Tool Cleanup

July 25, 2017

This page is a work in progress cheatsheet for the various locations that tools store sensitive data in case, you know, you ever want to get rid of that stuff.

shred is viable for single-file removal, but if you’re talking about directories, it’s worth looking at srm with the -r switch, included with the secure-delete package.

Empire

# Zip up your downloads and agent logs
zip -r ~/empire.zip /opt/empire-git/downloads

# Remove downloads and agent logs
srm -r /opt/empire-git/downloads/*

# Crush Empire database
srm /opt/empire-git/data/empire.db

# Regenerate Empire database
sudo /opt/empire-git/setup/reset.sh

Responder

# Zip up your logs
zip -r ~/responder.zip /opt/responder-git/logs

# Remove logs
srm -r /opt/responder-git/logs/*

# Zip up database
zip ~/responderdb.zip /opt/responder-git/Responder.db

# Remove database
srm /opt/responder-git/Responder.db

CrackMapExec

# Zip up CME database
zip ~/cmedb.zip ~/.cme/cme.db

# Remove database
srm ~/.cme/cme.db

Nessus

# After deleting all scans (not sure if that's a prerequisite), reset Nessus.
sudo service nessusd stop
sudo /opt/nessus/sbin/nessuscli fix --reset
sudo service nessusd start

Environment

# Purge backups
srm ~/*.zip

# Wipe Bash history
history -c && history -w