README
¶
IntegriGuard
A tool for detecting Evil Maid attacks and checking directory integrity
Description:
An Evil Maid attack is a security threat where an attacker gains physical access to a computer, especially its boot partition or bootloader, without the owner's knowledge. The attacker can then compromise the system's integrity by tampering with the boot process, installing malicious software, or stealing encryption keys. This attack is called "Evil Maid" because it often involves a scenario where an attacker gains unauthorized access when the owner leaves their device unattended in a vulnerable environment, like a hotel room. IntegriGuard is a tool that performs file integrity checks. It can hash and securely store file data and later check for any changes or deletions within a specified directory. By hashing files in a directory and it's subdirectories, it can identify any unauthorized changes or corruption in files. This is especially useful for critical system files, configuration files, or sensitive documents.
Features:
-
Hashes all files in a directory and it's subdirectories
-
Encrypts file hashes for storage
-
Checks alteration of files by comparing their hashes with stored encrypted ones
-
Detects evil maid attacks when its run from a trusted Live USB like Tails OS, a user can check integrity of their main system's
/bootpartition
Technical details:
- AES-256-GCM for encryption
- SHA-512 for hashing using 1MB chunks
- PBKDF2 with 600,000 iterations for key derivation
Installation:
Option 1:
Download from releases
Option 2:
Run the following command:
$ go install -v github.com/Nemesis0U/IntegriGuard@latest
Usage:
Options:
./IntegriGuard -h
__ __ __ ______ ______ ______ ______ __ ______ __ __ ______ ______ _____
/\ \ /\ "-.\ \ /\__ _\ /\ ___\ /\ ___\ /\ == \ /\ \ /\ ___\ /\ \/\ \ /\ __ \ /\ == \ /\ __-.
\ \ \ \ \ \-. \ \/_/\ \/ \ \ __\ \ \ \__ \ \ \ __< \ \ \ \ \ \__ \ \ \ \_\ \ \ \ __ \ \ \ __< \ \ \/\ \
\ \_\ \ \_\\"\_\ \ \_\ \ \_____\ \ \_____\ \ \_\ \_\ \ \_\ \ \_____\ \ \_____\ \ \_\ \_\ \ \_\ \_\ \ \____-
\/_/ \/_/ \/_/ \/_/ \/_____/ \/_____/ \/_/ /_/ \/_/ \/_____/ \/_____/ \/_/\/_/ \/_/ /_/ \/____/
Usage of ./IntegriGuard:
-check
Check the integrity of the directory
-dir string
The directory to hash and check for integrity
-password string
Encryption password for hash storage (default "empty")
-verbose
Enable verbose output
Example:
Hashing a directory:
./IntegriGuard -dir Documents/ -password 123456
__ __ __ ______ ______ ______ ______ __ ______ __ __ ______ ______ _____
/\ \ /\ "-.\ \ /\__ _\ /\ ___\ /\ ___\ /\ == \ /\ \ /\ ___\ /\ \/\ \ /\ __ \ /\ == \ /\ __-.
\ \ \ \ \ \-. \ \/_/\ \/ \ \ __\ \ \ \__ \ \ \ __< \ \ \ \ \ \__ \ \ \ \_\ \ \ \ __ \ \ \ __< \ \ \/\ \
\ \_\ \ \_\\"\_\ \ \_\ \ \_____\ \ \_____\ \ \_\ \_\ \ \_\ \ \_____\ \ \_____\ \ \_\ \_\ \ \_\ \_\ \ \____-
\/_/ \/_/ \/_/ \/_/ \/_____/ \/_____/ \/_/ /_/ \/_/ \/_____/ \/_____/ \/_/\/_/ \/_/ /_/ \/____/
[========================================] 559/559
Hashes stored in /home/user/Documents.hashes.enc
Checking integrity of a directory by comparing the hashes with the hashes.enc file:
./IntegriGuard -dir Documents/ -password 123456 -check
__ __ __ ______ ______ ______ ______ __ ______ __ __ ______ ______ _____
/\ \ /\ "-.\ \ /\__ _\ /\ ___\ /\ ___\ /\ == \ /\ \ /\ ___\ /\ \/\ \ /\ __ \ /\ == \ /\ __-.
\ \ \ \ \ \-. \ \/_/\ \/ \ \ __\ \ \ \__ \ \ \ __< \ \ \ \ \ \__ \ \ \ \_\ \ \ \ __ \ \ \ __< \ \ \/\ \
\ \_\ \ \_\\"\_\ \ \_\ \ \_____\ \ \_____\ \ \_\ \_\ \ \_\ \ \_____\ \ \_____\ \ \_\ \_\ \ \_\ \_\ \ \____-
\/_/ \/_/ \/_/ \/_/ \/_____/ \/_____/ \/_/ /_/ \/_/ \/_____/ \/_____/ \/_/\/_/ \/_/ /_/ \/____/
[========================================] 559/559
Integrity check failed for: Customer_Database_Export.pdf
New file detected: test Legal/Contracts/Agreement.txt
Deleted file detected: Research/Security_Analysis/latest.doc
Integrity check failed. Some files are missing or have been modified. ❌
License
Distributed under the MIT License. See LICENSE for more information.
Documentation
¶
There is no documentation for this package.
Source Files