sys-shred is a multi-threaded, forensic-grade Rust library and CLI for the irreversible destruction of sensitive files.
Caution
IRREVERSIBLE DATA DESTRUCTION NOTICE
Data processed by sys-shred is physically overwritten at the hardware level. Please verify your target paths carefully before execution. Once processed, data cannot be recovered by forensic software.
This project is not affiliated with any government or military entity. It is provided for legitimate data sanitization, privacy protection, and compliance purposes. Users are responsible for using this tool legally and ethically. The maintainers discourage any malicious or unauthorized usage and are not liable for any misuse.
- Hardware-Level Sync: Uses
fsyncandsync_allto bypass volatile OS caches and ensure data is written to physical media. - True Streaming Parallelism: A major v1.2.0 upgrade that parallelizes file discovery and destruction, maintaining a constant RAM footprint even when processing millions of files.
- Aggressive Cache Bypassing: Utilizes platform-specific hints (
F_NOCACHEon macOS,posix_fadviseon Linux) to ensure data bypasses the OS page cache for maximum forensic reliability. - SSD Optimization: Supports hardware
TRIMcommands to mitigate wear-leveling artifacts on modern flash storage. - Parallel Performance: Powered by
rayonandpar_bridgefor high-throughput execution.
Important
This is the official repository for sys-shred. Please report bugs and request features via GitHub Issues.
For a detailed list of options, run sys-shred --help.
To perform a standard cryptographic overwrite on a file:
sys-shred target_file.txtVia Cargo (Recommended):
cargo install sys-shredVia AUR (Arch Linux):
yay -S sys-shredOverwrites data using three passes of cryptographically secure random entropy (default).
sys-shred confidential.pdfImplements the US Department of Defense 5220.22-M standard (Pass 1: Zeros, Pass 2: Ones, Pass 3: Random).
sys-shred sensitive_data.bin --method dodThe rigorous 35-pass Gutmann algorithm, designed for older magnetic media.
sys-shred classified_archive.tar.gz --method gutmannDestroy entire directory trees using a highly optimized, lock-free parallel execution engine.
sys-shred ./project_folder --recursiveExclude specific files or directories using wildcard patterns.
sys-shred ./server_logs --recursive --exclude "*.git/*"Preview which files will be targeted without modifying the filesystem.
sys-shred ./directory --recursive --dry-runDispatches hardware-level block deallocation commands (FALLOC_FL_PUNCH_HOLE on Linux, FSCTL_SET_ZERO_DATA on Windows) to handle SSD wear-leveling.
sys-shred ./nvme_drive --method zero --trimGenerate verifiable destruction reports for GDPR/HIPAA compliance.
sys-shred ./financials -r --audit-log ./report.json --audit-format jsonValidates destruction by reading physical blocks back into memory to ensure they were correctly overwritten.
sys-shred ./target --verify- Symlink Protection: Isolates symbolic links, unlinking the reference without traversing or destroying the external target.
- Interactive Prompts: Confirmation prompts help prevent accidental recursive destruction. Use
--forceto bypass.
Copyright (c) 2026 V1lleneuve. Licensed under the MIT License.