gokill
gokill is designed for activists, journalists, and individuals who require robust protection for their data, ensuring it remains inaccessible under any circumstances. It belongs to the category of anti-forensic tools, providing a means to safeguard against potential repression. gokill is a software dead man's switch that empowers users to configure various events. If these events occur, they trigger predefined actions. It is specifically crafted for worst-case scenarios, such as when intruders gain physical access to a device. In these intense situations, gokill automatically performs tasks to enhance your security:
- locking the screen
- sending chat messages
- deleting data
- encrypting partitions
- destroying encrypted partitions
- ect
usage
# Clone the gokill repository
git clone https://github.com/k4lipso/gokill
cd gokill
# Build gokill
go build github.com/k4lipso/gokill
# Create a config.json and run gokill
./gokill -c config.json
Config Example
gokill is configured using a json file. it consists of a list of triggers, where each of the triggers as a list of actions that will be executed once triggered.
[ //list of triggers
{
"type": "UsbDisconnect", //triggers when the given device is disconnected
"name": "First Trigger",
"options": {
"deviceId": "ata-Samsung_SSD_860_EVO_1TB_S4AALKWJDI102",
"waitTillConnected": true //only trigger when usb drive was actually attached before
}
"actions": [ //list of actions that will be executed when triggered
{
"name": "unixCommand",
"options": {
"command": "shutdown -h now"
},
"stage": 2 // defines the order in which actions are triggered.
},
{
"type": "sendMail",
"options": {
"smtpserver": "domain.org",
"port": 667,
"recipients": [ "mail1@host.org", "mail2@host.org" ],
"message": "kill switch was triggered",
"attachments": [ "/path/atachments" ],
"pubkeys": "/path/to/keys.pub"
},
"stage": 1 //this event is triggered first, then the shutdown
},
]
},
{
"type": "EthernetDisconnect",
"name": "Second Trigger",
"options": {
"interfaceName": "eth0",
}
"actions": [
{
"name": "unixCommand",
"options": {
"command": "env DISPLAY=:0 sudo su -c i3lock someUser" //example of locking someUser's screen as root
}
}
]
}
]
nix support
gokill enjoys full nix support. gokill exposes a nix flakes that outputs a gokill package, a nixosModule and more. That means you can super easily incorporate gokill into your existing nixosConfigurations. Here is a small example config:
{
services.gokill.enable = true;
services.gokill.triggers = [
{
type = "EthernetDisconnect";
name = "MainTrigger";
options = {
interfaceName = "eth1";
};
actions = [
{
type = "Command";
options = {
command = "echo hello world";
};
stage = 1;
}
];
}
];
}
This will automatically configure and enable a systemd running gokill as root user in the background
--
the tasks gokill executes could be done by hand using shellscripts, cronjobs, daemons ect. but that means everyone needs to figure it out for themselves, and eventually make mistakes. the idea of gokill is to provide a wide variarity of possibilities out of the box while making sure they are well tested and relatively easy to setup.
actions and triggers should be easy to extend and handled like plugins. they also should be self documenting. every action and trigger should be testable at anytime as a 'dry-run'. actions can have a 'stage' defined. the lowest stage is started first, and only when all actions on that stage are finished next stage is triggered
gokill should run as daemon. config should be read from /etc/somename/config.json
todos
- export snap
- export ppa
actions
- shutdown
- wipe ram
send mail- send chat message
- telegram
- matrix
- delete data
- shred area
- run command
- wordpress post
- ipfs command
- buskill 'triggers'
- lock-screen
- shutdown
- luks header shredder
- veracrypt self-destruct
triggers
- no internet
- pull usb stick
- ethernet unplugged
- receive specific chat message
- telegram
- matrix
- power adapter disconnected
- unix command
- anyOf
- trigger wrapper containing many triggers and fires as soon as one of them is triggered
- allOf
- ipfs trigger