{"id":25284,"date":"2022-06-20T05:05:30","date_gmt":"2022-06-20T05:05:30","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=25284"},"modified":"2022-06-20T05:05:33","modified_gmt":"2022-06-20T05:05:33","slug":"moonwalk","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/moonwalk\/","title":{"rendered":"Moonwalk : Cover Your Tracks During Linux Exploitation By Leaving Zero Traces"},"content":{"rendered":"\n<p><strong>moonwalk<\/strong>&nbsp;is a 400 KB single-binary executable that can clear your traces while penetration testing a&nbsp;<strong>Unix<\/strong>&nbsp;machine. It saves the state of system logs pre-exploitation and reverts that state including the filesystem timestamps post-exploitation leaving zero traces of a&nbsp;<em>ghost in the shell<\/em>.<\/p>\n\n\n\n<h2 class=\"has-text-align-center has-vivid-green-cyan-background-color has-background wp-block-heading\">Features<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Small Executable:<\/strong>&nbsp;Get started quickly with a&nbsp;<code><strong>curl<\/strong><\/code>&nbsp;fetch to your target machine.<\/li><li><strong>Fast:<\/strong>&nbsp;Performs all session commands including logging, trace clearing, and filesystem operations in under 5 milliseconds.<\/li><li><strong>Reconnaissance:<\/strong>&nbsp;To save the state of system logs,&nbsp;<code><strong>moonwalk<\/strong><\/code>&nbsp;finds a world-writable path and saves the session under a dot directory which is removed upon ending the session.<\/li><li><strong>Shell History:<\/strong>&nbsp;Instead of clearing the whole history file,&nbsp;<code><strong>moonwalk<\/strong><\/code>&nbsp;reverts it back to how it was including the invocation of&nbsp;<strong><code>moonwalk<\/code>.<\/strong><\/li><li><strong>Filesystem Timestamps:<\/strong>&nbsp;Hide from the Blue Team by reverting the access\/modify timestamps of files back to how it was using the&nbsp;<code><strong>GET<\/strong><\/code>&nbsp;command.<\/li><\/ul>\n\n\n\n<h2 class=\"has-text-align-center has-vivid-green-cyan-background-color has-background wp-block-heading\"><a href=\"https:\/\/github.com\/mufeedvh\/moonwalk#installation\"><\/a>Installation<\/h2>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>$ curl -L https:\/\/github.com\/mufeedvh\/moonwalk\/releases\/download\/v1.0.0\/moonwalk_linux -o moonwalk<\/strong><\/p>\n\n\n\n<p>(<code><strong>AMD x86-64<\/strong><\/code>)<\/p>\n\n\n\n<p><strong>OR<\/strong><\/p>\n\n\n\n<p>Download the executable from&nbsp;<strong>Releases<\/strong>&nbsp;OR Install with&nbsp;<code><strong>cargo<\/strong><\/code>:<\/p>\n\n\n\n<h2 class=\"has-light-green-cyan-background-color has-background wp-block-heading\">Build From Source<\/h2>\n\n\n\n<p class=\"has-text-align-center\"><strong>Prerequisites<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Git<\/li><li>Rust<\/li><li>Cargo (Automatically installed when installing Rust)<\/li><li>A C linker (Only for Linux, generally comes pre-installed)<\/li><\/ul>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>$ git clone https:\/\/github.com\/mufeedvh\/moonwalk.git<br>$ cd moonwalk\/<br>$ cargo build &#8211;release<\/strong><\/p>\n\n\n\n<p>The first command clones this repository into your local machine and the last two commands enters the directory and builds the source in release mode.<\/p>\n\n\n\n<h2 class=\"has-text-align-center has-vivid-green-cyan-background-color has-background wp-block-heading\"><a href=\"https:\/\/github.com\/mufeedvh\/moonwalk#usage\"><\/a>Usage<\/h2>\n\n\n\n<p>Once you get a shell into the target Unix machine, start a moonwalk session by running this command:<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>$ moonwalk start<\/strong><\/p>\n\n\n\n<p>While you&#8217;re doing recon\/exploitation and messing with any files, get the&nbsp;<code><strong>touch<\/strong><\/code>&nbsp;timestamp command of a file beforehand to revert it back after you&#8217;ve accessed\/modified it:<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>$ moonwalk get ~\/.bash_history<\/strong><\/p>\n\n\n\n<p>Post-exploitation, clear your traces and close the session with this command:<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>$ moonwalk finish<\/strong><\/p>\n\n\n\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-16018d1d wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link has-vivid-cyan-blue-background-color has-background\" href=\"https:\/\/github.com\/mufeedvh\/moonwalk\"><strong>Download<\/strong><\/a><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>moonwalk&nbsp;is a 400 KB single-binary executable that can clear your traces while penetration testing a&nbsp;Unix&nbsp;machine. It saves the state of system logs pre-exploitation and reverts that state including the filesystem timestamps post-exploitation leaving zero traces of a&nbsp;ghost in the shell. Features Small Executable:&nbsp;Get started quickly with a&nbsp;curl&nbsp;fetch to your target machine. Fast:&nbsp;Performs all session commands [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":25304,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjk6r1mcC_RbcLoOs99T3Y3jgvBLWGSTuWxCBxy6icMhyqprdPLOoKMVkVXo7OmwhenOkZNY1KYyEyXe6loFF9E32gwWr0r7SGhVoXFDLVNfvqxgpptfyX6MWwYZ7PcZ6kyhIs8tGzaDKiILIJ9fC7WkVpRmnQmRjjn0ViRkHfneMYvlzhSMUVliVmW\/s559\/moonwalk%20(1).png","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[1904,5294,5295,5296],"class_list":["post-25284","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kali","tag-linux-exploitation","tag-moonwalk","tag-tracks","tag-zero-traces"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Moonwalk : Cover Your Tracks During Linux Exploitation<\/title>\n<meta name=\"description\" content=\"moonwalk\u00a0is a 400 KB single-binary executable that can clear your traces while penetration testing a\u00a0Unix\u00a0machine.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/moonwalk\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Moonwalk : Cover Your Tracks During Linux Exploitation\" \/>\n<meta property=\"og:description\" content=\"moonwalk\u00a0is a 400 KB single-binary executable that can clear your traces while penetration testing a\u00a0Unix\u00a0machine.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/moonwalk\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2022-06-20T05:05:30+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-06-20T05:05:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjk6r1mcC_RbcLoOs99T3Y3jgvBLWGSTuWxCBxy6icMhyqprdPLOoKMVkVXo7OmwhenOkZNY1KYyEyXe6loFF9E32gwWr0r7SGhVoXFDLVNfvqxgpptfyX6MWwYZ7PcZ6kyhIs8tGzaDKiILIJ9fC7WkVpRmnQmRjjn0ViRkHfneMYvlzhSMUVliVmW\/s559\/moonwalk%20(1).png\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjk6r1mcC_RbcLoOs99T3Y3jgvBLWGSTuWxCBxy6icMhyqprdPLOoKMVkVXo7OmwhenOkZNY1KYyEyXe6loFF9E32gwWr0r7SGhVoXFDLVNfvqxgpptfyX6MWwYZ7PcZ6kyhIs8tGzaDKiILIJ9fC7WkVpRmnQmRjjn0ViRkHfneMYvlzhSMUVliVmW\/s559\/moonwalk%20(1).png\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/moonwalk\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/moonwalk\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"Moonwalk : Cover Your Tracks During Linux Exploitation By Leaving Zero Traces\",\"datePublished\":\"2022-06-20T05:05:30+00:00\",\"dateModified\":\"2022-06-20T05:05:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/moonwalk\/\"},\"wordCount\":326,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/moonwalk\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjk6r1mcC_RbcLoOs99T3Y3jgvBLWGSTuWxCBxy6icMhyqprdPLOoKMVkVXo7OmwhenOkZNY1KYyEyXe6loFF9E32gwWr0r7SGhVoXFDLVNfvqxgpptfyX6MWwYZ7PcZ6kyhIs8tGzaDKiILIJ9fC7WkVpRmnQmRjjn0ViRkHfneMYvlzhSMUVliVmW\/s559\/moonwalk%20(1).png\",\"keywords\":[\"linux exploitation\",\"Moonwalk\",\"Tracks\",\"Zero Traces\"],\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/moonwalk\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/moonwalk\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/moonwalk\/\",\"name\":\"Moonwalk : Cover Your Tracks During Linux Exploitation\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/moonwalk\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/moonwalk\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjk6r1mcC_RbcLoOs99T3Y3jgvBLWGSTuWxCBxy6icMhyqprdPLOoKMVkVXo7OmwhenOkZNY1KYyEyXe6loFF9E32gwWr0r7SGhVoXFDLVNfvqxgpptfyX6MWwYZ7PcZ6kyhIs8tGzaDKiILIJ9fC7WkVpRmnQmRjjn0ViRkHfneMYvlzhSMUVliVmW\/s559\/moonwalk%20(1).png\",\"datePublished\":\"2022-06-20T05:05:30+00:00\",\"dateModified\":\"2022-06-20T05:05:33+00:00\",\"description\":\"moonwalk\u00a0is a 400 KB single-binary executable that can clear your traces while penetration testing a\u00a0Unix\u00a0machine.