moonwalk is a 400 KB single-binary executable that can clear your traces while penetration testing a Unix machine. It saves the state of system logs pre-exploitation and reverts that state including the filesystem timestamps post-exploitation leaving zero traces of a ghost in the shell.
curl fetch to your target machine.moonwalk finds a world-writable path and saves the session under a dot directory which is removed upon ending the session.moonwalk reverts it back to how it was including the invocation of moonwalk.GET command.$ curl -L https://github.com/mufeedvh/moonwalk/releases/download/v1.0.0/moonwalk_linux -o moonwalk
(AMD x86-64)
OR
Download the executable from Releases OR Install with cargo:
Prerequisites
$ git clone https://github.com/mufeedvh/moonwalk.git
$ cd moonwalk/
$ cargo build –release
The first command clones this repository into your local machine and the last two commands enters the directory and builds the source in release mode.
Once you get a shell into the target Unix machine, start a moonwalk session by running this command:
$ moonwalk start
While you’re doing recon/exploitation and messing with any files, get the touch timestamp command of a file beforehand to revert it back after you’ve accessed/modified it:
$ moonwalk get ~/.bash_history
Post-exploitation, clear your traces and close the session with this command:
$ moonwalk finish
CPUMicrocodes is a comprehensive repository of microcodes for Intel, AMD, VIA, and Freescale CPUs. Microcode…
Tweet-Machine is an Open-Source Intelligence (OSINT) tool designed to retrieve deleted tweets and replies from…
On March 4, 2025, a group claiming to be the notorious threat actor BianLian began…
Blindsight is a red teaming tool designed to dump LSASS (Local Security Authority Subsystem Service)…
Hiphp, developed by Yasserbdj96, is an open-source tool designed to create a backdoor for controlling…
PowerShell-Hunter is a robust collection of PowerShell-based tools designed to aid security analysts in detecting…