{"id":31446671,"url":"https://github.com/evilsocket/nyx","last_synced_at":"2025-10-01T00:48:49.436Z","repository":{"id":306338359,"uuid":"1025738262","full_name":"evilsocket/nyx","owner":"evilsocket","description":"Self-contained script for cleaning forensic traces on Linux, macOS, and Windows.","archived":false,"fork":false,"pushed_at":"2025-07-25T12:47:42.000Z","size":1413,"stargazers_count":110,"open_issues_count":0,"forks_count":4,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-09-18T11:02:09.670Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/evilsocket.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-24T18:07:35.000Z","updated_at":"2025-09-13T18:59:04.000Z","dependencies_parsed_at":"2025-07-25T04:41:43.533Z","dependency_job_id":"a5856f6a-1dda-4f31-a3ba-ae1486451682","html_url":"https://github.com/evilsocket/nyx","commit_stats":null,"previous_names":["evilsocket/nyx"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/evilsocket/nyx","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/evilsocket%2Fnyx","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/evilsocket%2Fnyx/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/evilsocket%2Fnyx/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/evilsocket%2Fnyx/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/evilsocket","download_url":"https://codeload.github.com/evilsocket/nyx/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/evilsocket%2Fnyx/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":277777982,"owners_count":25875397,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-30T02:00:09.208Z","response_time":75,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-10-01T00:48:46.684Z","updated_at":"2025-10-01T00:48:49.424Z","avatar_url":"https://github.com/evilsocket.png","language":"Shell","readme":"# Nyx\n\nNyx (goddess of the night in Greek mythology) is a self-contained script for cleaning forensic traces on Linux, macOS, and Windows.\n\n\u003e **⚠️ DISCLAIMER:** Nyx is **alpha software**.\n\n\u003cdiv align=\"center\"\u003e\n  \u003cimg alt=\"Nyx\" src=\"https://raw.githubusercontent.com/evilsocket/nyx/main/logo.png\" height=\"250\" /\u003e\n  \u003cbr/\u003e\u003cbr/\u003e\n  \u003csmall\u003eJoin the project community on our server!\u003c/small\u003e\n  \u003cbr/\u003e\u003cbr/\u003e\n  \u003ca href=\"https://discord.gg/btZpkp45gQ\" target=\"_blank\" title=\"Join our community!\"\u003e\n    \u003cimg src=\"https://dcbadge.limes.pink/api/server/https://discord.gg/btZpkp45gQ\"/\u003e\n  \u003c/a\u003e  \n\u003c/div\u003e\n\n## Features\n\nThe following table details which artifacts are cleaned by each module:\n\n| OS | Module | Artifacts |\n|---|---|---|\n| **Linux** | `shell` | Shell history files (bash, zsh, python, mysql, redis, mongo, docker, IPython, Ruby IRB, PHP, Perl, Erlang, Lua, Julia, Scala, Haskell, Octave, MATLAB, etc.), command histories, recently used files |\n| **Linux** | `logs` | System logs (auth, syslog, kernel, boot, package managers), web server logs (Apache, Nginx), journald, database logs (MySQL, PostgreSQL, Redis, MongoDB), VPN/proxy logs (OpenVPN, Squid), mail server logs (Postfix, Dovecot), monitoring logs (Elasticsearch, Logstash, Kibana), sysstat |\n| **Linux** | `audit` | Audit logs, search logs, in-kernel audit rules |\n| **Linux** | `temp` | Scripts in temp dirs, hidden files, thumbnail caches, core dumps, crash reports, systemd coredumps, trash |\n| **Linux** | `network` | ARP cache, NetworkManager connections, DHCP leases, database data files (MySQL binary logs, InnoDB logs), VPN configs (OpenVPN, WireGuard), mail server spool files, iptables rules |\n| **Linux** | `user` | Login records, thumbnails, GTK bookmarks, GNOME Tracker, Zeitgeist, editor traces (VS Code, JetBrains), development tools (Git, SVN, Mercurial, Maven, Gradle, npm, pip, Cargo), cloud services (AWS, Google Cloud, Azure, Kubernetes, Terraform), monitoring tools (Prometheus, Grafana), backup tools (Rsync, Restic, Borg, Duplicity), security tools (Metasploit, Nmap, Aircrack-ng, John the Ripper, Hashcat), messaging/chat (IRC, Weechat, Pidgin, Discord, Slack), virtualization (VMware, VirtualBox, QEMU, Vagrant), network analysis (Wireshark, tcpdump, Ettercap), forensic analysis (Autopsy, Volatility, Sleuth Kit, Foremost), remote access (RDP, VNC, TeamViewer, AnyDesk), system monitoring (htop, Nagios, Zabbix), games/entertainment (Steam, Minecraft, Discord), file sharing (Transmission, qBittorrent, Deluge, aMule), multimedia (VLC, Audacity, GIMP, OBS Studio), productivity (LibreOffice, Thunderbird, Evolution, KeePass) |\n| **Linux** | `package` | Package caches and logs (APT, YUM, DNF, Pacman) |\n| **Linux** | `browser` | Firefox (cache, storage, databases), Chrome/Chromium (history, cookies, cache) |\n| **Linux** | `ssh` | SSH known_hosts, connection logs, auth log entries |\n| **Linux** | `container` | Docker logs/config, Podman/K8s overlays, libvirt/QEMU logs |\n| **Linux** | `systemd` | Random seed, live session journals |\n| **Linux** | `print` | CUPS job history and logs |\n| **Linux** | `cicd` | CI/CD tools (Jenkins, GitLab Runner, GitHub Actions, CircleCI, Travis CI) |\n| **Linux** | `idsips` | IDS/IPS logs (Snort, Suricata, OSSEC, Fail2ban, Samhain) |\n| **Linux** | `crypto` | Cryptocurrency wallets and mining configs (Bitcoin, Ethereum, Monero, XMRig, Electrum) |\n| **Linux** | `privacy` | Privacy tools (Tor Browser, Tor config, I2P, ProtonVPN, Mullvad, Tails) |\n| **Linux** | `pentest` | Penetration testing tools (Burp Suite, OWASP ZAP, Cobalt Strike, Empire, BeEF) |\n| **Linux** | `osint` | OSINT tools (Maltego, SpiderFoot, theHarvester, Recon-ng, Shodan) |\n| **Linux** | `iot` | IoT/Smart Home (Home Assistant, Mosquitto MQTT, Node-RED, OpenHAB) |\n| **Linux** | `ml` | ML/AI frameworks (Jupyter, TensorBoard, PyTorch, Keras, MLflow, Weights \u0026 Biases) |\n| **macOS** | `shell` | Shell history files (same as Linux) |\n| **macOS** | `macos` | .DS_Store files, user trash, Spotlight indexes, QuickLook thumbnails, system logs |\n| **macOS** | `audit` | BSM audit trail |\n| **macOS** | `browser` | Safari history and cache |\n| **macOS** | `unified` | Unified logs (10.12+), diagnostics, log archives |\n| **macOS** | `fileevents` | FSEvents, quarantine databases |\n| **macOS** | `usage` | KnowledgeC database, Notification Center, recent items |\n| **Windows** | `events` | Event logs (Security, System, Application, Sysmon, WinRM, PowerShell/Operational, AppLocker, AMSI) |\n| **Windows** | `history` | PowerShell/CMD history, prefetch, jump lists, recent documents, Windows Timeline, Search history, IE/Edge history |\n| **Windows** | `registry` | Registry MRUs, USB history, BAM/DAM, ShellBags, UserAssist, Terminal Server Client, Media Player, Office MRUs |\n| **Windows** | `filesystem` | USN journal, recycle bin, thumbcache, shortcuts, index files, SRUM database, notification history |\n| **Windows** | `temp` | Temp files, DNS cache, shadow copies, WER archives, crash dumps, Cortana history, Office telemetry, OneDrive/Teams logs |\n| **Windows** | `security` | EDR/AV logs (CrowdStrike Falcon, SentinelOne, Carbon Black, McAfee, Symantec), Windows Defender ATP, Firewall logs, WMI activity, BitLocker keys, Group Policy cache, authentication cache, Hyper-V/WSL/Docker logs, FTK Imager artifacts |\n| **Windows** | `advanced` | Certificates, scheduled tasks, services, wireless profiles, VPN connections, Chrome extensions, cryptographic data, TPM logs, Windows Update logs, Push Notifications, Outlook search, WSA logs, Xbox Game Bar |\n\n## Quick Start\n\n### Linux/macOS\n\n```bash\n# Download nyx.sh\nwget https://github.com/evilsocket/nyx/raw/refs/heads/main/nyx.sh\nchmod +x nyx.sh\n\n# Run with dry-run first\nsudo ./nyx.sh --dry-run\n\n# Run all modules\nsudo ./nyx.sh --force\n```\n\n### Windows\n\n```powershell\n# Download nyx.ps1 (run as Administrator)\nInvoke-WebRequest -Uri \"https://github.com/evilsocket/nyx/raw/refs/heads/main/nyx.ps1\" -OutFile \"nyx.ps1\"\n\n# Run with dry-run first\n.\\nyx.ps1 -DryRun\n\n# Run all modules\n.\\nyx.ps1 -Force\n\n# Enable audit logging\n.\\nyx.ps1 -Force -LogFile \"nyx-audit.log\"\n```\n\n## Usage\n\n### Linux/macOS (nyx.sh)\n\n```bash\n# Show help\n./nyx.sh --help\n\n# List available modules\n./nyx.sh --list\n\n# Dry run with verbose output\n./nyx.sh --dry-run --debug\n\n# Clean specific modules\nsudo ./nyx.sh -m shell,logs\n\n# Force run without confirmation\nsudo ./nyx.sh --force\n```\n\n### Windows (nyx.ps1)\n\n```powershell\n# Show help\n.\\nyx.ps1 -Help\n\n# List available modules\n.\\nyx.ps1 -List\n\n# Dry run with verbose output\n.\\nyx.ps1 -DryRun -Debug\n\n# Clean specific modules (case-insensitive)\n.\\nyx.ps1 -Modules EVENTS,TEMP -Force\n\n# Advanced mode with memory hardening\n.\\nyx.ps1 -Advanced -Force\n\n# Enable comprehensive audit logging\n.\\nyx.ps1 -Force -LogFile \"audit.log\" -Debug\n```\n\n## Contributors\n\n\u003ca href=\"https://github.com/evilsocket/nyx/graphs/contributors\"\u003e\n  \u003cimg src=\"https://contrib.rocks/image?repo=evilsocket/nyx\" alt=\"nyx project contributors\" /\u003e\n\u003c/a\u003e\n\n## License\n\n`nyx` is made with ♥ and released under the GPL 3 license.\n\n## Stargazers over time\n\n[![Stargazers over time](https://starchart.cc/evilsocket/nyx.svg)](https://starchart.cc/evilsocket/nyx)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fevilsocket%2Fnyx","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fevilsocket%2Fnyx","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fevilsocket%2Fnyx/lists"}