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/moonwalk\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/moonwalk\/#primaryimage\",\"url\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjk6r1mcC_RbcLoOs99T3Y3jgvBLWGSTuWxCBxy6icMhyqprdPLOoKMVkVXo7OmwhenOkZNY1KYyEyXe6loFF9E32gwWr0r7SGhVoXFDLVNfvqxgpptfyX6MWwYZ7PcZ6kyhIs8tGzaDKiILIJ9fC7WkVpRmnQmRjjn0ViRkHfneMYvlzhSMUVliVmW\/s559\/moonwalk%20(1).png\",\"contentUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjk6r1mcC_RbcLoOs99T3Y3jgvBLWGSTuWxCBxy6icMhyqprdPLOoKMVkVXo7OmwhenOkZNY1KYyEyXe6loFF9E32gwWr0r7SGhVoXFDLVNfvqxgpptfyX6MWwYZ7PcZ6kyhIs8tGzaDKiILIJ9fC7WkVpRmnQmRjjn0ViRkHfneMYvlzhSMUVliVmW\/s559\/moonwalk%20(1).png\",\"width\":\"559\",\"height\":\"380\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Moonwalk : Cover Your Tracks During Linux Exploitation","description":"moonwalk\u00a0is a 400 KB single-binary executable that can clear your traces while penetration testing a\u00a0Unix\u00a0machine.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/moonwalk\/","og_locale":"en_US","og_type":"article","og_title":"Moonwalk : Cover Your Tracks During Linux Exploitation","og_description":"moonwalk\u00a0is a 400 KB single-binary executable that can clear your traces while penetration testing a\u00a0Unix\u00a0machine.","og_url":"https:\/\/kalilinuxtutorials.com\/moonwalk\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2022-06-20T05:05:30+00:00","article_modified_time":"2022-06-20T05:05:33+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjk6r1mcC_RbcLoOs99T3Y3jgvBLWGSTuWxCBxy6icMhyqprdPLOoKMVkVXo7OmwhenOkZNY1KYyEyXe6loFF9E32gwWr0r7SGhVoXFDLVNfvqxgpptfyX6MWwYZ7PcZ6kyhIs8tGzaDKiILIJ9fC7WkVpRmnQmRjjn0ViRkHfneMYvlzhSMUVliVmW\/s559\/moonwalk%20(1).png","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjk6r1mcC_RbcLoOs99T3Y3jgvBLWGSTuWxCBxy6icMhyqprdPLOoKMVkVXo7OmwhenOkZNY1KYyEyXe6loFF9E32gwWr0r7SGhVoXFDLVNfvqxgpptfyX6MWwYZ7PcZ6kyhIs8tGzaDKiILIJ9fC7WkVpRmnQmRjjn0ViRkHfneMYvlzhSMUVliVmW\/s559\/moonwalk%20(1).png","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/moonwalk\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/moonwalk\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"Moonwalk : Cover Your Tracks During Linux Exploitation By Leaving Zero Traces","datePublished":"2022-06-20T05:05:30+00:00","dateModified":"2022-06-20T05:05:33+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/moonwalk\/"},"wordCount":326,"commentCount":0,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/moonwalk\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjk6r1mcC_RbcLoOs99T3Y3jgvBLWGSTuWxCBxy6icMhyqprdPLOoKMVkVXo7OmwhenOkZNY1KYyEyXe6loFF9E32gwWr0r7SGhVoXFDLVNfvqxgpptfyX6MWwYZ7PcZ6kyhIs8tGzaDKiILIJ9fC7WkVpRmnQmRjjn0ViRkHfneMYvlzhSMUVliVmW\/s559\/moonwalk%20(1).png","keywords":["linux exploitation","Moonwalk","Tracks","Zero Traces"],"articleSection":["Kali Linux"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kalilinuxtutorials.com\/moonwalk\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/moonwalk\/","url":"https:\/\/kalilinuxtutorials.com\/moonwalk\/","name":"Moonwalk : Cover Your Tracks During Linux Exploitation","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/moonwalk\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/moonwalk\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjk6r1mcC_RbcLoOs99T3Y3jgvBLWGSTuWxCBxy6icMhyqprdPLOoKMVkVXo7OmwhenOkZNY1KYyEyXe6loFF9E32gwWr0r7SGhVoXFDLVNfvqxgpptfyX6MWwYZ7PcZ6kyhIs8tGzaDKiILIJ9fC7WkVpRmnQmRjjn0ViRkHfneMYvlzhSMUVliVmW\/s559\/moonwalk%20(1).png","datePublished":"2022-06-20T05:05:30+00:00","dateModified":"2022-06-20T05:05:33+00:00","description":"moonwalk\u00a0is a 400 KB single-binary executable that can clear your traces while penetration testing a\u00a0Unix\u00a0machine.