{"id":13438463,"url":"https://github.com/evilpan/hidemyass","last_synced_at":"2025-03-20T06:30:25.661Z","repository":{"id":96936233,"uuid":"87164423","full_name":"evilpan/hidemyass","owner":"evilpan","description":"A little post-exploit tool that carefully clean *NIX access logs","archived":false,"fork":false,"pushed_at":"2018-03-22T01:41:44.000Z","size":40,"stargazers_count":116,"open_issues_count":0,"forks_count":39,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-10-28T00:23:01.413Z","etag":null,"topics":["hidemyass","lastlog","unix","utmp","wtmp"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/evilpan.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2017-04-04T08:36:52.000Z","updated_at":"2024-10-01T17:09:28.000Z","dependencies_parsed_at":null,"dependency_job_id":"cc8f4bbf-cf25-4643-93d7-9fd0f58ac6c1","html_url":"https://github.com/evilpan/hidemyass","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/evilpan%2Fhidemyass","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/evilpan%2Fhidemyass/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/evilpan%2Fhidemyass/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/evilpan%2Fhidemyass/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/evilpan","download_url":"https://codeload.github.com/evilpan/hidemyass/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244564780,"owners_count":20473129,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hidemyass","lastlog","unix","utmp","wtmp"],"created_at":"2024-07-31T03:01:05.733Z","updated_at":"2025-03-20T06:30:20.633Z","avatar_url":"https://github.com/evilpan.png","language":"C","funding_links":[],"categories":["C"],"sub_categories":[],"readme":"# hidemyass\n\n```\n'##::::'##:'####:'########::'########:'##::::'##:'##:::'##::::'###:::::'######:::'######::\n ##:::: ##:. ##:: ##.... ##: ##.....:: ###::'###:. ##:'##::::'## ##:::'##... ##:'##... ##:\n ##:::: ##:: ##:: ##:::: ##: ##::::::: ####'####::. ####::::'##:. ##:: ##:::..:: ##:::..::\n #########:: ##:: ##:::: ##: ######::: ## ### ##:::. ##::::'##:::. ##:. ######::. ######::\n ##.... ##:: ##:: ##:::: ##: ##...:::: ##. #: ##:::: ##:::: #########::..... ##::..... ##:\n ##:::: ##:: ##:: ##:::: ##: ##::::::: ##:.:: ##:::: ##:::: ##.... ##:'##::: ##:'##::: ##:\n ##:::: ##:'####: ########:: ########: ##:::: ##:::: ##:::: ##:::: ##:. ######::. ######::\n..:::::..::....::........:::........::..:::::..:::::..:::::..:::::..:::......::::......:::\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n轻轻地我走了     正如给我轻轻地来                  \n        我轻轻地挥手     作别西边的云彩            \n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n```\n\n`hidemyass` is a tool for wiping access log when you really wanna hide yourself from admin.\nWe're modifying those systemlogs very carefully by removing one single log record \ninstead of the whole log file. Also, the file permission, owner/group and ctime/atime \nare kept as the old file.\n\n# Usage\n\n```text\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n轻轻地我走了     正如给我轻轻地来                  \n        我轻轻地挥手     作别西边的云彩            \n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\nUsage: ./hidemyass [ENTRIES] [FILTERS] ACTIONS        \nENTRIES:                                \n  -u, --utmp=utmp_file                \n      specify the path to utmp file, which is /var/run/utmp by default \n      utmp file is read by 'who','w' and other commands \n  -w, --wtmp=wtmp_file                \n      specify the path to wtmp file, which is /var/log/wtmp by default \n      wtmp is read by 'last' and other commands\n  -b, --btmp=btmp_file                \n      specify the path to btmp file, which is /var/log/btmp by default \n      btmp is read by 'lastb' and other commands\n      for some systems the bad login attempts are written to \n      /var/log/auth.log or /var/log/secure instead of btmp\n  -l, --lastlog=lastlog_file          \n      specify the path to lastlog file, which is /var/log/lastlog by default \n      lastlog is read by 'lastlog' and other commands\n      note the only valid FILTERS for lastlog is username(-n)\nFILTERS:                                \n  -n, --name=username                   \n      filter log record by username \n  -a, --address=host                    \n      filter log record by host ip address  \n  -t, --time=time                       \n      filter log record by time (YYYY:MM:DD:HH:MM:SS) \nACTIONS: \n  -p, --print                           \n      print records for specified ENTRIES \n  -c, --confirm                           \n      confirm the action(s) that clear or tamper records for specified ENTRIES with FILTERS\n      usually you need permission doing this \n  -h, --help                            \n      show this message and exit\n```\n\n# Examples\n\nprint utmp records:\n\n`./hidemyass -u -p`\n\nprint utmp records in another path\n\n`./hidemyass --utmp=/var/adm/utmpx -p`\n\nprint all records\n\n`./hidemyass -uwbl -p`\n\nmodify lastlog record for user root to time 2017/04/01 13:26:00\n\n`[sudo] ./hidemyass -l -n root -t 2017:04:01:13:26:00 -c`\n\nclean all tmpx records that from ip 220.181.57.217:\n\n`[sudo] ./hidemyass -uwb -a 220.181.57.217 -c`\n\n\n# TODO\n\n## some other logs to clean\n\n- /var/log/auth.log\n- /var/log/secure\n- /var/log/faillog\n- /var/log/maillog\n\nSince you could modify system log, that usually means you have already got\nprivilege escalation. As a result, you may want to clear other logs too, \nsuch as `/var/log/kern.log`, `/var/log/syslog`, `/var/log/dmesg`, `/var/log/messages` and some \napplication crash logs.\n\nFor all log locations, please check about your `rsyslogd`'s config (usually in `/etc/rsyslog.conf`).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fevilpan%2Fhidemyass","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fevilpan%2Fhidemyass","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fevilpan%2Fhidemyass/lists"}