your path (/dev/sdb, not /dev/sdb1).\\\n/dev/nvme0n1 doesn’t exist — partition names ending in digits use 'p1' (the script handles this: /dev/loop0p1, /dev/nvme0n1p1, etc.)\\\nblkdiscard skipped — totally normal on many USB/SD sticks. The script will sample and do a zero pass if needed.\\\n“Final confirmation failed” — it’s case-sensitive `ERASE` on purpose. If you lose your data by accident 1 time you'll understand.\\\nSlow speeds — check cables, hubs, and lsusb -t. Front-panel or cheap hubs often force USB 2.\\\nSyntax/Lint — quick check with bash -n afdw.sh; deeper hints with shellcheck afdw.sh\n\n\n\n# Exit codes (so you can script around it):\n\n0 — success (even if verification found issues *unless* --strict was set)\\\n1 — usage or unrecoverable runtime error\\\n2 — verification failed *and* you passed --strict\\\n\n\n\n# Contributing:\n\nPRs welcome for additional filesystems, more verification checks, smarter device detection, etc.\\\nPlease include a short log snippet and your command line when reporting issues.\\\nThis is my first script, I'm sure you'll find things.\n\n\n\n# License:\n\nMIT License\n\nCopyright (c) 2025 oRioN NetheRstaR (aka Amarilu84)\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the “Software”), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in\nall copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\nTHE SOFTWARE.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Famarilu84%2Fafdw-secure-drive-wiper","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Famarilu84%2Fafdw-secure-drive-wiper","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Famarilu84%2Fafdw-secure-drive-wiper/lists"}