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/moonwalk\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/moonwalk\/#primaryimage","url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjk6r1mcC_RbcLoOs99T3Y3jgvBLWGSTuWxCBxy6icMhyqprdPLOoKMVkVXo7OmwhenOkZNY1KYyEyXe6loFF9E32gwWr0r7SGhVoXFDLVNfvqxgpptfyX6MWwYZ7PcZ6kyhIs8tGzaDKiILIJ9fC7WkVpRmnQmRjjn0ViRkHfneMYvlzhSMUVliVmW\/s559\/moonwalk%20(1).png","contentUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjk6r1mcC_RbcLoOs99T3Y3jgvBLWGSTuWxCBxy6icMhyqprdPLOoKMVkVXo7OmwhenOkZNY1KYyEyXe6loFF9E32gwWr0r7SGhVoXFDLVNfvqxgpptfyX6MWwYZ7PcZ6kyhIs8tGzaDKiILIJ9fC7WkVpRmnQmRjjn0ViRkHfneMYvlzhSMUVliVmW\/s559\/moonwalk%20(1).png","width":"559","height":"380"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjk6r1mcC_RbcLoOs99T3Y3jgvBLWGSTuWxCBxy6icMhyqprdPLOoKMVkVXo7OmwhenOkZNY1KYyEyXe6loFF9E32gwWr0r7SGhVoXFDLVNfvqxgpptfyX6MWwYZ7PcZ6kyhIs8tGzaDKiILIJ9fC7WkVpRmnQmRjjn0ViRkHfneMYvlzhSMUVliVmW\/s559\/moonwalk%20(1).png","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":35743,"url":"https:\/\/kalilinuxtutorials.com\/wicked-panda-apt-adversary-simulation\/","url_meta":{"origin":25284,"position":0},"title":"Wicked Panda APT Adversary Simulation","author":"Varshini","date":"January 24, 2025","format":false,"excerpt":"This is a simulation of attack by the Wicked Panda group (APT-41) targeting U.S. state government networks the attack campaign was active between May 2021 and February 2022, in addition to attacks targeting Taiwanese media, the attack chain starts with the in-memory execution of MoonWalk backdoor. Once the MoonWalk backdoor\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Wicked-Panda-APT-Adversary-Simulation.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Wicked-Panda-APT-Adversary-Simulation.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Wicked-Panda-APT-Adversary-Simulation.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Wicked-Panda-APT-Adversary-Simulation.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Wicked-Panda-APT-Adversary-Simulation.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Wicked-Panda-APT-Adversary-Simulation.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":5492,"url":"https:\/\/kalilinuxtutorials.com\/redghost-linux-post-exploitation\/","url_meta":{"origin":25284,"position":1},"title":"RedGhost : Linux Post Exploitation Framework Designed To Assist Red Teams","author":"R K","date":"June 26, 2019","format":false,"excerpt":"RedGhost is a Linux post exploitation framework designed to assist red teams in gaining persistence, reconnaissance and leaving no trace. Also Read - BlueGhost : Network Tool Designed To Assist Blue Teams In Banning Attackers From Linux Servers Features Payloads Function to generate various encoded reverse shells in netcat, bash,\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5846,"url":"https:\/\/kalilinuxtutorials.com\/redghost-linux-post-exploitation-framework\/","url_meta":{"origin":25284,"position":2},"title":"RedGhost :  Linux Post Exploitation Framework Designed To Assist Red Teams In Gaining Persistence, Reconnaissance &#038; Leaving No Trace","author":"R K","date":"July 19, 2019","format":false,"excerpt":"RedGhost is a Linux post exploitation framework designed to assist red teams in persistence, reconnaissance, privilege escalation and leaving no trace. Payloads Function to generate various encoded reverse shells in netcat, bash, python, php, ruby, perl SudoInject Function to inject sudo command with wrapper function to run a reverse root\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6034,"url":"https:\/\/kalilinuxtutorials.com\/redghost-linux-post-exploitation-2\/","url_meta":{"origin":25284,"position":3},"title":"RedGhost : Linux Post Exploitation Framework","author":"R K","date":"August 3, 2019","format":false,"excerpt":"RedGhost is the Linux post exploitation framework designed to assist red teams in persistence, reconnaissance, privilege escalation and leaving no trace. Payloads : Function to generate various encoded reverse shells in netcat, bash, python, php, ruby, perl.SudoInject : Function to inject sudo command with wrapper function to run a reverse\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":35699,"url":"https:\/\/kalilinuxtutorials.com\/vermilion\/","url_meta":{"origin":25284,"position":4},"title":"Vermilion : Mastering Linux Post-Exploitation For Red Team Success","author":"Varshini","date":"January 17, 2025","format":false,"excerpt":"Vermilion is a simple and lightweight CLI tool designed for rapid collection, and optional exfiltration of sensitive information from Linux systems.Its primary purpose is to streamline the process of gathering critical data in red teaming scenarios. How It Works Vermilion is a Linux-focused tool designed for efficient information gathering and\u2026","rel":"","context":"In &quot;Post Exploitation&quot;","block_context":{"text":"Post Exploitation","link":"https:\/\/kalilinuxtutorials.com\/category\/pe\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Vermilion-.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Vermilion-.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Vermilion-.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Vermilion-.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Vermilion-.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/Vermilion-.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":26542,"url":"https:\/\/kalilinuxtutorials.com\/mrkaplan\/","url_meta":{"origin":25284,"position":5},"title":"MrKaplan : Tool Aimed To Help Red Teamers To Stay Hidden By Clearing Evidence Of Execution","author":"R K","date":"August 23, 2022","format":false,"excerpt":"MrKaplan is a tool aimed to help red teamers to stay hidden by clearing evidence of execution. It works by saving information such as the time it ran, snapshot of files and associate each evidence to the related user. This tool is inspired by\u00a0MoonWalk, a similar tool for Unix machines.\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhLFcShoRDR33MGQuQ_58RXhcGuls3M4haLRMgC_-E5M998_3HA3Xf0ZUZZSmYDxJ3sNsG7yM-ietYECJYWca-4-4wzqHmT3AOzRDpe3t-IAlq9BxyJfQdubAqbKzvGqHC_hyz3EOW2iwz9-5R4LacB9y00czydpsmfRUvn5ERRAcBcIdj6dv7bUGJy\/s728\/usage%20%281%29.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhLFcShoRDR33MGQuQ_58RXhcGuls3M4haLRMgC_-E5M998_3HA3Xf0ZUZZSmYDxJ3sNsG7yM-ietYECJYWca-4-4wzqHmT3AOzRDpe3t-IAlq9BxyJfQdubAqbKzvGqHC_hyz3EOW2iwz9-5R4LacB9y00czydpsmfRUvn5ERRAcBcIdj6dv7bUGJy\/s728\/usage%20%281%29.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhLFcShoRDR33MGQuQ_58RXhcGuls3M4haLRMgC_-E5M998_3HA3Xf0ZUZZSmYDxJ3sNsG7yM-ietYECJYWca-4-4wzqHmT3AOzRDpe3t-IAlq9BxyJfQdubAqbKzvGqHC_hyz3EOW2iwz9-5R4LacB9y00czydpsmfRUvn5ERRAcBcIdj6dv7bUGJy\/s728\/usage%20%281%29.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhLFcShoRDR33MGQuQ_58RXhcGuls3M4haLRMgC_-E5M998_3HA3Xf0ZUZZSmYDxJ3sNsG7yM-ietYECJYWca-4-4wzqHmT3AOzRDpe3t-IAlq9BxyJfQdubAqbKzvGqHC_hyz3EOW2iwz9-5R4LacB9y00czydpsmfRUvn5ERRAcBcIdj6dv7bUGJy\/s728\/usage%20%281%29.png?resize=700%2C400&ssl=1 2x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/25284","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=25284"}],"version-history":[{"count":12,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/25284\/revisions"}],"predecessor-version":[{"id":25303,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/25284\/revisions\/25303"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/25304"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=25284"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=25284"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=25284"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}