{"id":13845087,"url":"https://github.com/JMousqueton/Badware","last_synced_at":"2025-07-12T01:31:37.687Z","repository":{"id":81453871,"uuid":"383880612","full_name":"JMousqueton/Badware","owner":"JMousqueton","description":"Ransomware for demonstration ","archived":false,"fork":false,"pushed_at":"2023-02-28T15:04:07.000Z","size":196,"stargazers_count":15,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-24T18:51:01.573Z","etag":null,"topics":["csirt","demo","malware","powershell","ransomware","redteam"],"latest_commit_sha":null,"homepage":"","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JMousqueton.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2021-07-07T17:46:25.000Z","updated_at":"2024-11-18T06:36:44.000Z","dependencies_parsed_at":null,"dependency_job_id":"dce2c55a-5a5f-4a66-926e-919c3e9ebc95","html_url":"https://github.com/JMousqueton/Badware","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/JMousqueton/Badware","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JMousqueton%2FBadware","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JMousqueton%2FBadware/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JMousqueton%2FBadware/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JMousqueton%2FBadware/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JMousqueton","download_url":"https://codeload.github.com/JMousqueton/Badware/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JMousqueton%2FBadware/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264923080,"owners_count":23683716,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["csirt","demo","malware","powershell","ransomware","redteam"],"created_at":"2024-08-04T17:03:10.207Z","updated_at":"2025-07-12T01:31:37.257Z","avatar_url":"https://github.com/JMousqueton.png","language":"PowerShell","funding_links":[],"categories":["PowerShell"],"sub_categories":[],"readme":"# Welcome to BADWARE 👋\n\n![Version](https://img.shields.io/badge/version-3.0-blue.svg?cacheSeconds=2592000)\n[![License: Apache 2.0](https://img.shields.io/badge/License-Apache%202.0-yellow.svg)](https://github.com/JMousqueton/Badware/blob/main/LICENSE)\n[![Twitter: JMousqueton](https://img.shields.io/twitter/follow/JMousqueton.svg?style=social)](https://twitter.com/JMousqueton)\n\n\u003e Ransomware Demonstration for Customer Experience Center\n\n## Description\n\nQuick \u0026 Dirty ransomware written in Powershell for the purpose of demonstrations at Customer Experience Center.\n\nThis Powershell ransomware encrypts files using an X.509 public key certificate generated on the host :) \n\nBy Default the ransomware will cenrypt files in the C:\\Data folder and save the X.509 public key certificate which is auto-generated in C:\\YYYY-MM-DD-HHMM folder\n\nThis \"ransomware\" was inspired by [Phirautee](https://github.com/Viralmaniar/Phirautee)\n\n```\n__________    _____  ________     __      __  _____ _____________________\n\\______   \\  /  _  \\ \\______ \\   /  \\    /  \\/  _  \\\\______   \\_   _____/\n|    |  _/ /  /_\\  \\ |    |  \\  \\   \\/\\/   /  /_\\  \\|       _/|    __)_\n|    |   \\/    |    \\|       \\  \\        /    |    \\    |   \\|        \\\n|______  /\\____|__  /_______  /   \\__/\\  /\\____|__  /____|_  /______JM /\n       \\/         \\/        \\/         \\/         \\/       \\/        \\/  2.3\n[+] Let the carnage begin !!!\n[+] Prepating Directory\n[+] Init Certificate ...\n[+] Init Encryption ...\n[!] C:\\Data\\1.txt is now encrypted\n[!] C:\\Data\\2.txt is now encrypted\n[!] C:\\Data\\3.txt is now encrypted\n[!] C:\\Data\\4.txt is now encrypted\n[+] Badware Deployed Successfully...\n[+] Cleaning Encryption key ...\n[+] Intiating UI...\n[+] Creating Badware.txt on Desktop ...\n[+] Clean up the mess ...\n[+] Exiting and waiting for the money\n``` \n\n- [Changelog](https://github.com/JMousqueton/Badware/blob/main/CHANGELOG.md)\n- [Todo](https://github.com/JMousqueton/Badware/blob/main/TODO.md)\n\n## Usage \n\n- Simply modifiy variables at the begining of the script \n\n```\n# Directory Target to crypt \n$TargetEncr = \"C:\\Data\"\n\n# At the end load CPU to triggered some behavior alarm \n$CPULoad = $false\n\n# Delete the script ransomware.ps1 \n$SelfDestroy = $false\n\n# Delete private key after \n$DeleteKey = $true \n\n# UI  \n$delay = 60  # Delay to show the UI \n\n# Define the DN of the certificate \n$CertName = \"DEMO RANSOMWARE\"\n``` \n\n- Execute the script badware.ps1 \n\n## Legal Disclaimer\n\nThis project must not be used for illegal purposes or for hacking into system where you do not have permission, it is strictly for educational purposes.\nPerforming any hack attempts or tests without written permission from the owner of the computer system is illegal.\nBadware project must not be used for illegal purposes. It is strictly for educational purposes. \n\n## Author\n\n👤 **Julien Mousqueton**\n\n* Website: \u003chttps://www.julien.io\u003e\n* Twitter: [@JMousqueton](https://twitter.com/JMousqueton)\n* Github: [@JMousqueton](https://github.com/JMousqueton)\n* LinkedIn: [Julien Mousqueton](https://linkedin.com/in/julienmousqueton)\n\n## 🤝 Contributing\n\nContributions, issues and feature requests are welcome!\n\nFeel free to check [issues page](https://github.com/JMousqueton/Badware/issues).\n\n## Show your support\n\nGive a ⭐️ if this project helped you!\n\n## 📝 License\n\nCopyright © 2021-2023 [Julien Mousqueton](https://github.com/JMousqueton).\n\nThis project is [Apache 2.0](https://github.com/JMousqueton/Badware/blob/main/LICENSE) licensed.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FJMousqueton%2FBadware","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FJMousqueton%2FBadware","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FJMousqueton%2FBadware/lists"}