Add payloads and changed root os detection

[Virgula0]

Hello, and thanks for the great idea.

I used the project utility and found some basic misses in log discovery.
From there I thought to add a P.R just for adding some payload but then I realized that just running go run main.go (whether for debugging or functional purposes) didn't work, and honestly I don't know how you tested it previously on various OSes.

Anyway, let's start from the basics.

This P.R:

1. Adds OS detection at runtime so that go run main.go will work

To achieve this, the following were changed:

• The basic os.DirFS("") was replaced with the usage of the base root directory which is assigned based on Windows or Linux is detected https://github.com/sundowndev/covermyass/compare/master...Virgula0:add-payloads-and-general-improvements?expand=1#diff-13fffd4d5cbaea0cfaedc2cb42d011d60d32c9fde001fd83d7bf172cd049488eL23

and https://github.com/sundowndev/covermyass/compare/master...Virgula0:add-payloads-and-general-improvements?expand=1#diff-0df82f8689d3e8d881be0653ab4e9f8221c5835ec95a14930d11669e9c7f07efR10

• The file utils.go has been moved from analysis to utils package avoiding cycle imports

• The finder.go was adapted to the new rooting choice changes https://github.com/sundowndev/covermyass/compare/master...Virgula0:add-payloads-and-general-improvements?expand=1#diff-9a179846f376428fa85acbc4b912ade4773da4fdc3343574e7ccb44e26068600L49

From now on you can use utils.CurrentOS() eventually to make checks on the current OS.

2. The file shell_history_check.go was changed by adding the following

• Some real Windows payloads have been added to the list
• The previous checks for Linux logs were too poor, in fact, before the change, only the user directory was checked for finding bash history logs etc... The code has changed so now all users present in /home/*/.bash_history will be checked. The same reasoning for the /root directory too.

3. Other payloads

• It is frequent to find logs within the subdirectory folders of apache e.g. /var/log/apache2/server_name/access.log especially when using vhosts https://github.com/sundowndev/covermyass/compare/master...Virgula0:add-payloads-and-general-improvements?expand=1#diff-3e037cd0d52d04743d05a753d3922c7d39d3adb886189f55c830d3bcabd10f2bL18

• Other MySQL logs added https://github.com/sundowndev/covermyass/compare/master...Virgula0:add-payloads-and-general-improvements?expand=1#diff-46987848fff18512def3f358dc982ae2eadf720cc54054005bf94c4857695b06L18

• NGNIX subdir cb21902

Results:

Windows

time="2025-06-07T22:19:07+02:00" level=debug msg="Build info" go_version=go1.23.4 is_release=false version=dev-dev
Loaded known log files for windows
Scanning file system...

Found the following files
\Users\virgula\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt (30.1 kB, -rw-rw-rw-)
\Users\virgula\.node_repl_history (5 B, -rw-rw-rw-)
\Users\virgula\.bash_history (11.1 kB, -rw-rw-rw-)

Summary
Found 3 files (3 read-write, 0 read-only) in 1ms

Linux

DEBU[0000] Build info                                    go_version=go1.22.0 is_release=false version=dev-dev
Loaded known log files for linux
Scanning file system...

Found the following files
/home/test/.bash_history (48 B, -rw-------)
/home/user1/.bash_history (0 B, -rw-r--r--)
/var/log/apache2/access.log (11 B, Lrwxrwxrwx)
/var/log/apache2/test.site/access.log (408 B, -rw-r--r--)
/var/log/apache2/test.site/error.log (0 B, -rw-r--r--)
/var/log/btmp (0 B, -rw-rw----)
/var/log/wtmp (0 B, -rw-rw-r--)
/var/log/faillog (0 B, -rw-r--r--)
/var/log/lastlog (0 B, -rw-rw-r--)

Summary
Found 9 files (9 read-write, 0 read-only) in 1ms

Hope that it helps, regards

[sundowndev]

Hi @Virgula0 and thanks for the efforts put into this PR.

To give you some context, this project was abandoned because of lack of time and being more focused on my full time job. If you're motivated enough to make it living and working again, I'm happy to review your changes and publish new releases.

The code base is currently unstable and can totally be changed to something more future-proof.

I'll come back later to give some feedback on this one.

Cheers 🍻

[Virgula0]

Hi @Virgula0 and thanks for the efforts put into this PR.

To give you some context, this project was abandoned because of lack of time and being more focused on my full time job. If you're motivated enough to make it living and working again, I'm happy to review your changes and publish new releases.

The code base is currently unstable and can totally be changed to something more future-proof.

I'll come back later to give some feedback on this one.

Cheers 🍻

I mean, the project aside from needing more structured payloads works fine in my opinion, and even the code style seems to be well structured and self-explanatory. I don't like to omit files by excluding them from the building process because of the target OS, but it is just my opinion. I could suggest some improvements from time to time but the base of the project is already pretty solid. Also, the fact of getting a job and not having any energy or time for maintaining open source projects is absolutely normal and this project it's not an exception. As said, I could open some PR on some problems but, apart from a few adjustments which should not require too much effort, the time is the same for everyone 🙂

[sundowndev]

@Virgula0 To be honest I've not run it in a while so I don't really know what's working and what's not. Of course I don't expect you to work on it as a maintainer but feel free to submit change requests like this one.

I don't like to omit files by excluding them from the building process because of the target OS, but it is just my opinion.

I can understand that but I think this is very project specific. In this case, the use case differs from one OS to another as software, file system and log patterns can be completely different between Linux and Windows for example.

[Virgula0]

Hi @sundowndev,any update about this?

[sundowndev]

@Virgula0 sorry I'm in holidays, I'll take a look asap!